Lucene search
K

131 matches found

Nuclei
Nuclei
added yesterday13 views

Tandoor Recipes < 1.5.24 - Jinja2 SSTI RCE

Tandoor Recipes 1.5.24 has a Jinja2 SSTI vulnerability that allows command execution via recipe steps. id: CVE-2025-23211 info: name: Tandoor Recipes 1.5.24 - Jinja2 SSTI RCE author: sammiee5311 severity: critical description: | Tandoor Recipes 1.5.24 has a Jinja2 SSTI vulnerability that allows...

9.9CVSS6.1AI score0.03464EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.14 views

CVE-2026-35489

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the POST /api/food/id/shopping/ endpoint reads amount and unit directly from request.data and passes them without validation to ShoppingListEntry.objects.create. Invalid amount...

7.3CVSS5.5AI score0.00224EPSS
Exploits1References1
NVD
NVD
added 2026/04/10 7:16 p.m.6 views

CVE-2026-27460

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.5, a critical Denial of Service DoS vulnerability was in the recipe import functionality. This vulnerability allows an authenticated user to crash the server or make a significantly...

6.5CVSS0.00298EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/10 7:9 p.m.3 views

CVE-2026-27460

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.5, a critical Denial of Service DoS vulnerability was in the recipe import functionality. This vulnerability allows an authenticated user to crash the server or make a significantly...

6.5CVSS5.8AI score0.00298EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/04/10 7:9 p.m.10 views

CVE-2026-27460

The vulnerability (CVE-2026-27460) affects Tandoor Recipes prior to version 2.6.5, in the recipe import functionality. An authenticated user can trigger a Denial of Service by uploading a large ZIP file (ZIP bomb), causing server crash or significant performance degradation. Impact is availabilit...

6.5CVSS5.8AI score0.00298EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/10 7:9 p.m.2 views

CVE-2026-27460 Tandoor Recipes Affected by Denial of Service via Recipe Import

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.5, a critical Denial of Service DoS vulnerability was in the recipe import functionality. This vulnerability allows an authenticated user to crash the server or make a significantly...

6.5CVSS5.8AI score0.00298EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/10 7:9 p.m.4 views

EUVD-2026-21549

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.5, a critical Denial of Service DoS vulnerability was in the recipe import functionality. This vulnerability allows an authenticated user to crash the server or make a significantly...

6.5CVSS5.8AI score0.00298EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/10 7:9 p.m.21 views

CVE-2026-27460 Tandoor Recipes Affected by Denial of Service via Recipe Import

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.5, a critical Denial of Service DoS vulnerability was in the recipe import functionality. This vulnerability allows an authenticated user to crash the server or make a significantly...

6.5CVSS0.00298EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.6 views

PT-2026-32018

Name of the Vulnerable Software and Affected Versions Tandoor Recipes versions prior to 2.6.5 Description Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to version 2.6.5, a Denial of Service DoS issue exists in the recipe import...

6.5CVSS5.8AI score0.00298EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.8 views

Tandoor Recipes 安全漏洞

Tandoor Recipes is an open-source application developed by Tandoor Recipes for managing recipes, planning meals, creating shopping lists, and more. Versions of Tandoor Recipes prior to 2.6.5 contained security vulnerabilities. These vulnerabilities stemmed from defects in the recipe import...

6.5CVSS5.8AI score0.00298EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/04/08 7:34 p.m.7 views

CVE-2026-35488

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, RecipeBookViewSet and RecipeBookEntryViewSet use CustomIsShared as an alternative permission class, but CustomIsShared.hasobjectpermission returns True for all HTTP methods —...

8.1CVSS5.9AI score0.00378EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.5 views

CVE-2026-35046

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, Tandoor Recipes allows authenticated users to inject arbitrary...

5.4CVSS6AI score0.00173EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.5 views

CVE-2026-35045

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the PUT /api/recipe/batchupdate/ endpoint in Tandoor Recipes allows any authenticated user within a Space to modify any recipe in that Space, including recipes marked as private by...

8.1CVSS5.9AI score0.00267EPSS
Exploits1References1
NVD
NVD
added 2026/04/07 4:16 p.m.5 views

CVE-2026-35489

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the POST /api/food/id/shopping/ endpoint reads amount and unit directly from request.data and passes them without validation to ShoppingListEntry.objects.create. Invalid amount...

7.3CVSS0.00224EPSS
Exploits1References2
NVD
NVD
added 2026/04/07 4:16 p.m.3 views

CVE-2026-35488

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, RecipeBookViewSet and RecipeBookEntryViewSet use CustomIsShared as an alternative permission class, but CustomIsShared.hasobjectpermission returns True for all HTTP methods —...

8.1CVSS0.00378EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/07 2:53 p.m.2 views

CVE-2026-35489 Tandoor Recipes — `amount`/`unit` bypass serializer in `food/{id}/shopping/`

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the POST /api/food/id/shopping/ endpoint reads amount and unit directly from request.data and passes them without validation to ShoppingListEntry.objects.create. Invalid amount...

7.3CVSS5.9AI score0.00224EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/07 2:53 p.m.8 views

CVE-2026-35489

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the POST /api/food/id/shopping/ endpoint reads amount and unit directly from request.data and passes them without validation to ShoppingListEntry.objects.create. Invalid amount...

7.3CVSS5.9AI score0.00224EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/04/07 2:53 p.m.8 views

EUVD-2026-19674

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the POST /api/food/id/shopping/ endpoint reads amount and unit directly from request.data and passes them without validation to ShoppingListEntry.objects.create. Invalid amount...

7.3CVSS5.9AI score0.00224EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/07 2:53 p.m.20 views

CVE-2026-35489 Tandoor Recipes — `amount`/`unit` bypass serializer in `food/{id}/shopping/`

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the POST /api/food/id/shopping/ endpoint reads amount and unit directly from request.data and passes them without validation to ShoppingListEntry.objects.create. Invalid amount...

7.3CVSS0.00224EPSS
Exploits1References2
CVE
CVE
added 2026/04/07 2:53 p.m.11 views

CVE-2026-35489

Tandoor Recipes CVE-2026-35489 affects the POST /api/food/{id}/shopping/ endpoint. Before version 2.6.4, the handler reads amount and unit directly from request.data and passes them to ShoppingListEntry.objects.create() without validation, which can cause an unhandled exception (HTTP 500) for non...

7.3CVSS5.9AI score0.00224EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder