Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.9 views

CVE-2026-33148

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the FDC USDA FoodData Central search endpoint constructs an upstream API URL by directly interpolating the user-supplied query parameter into the URL string without...

6.5CVSS5.9AI score0.00467EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/26 7:4 p.m.8 views

EUVD-2026-16311

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the FDC USDA FoodData Central search endpoint constructs an upstream API URL by directly interpolating the user-supplied query parameter into the URL string without...

6.5CVSS5.8AI score0.00467EPSS
Exploits1References1
CVE
CVE
added 2026/03/26 7:4 p.m.11 views

CVE-2026-33148

CVE-2026-33148 affects Tandoor Recipes prior to 2.6.0. The FDC (USDA FoodData Central) search endpoint builds the upstream API URL by directly interpolating the user-supplied query parameter without URL-encoding, allowing an attacker to inject additional URL parameters (e.g., via &). This can ove...

6.5CVSS5.8AI score0.00467EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.6 views

PT-2026-28469

Name of the Vulnerable Software and Affected Versions Tandoor Recipes versions prior to 2.6.0 Description Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Versions prior to 2.6.0 have an issue in the FDC USDA FoodData Central search endpoint whe...

6.5CVSS5.9AI score0.00467EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.10 views

Tandoor Recipes 注入漏洞

Tandoor Recipes is an open-source application designed for managing recipes, planning meals, creating shopping lists, and more. Versions of Tandoor Recipes prior to 2.6.0 had a injection vulnerability. This vulnerability stemmed from the FDC search endpoint, which directly inserted user-provided...

6.5CVSS5.8AI score0.00467EPSS
Exploits1References1
Rows per page
Query Builder