EUVD-2026-16313

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Versions up to and including 2.5.3 set ALLOWEDHOSTS = '' by default, which causes Django to accept any value in the HTTP Host header without validation. The application uses request.buildabsoluteu...

CVE-2026-33149

Tandoor Recipes

CVE-2026-33149 Tandoor Recipes Vulnerable to Host Header Injection

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Versions up to and including 2.5.3 set ALLOWEDHOSTS = '' by default, which causes Django to accept any value in the HTTP Host header without validation. The application uses request.buildabsoluteu...

CVE-2026-33149 Tandoor Recipes Vulnerable to Host Header Injection

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Versions up to and including 2.5.3 set ALLOWEDHOSTS = '' by default, which causes Django to accept any value in the HTTP Host header without validation. The application uses request.buildabsoluteu...

TP-Link, Canva, HikVision vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed a vulnerability in HikVision, as well as 10 in TP-Link, and 19 in Canva. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco 's third-party vulnerability...

CVE-2026-6204

creationtimestamp| type| source ---|---|--- 2026-03-26 18:04:01+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-pr3g-phhr-h8fh 2026-04-13 13:15:33+00:00| published-proof-of-concept| Telegram/Eww91bUMv30vOGGH8yfYO7hUDha4B8YRAtK9kM1Vo3PCM 2026-04-13 15:15:11+00:00| seen|...

CVE-2026-4877

creationtimestamp| type| source ---|---|--- 2026-03-26 17:52:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhy6anxugc22...

CVE-2026-27663

creationtimestamp| type| source ---|---|--- 2026-03-26 17:42:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhy5or3yeh25 2026-03-27 15:20:31+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mi2g7ehr3326 2026-04-02 10:00:00+00:00| seen|...

CVE-2026-26071

creationtimestamp| type| source ---|---|--- 2026-03-26 17:32:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhy54u7dy727...

CVE-2026-28298

creationtimestamp| type| source ---|---|--- 2026-03-26 17:21:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhy4iik56q2z 2026-03-27 03:00:06+00:00| seen| https://www.solarwinds.com/trust-center/security-advisories/CVE-2026-28297...

CVE-2026-23995

creationtimestamp| type| source ---|---|--- 2026-03-26 17:04:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhy3kqmpgv25 2026-03-26 23:01:11+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhypi5cz7r2m 2026-03-26 23:16:19+00:00| seen|...

CVE-2026-23807

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Socio WP Telegram Widget and Join Link wptelegram-widget allows Reflected XSS.This issue affects WP Telegram Widget and Join Link: from n/a through = 2.2.13...

CVE-2026-29933

creationtimestamp| type| source ---|---|--- 2026-03-26 17:01:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhy3elljsx23...

CVE-2026-30162

creationtimestamp| type| source ---|---|--- 2026-03-26 16:59:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhy3bqw6x32o...

Vikunja: Unauthenticated Instance-Wide Data Breach via Link Share Hash Disclosure Chained with Cross-Project Attachment IDOR

Summary Two independently-exploitable authorization flaws in Vikunja can be chained to allow an unauthenticated attacker to download and delete every file attachment across all projects in a Vikunja instance. The ReadAll endpoint for link shares exposes share hashes including admin-level shares t...

GHSA-2PV8-4C52-MF8J Vikunja: Unauthenticated Instance-Wide Data Breach via Link Share Hash Disclosure Chained with Cross-Project Attachment IDOR

Summary Two independently-exploitable authorization flaws in Vikunja can be chained to allow an unauthenticated attacker to download and delete every file attachment across all projects in a Vikunja instance. The ReadAll endpoint for link shares exposes share hashes including admin-level shares t...

EUVD-2025-209047

Reflected Cross Site Scripting XSS vulnerabilities in GDTaller. These vulnerabilities allows an attacker execute JavaScript code in the victim's browser by sending a malicious URL in 'site' parameter in 'applogin.php'...

CVE-2026-33396

creationtimestamp| type| source ---|---|--- 2026-03-26 15:22:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhxvugheqw2s 2026-03-26 22:00:14+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mhym373t2q2c 2026-03-26 23:01:26+00:00| seen|...

CVE-2025-70245

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizardSelectMode...

CVE-2026-32109

Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename .prologue.html and then craft a link to potentially execute arbitrary JavaScript in the victim's context. Note th...