Lucene search
K

4 matches found

Nuclei
Nuclei
added yesterday13 views

Tandoor Recipes < 1.5.24 - Jinja2 SSTI RCE

Tandoor Recipes 1.5.24 has a Jinja2 SSTI vulnerability that allows command execution via recipe steps. id: CVE-2025-23211 info: name: Tandoor Recipes 1.5.24 - Jinja2 SSTI RCE author: sammiee5311 severity: critical description: | Tandoor Recipes 1.5.24 has a Jinja2 SSTI vulnerability that allows...

9.9CVSS6.1AI score0.03464EPSS
Exploits1References4
Rapid7 Blog
Rapid7 Blog
added 2026/03/06 6:28 p.m.19 views

Metasploit Wrap-Up 03/06/2026

Encoder exposed! Some of our releases add new ways in; this one adds new ways to stay in. There are, of course, still new RCE toys in the box Tactical RMM via Jinja2 SSTI and an unauthenticated MajorDoMo exploit. Still, the underlying theme is payloads: more control over how they are packaged and...

9.8CVSS5.6AI score0.06872EPSS
Exploits7
Cvelist
Cvelist
added 2025/01/28 3:24 p.m.23 views

CVE-2025-23211 Tandoor Recipes - SSTI - Remote Code Execution

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the provided Docker Compose file as root. This vulnerability is fixed in 1.5.24...

9.9CVSS0.03464EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/01/28 12:0 a.m.5 views

PT-2025-4850

Name of the Vulnerable Software and Affected Versions: Tandoor Recipes versions prior to 1.5.24 Description: The issue is related to a Jinja2 SSTI vulnerability that allows any user to execute commands on the server, potentially with root privileges in the case of the provided Docker Compose file...

9.9CVSS5.8AI score0.03464EPSS
Exploits1References12
Rows per page
Query Builder