Lucene search
K

21 matches found

RedhatCVE
RedhatCVE
added 2026/02/12 1:4 a.m.9 views

CVE-2025-70297

A stored cross-site scripting XSS vulnerability in the recipe asset upload and media serving component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary web script or HTML via an uploaded SVG file that is served as image/svg+xml and rendered by a victim s browser...

6.1CVSS5.4AI score0.00183EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/12 1:4 a.m.8 views

CVE-2025-70296

A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view...

5.4CVSS5.8AI score0.0023EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/11 12:0 a.m.4 views

CVE-2025-70297

A stored cross-site scripting XSS vulnerability in the recipe asset upload and media serving component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary web script or HTML via an uploaded SVG file that is served as image/svg+xml and rendered by a victim s browser...

5.4AI score0.00183EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-29840

Malicious code in bioql PyPI...

6.2CVSS6.6AI score0.00409EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-37571

Malicious code in bioql PyPI...

9.8CVSS5.8AI score0.01431EPSS
Exploits3References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-31587

Malicious code in bioql PyPI...

9CVSS6.5AI score0.0034EPSS
Exploits2References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-37576

Malicious code in bioql PyPI...

9.8CVSS6.2AI score0.01106EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-29839

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00716EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/09/30 12:45 a.m.14 views

CVE-2025-56795

Mealie 3.0.1 and earlier is vulnerable to Stored Cross-Site Scripting XSS in the recipe creation functionality. Unsanitized user input in the "note" and "text" fields of the "/api/recipes/recipename" endpoint is rendered in the frontend without proper escaping leading to persistent XSS...

9CVSS5.5AI score0.0034EPSS
Exploits2References1
Cvelist
Cvelist
added 2025/09/29 12:0 a.m.8 views

CVE-2025-56795

Mealie 3.0.1 and earlier is vulnerable to Stored Cross-Site Scripting XSS in the recipe creation functionality. Unsanitized user input in the "note" and "text" fields of the "/api/recipes/recipename" endpoint is rendered in the frontend without proper escaping leading to persistent XSS...

0.0034EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2025/05/23 10:18 a.m.7 views

CVE-2024-31991

Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the safescrapehtml function utilizes a user-controlled URL to issue a request to a remote server. Based on the content of the response, it will either parse the content or disregard it. This function, nor those that call it,...

4.1CVSS6.6AI score0.00316EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:39 a.m.12 views

CVE-2024-31993

Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the scrapeimage function will retrieve an image based on a user-provided URL, however the provided URL is not validated to point to an external location and does not have any enforced rate limiting. The response from the...

6.2CVSS6.5AI score0.00409EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:39 a.m.9 views

CVE-2024-31994

Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, an attacker can point the image request to an arbitrarily large file. Mealie will attempt to retrieve this file in whole. If it can be retrieved, it may be stored on the file system in whole leading to possible disk...

6.5CVSS6.5AI score0.00278EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:38 a.m.8 views

CVE-2024-31992

Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the safescrapehtml function utilizes a user-controlled URL to issue a request to a remote server, however these requests are not rate-limited. While there are efforts to prevent DDoS by implementing a timeout on requests, it...

6.5CVSS6.8AI score0.00716EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:5 p.m.10 views

CVE-2022-34625

Mealie1.0.0beta3 was discovered to contain a Server-Side Template Injection vulnerability, which allows attackers to execute arbitrary code via a crafted Jinja2 template...

7.2CVSS8.4AI score0.02186EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:5 p.m.5 views

CVE-2022-34619

A stored cross-site scripting XSS vulnerability in Mealie v0.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Shopping Lists item names text field...

5.4CVSS5.5AI score0.0069EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:5 p.m.3 views

CVE-2022-34613

Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file...

9.8CVSS7.8AI score0.01431EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2024/04/19 9:11 p.m.15 views

CVE-2024-31994 Mealie vulnerable to a DoS in recipe image importer (GHSL-2023-228)

Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, an attacker can point the image request to an arbitrarily large file. Mealie will attempt to retrieve this file in whole. If it can be retrieved, it may be stored on the file system in whole leading to possible disk...

6.5CVSS6.3AI score0.00278EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2022/08/19 2:15 p.m.5 views

CVE-2022-34621

Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference IDOR vulnerability which allows attackers to modify user passwords and other attributes via modification of the userid parameter...

6.5CVSS5.9AI score0.00749EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2022/08/19 2:15 p.m.2 views

CVE-2022-34624

Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to perform a man-in-the-middle attack via a crafted GET request...

5.9CVSS5.9AI score0.00666EPSS
Exploits0References4
Rows per page
Query Builder