11 matches found
CVE-2026-35045
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the PUT /api/recipe/batchupdate/ endpoint in Tandoor Recipes allows any authenticated user within a Space to modify any recipe in that Space, including recipes marked as private by...
EUVD-2026-19388
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the PUT /api/recipe/batchupdate/ endpoint in Tandoor Recipes allows any authenticated user within a Space to modify any recipe in that Space, including recipes marked as private by...
CVE-2026-35045 Tandoor Recipes Affected by Private Recipe Exposure and Unauthorized Modification
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the PUT /api/recipe/batchupdate/ endpoint in Tandoor Recipes allows any authenticated user within a Space to modify any recipe in that Space, including recipes marked as private by...
CVE-2026-35045 Tandoor Recipes Affected by Private Recipe Exposure and Unauthorized Modification
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the PUT /api/recipe/batchupdate/ endpoint in Tandoor Recipes allows any authenticated user within a Space to modify any recipe in that Space, including recipes marked as private by...
CVE-2026-35045
The CVE-2026-35045 vulnerability affects Tandoor Recipes up to version 2.6.3. The PUT /api/recipe/batch_update/ endpoint lets any authenticated user within a Space modify any recipe (including private ones), bypassing object-level checks on PUT /api/recipe/{id}/. This enables forced exposure of p...
PT-2026-30684
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the PUT /api/recipe/batch update/ endpoint in Tandoor Recipes allows any authenticated user within a Space to modify any recipe in that Space, including recipes marked as private b...
CVE-2025-38678
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: reject duplicate device on updates A chain/flowtable update with duplicated devices in the same batch is possible. Unfortunately, netdev event path only removes the first device that is found, leaving...
UBUNTU-CVE-2025-38678
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: reject duplicate device on updates A chain/flowtable update with duplicated devices in the same batch is possible. Unfortunately, netdev event path only removes the first device that is found, leaving...
CVE-2025-38678
The CVE-2025-38678 vulnerability affects the Linux kernel’s netfilter nf_tables: a chain/flowtable update can contain duplicated devices in the same batch, leaving the second (duplicate) device unregistered and its hook not removed. This can occur during batch processing of device updates and is ...
This Week in Spring - March 25th, 2025
Hi, Spring fans! Welcome to another installment of This Week in Spring! This week, I’m in Portland, OR, then I'm off to Austin, TX for the Arc of AI show, and then I'm off to Amsterdam for Voxxed Days Amsterdam! If you're around, be sure to say hi! There's a ton of cool stuff to look at, so witho...
phpcms multiple versions of the background holding shell vulnerability-vulnerability warning-the black bar safety net
Brief description: phpcms multiple versions of the background holding shell vulnerability. Detailed description: url rules with generated static can get the shell. Vulnerability proof: 1, the landing in the background." Extension"—"the URL rule Management"—"Add a rule" ! 2,“URL rule name”must be...