Lucene search
K

470 matches found

Nuclei
Nuclei
added yesterday13 views

Tandoor Recipes < 1.5.24 - Jinja2 SSTI RCE

Tandoor Recipes 1.5.24 has a Jinja2 SSTI vulnerability that allows command execution via recipe steps. id: CVE-2025-23211 info: name: Tandoor Recipes 1.5.24 - Jinja2 SSTI RCE author: sammiee5311 severity: critical description: | Tandoor Recipes 1.5.24 has a Jinja2 SSTI vulnerability that allows...

9.9CVSS6.2AI score0.03464EPSS
Exploits1References4
NVD
NVD
added 2026/06/26 3:16 p.m.9 views

CVE-2026-57663

Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes = 8.2.7 versions...

8.5CVSS0.00211EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:53 p.m.9 views

EUVD-2026-39668

Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes = 8.2.7 versions...

8.5CVSS5.8AI score0.00211EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.36 views

CVE-2026-57663 WordPress Recipe Maker For Your Food Blog from Zip Recipes plugin <= 8.2.7 - SQL Injection vulnerability

Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes = 8.2.7 versions...

8.5CVSS0.00211EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 2:53 p.m.7 views

CVE-2026-57663

Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes = 8.2.7 versions...

8.5CVSS5.8AI score0.00211EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 2:53 p.m.19 views

CVE-2026-57663

CVE-2026-57663 describes a SQL Injection vulnerability in the WordPress plugin Zip Recipes (Recipe Maker For Your Food Blog) versions

8.5CVSS5.8AI score0.00211EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/26 1:26 p.m.287 views

WordPress Recipe Maker For Your Food Blog from Zip Recipes plugin <= 8.2.7 - SQL Injection vulnerability

SQL Injection vulnerability discovered by ParkHyunWoo in WordPress Plugin Recipe Maker For Your Food Blog from Zip Recipes versions = 8.2.7...

8.5CVSS5.8AI score0.00211EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52833

Name of the Vulnerable Software and Affected Versions Recipe Maker For Your Food Blog from Zip Recipes versions prior to 8.2.8 Description A SQL Injection issue exists that allows exploitation at the contributor level. SQL Injection is a technique where an attacker inserts malicious SQL code into...

8.5CVSS5.9AI score0.00211EPSS
Exploits0References3
NVD
NVD
added 2026/06/19 5:16 p.m.13 views

CVE-2017-20278

Joomla Component JoomRecipe 1.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the category parameter. Attackers can send GET requests to the all-recipes endpoint with malicious SQL payloads in the...

8.8CVSS0.00237EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 4:44 p.m.8 views

EUVD-2017-19005

Joomla Component JoomRecipe 1.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the category parameter. Attackers can send GET requests to the all-recipes endpoint with malicious SQL payloads in the...

8.8CVSS6AI score0.00237EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:44 p.m.9 views

CVE-2017-20278

Joomla Component JoomRecipe 1.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the category parameter. Attackers can send GET requests to the all-recipes endpoint with malicious SQL payloads in the...

8.8CVSS6AI score0.00237EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50959

Name of the Vulnerable Software and Affected Versions JoomRecipe version 1.0.3 Description An SQL injection allows unauthenticated attackers to manipulate database queries by injecting SQL code through the category parameter. This is achieved by sending GET requests to the 'all-recipes' endpoint...

8.8CVSS6AI score0.00237EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.14 views

CVE-2026-35489

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the POST /api/food/id/shopping/ endpoint reads amount and unit directly from request.data and passes them without validation to ShoppingListEntry.objects.create. Invalid amount...

7.3CVSS5.5AI score0.00224EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2026/05/30 12:0 a.m.24 views

NICE: A Framework for Declarative and Machine-Checkable Vulnerability Reproduction

Reproducing software vulnerabilities is fundamental to security researchers, open-source maintainers, and educators. Yet, vulnerabilities remain hard to reproduce today, and even when they can be reproduced, recreating a software environment where the vulnerability can be exploited becomes harder...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/25 12:0 a.m.26 views

FuzzPilot: Plateau-Triggered Recipe Validation for Structured Text Fuzzing

FuzzPilot is a controller for AFL++ that moves expensive reasoning out of the mutation hot path. When coverage plateaus, it snapshots the corpus, prepares candidate mutation recipes, evaluates them in short isolated AFL++ micro-campaigns, and promotes only recipes with positive validation reward...

5.8AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2026/05/11 12:0 a.m.11 views

Spring Office Hours Podcast: S5E15 - Upgrading Spring and OSS Security

Join Dan Vega and DaShaun Carter for the latest updates from the Spring Ecosystem. In this episode, Dan and DaShaun tackle two challenges every Spring developer faces: keeping applications up to date and staying ahead of security vulnerabilities in open source dependencies. They explore how AI...

5.8AI score
Exploits0
CVE
CVE
added 2026/05/08 1:25 p.m.17 views

CVE-2026-44334

PraisionAI contains an unauthenticated RCE path in templates/tool_override.py that was not gated after CVE-2026-40287 was fixed. From 4.5.139 up to 4.6.32, tools.py auto-imports were guarded in tool_resolver.py and api/call.py by PRAISONAI_ALLOW_LOCAL_TOOLS, but an additional import sink in prais...

8.4CVSS5.9AI score0.00246EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.8 views

PraisonAI 代码注入漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI from 4.5.139 to 4.6.32 had a code injection vulnerability. This vulnerability stemmed from insufficient protection for automatic tool imports in the tooloverride.py script, allowing...

8.4CVSS6.4AI score0.00246EPSS
Exploits2References1
OSV
OSV
added 2026/05/06 10:8 p.m.6 views

GHSA-XCMW-GRXF-WJHJ PraisonAI has unauthenticated RCE via `tool_override.py` (CVE-2026-40287 patch bypass)

TL;DR CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAIALLOWLOCALTOOLS=true in two files toolresolver.py, api/call.py. A third import sink in praisonai/templates/tooloverride.py was missed and remains unguarded. It is reached by the recipe runner on every recipe execution and is...

8.4CVSS5.9AI score0.00246EPSS
Exploits2References4
NVD
NVD
added 2026/04/10 7:16 p.m.6 views

CVE-2026-27460

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.5, a critical Denial of Service DoS vulnerability was in the recipe import functionality. This vulnerability allows an authenticated user to crash the server or make a significantly...

6.5CVSS0.00298EPSS
Exploits1References1
Rows per page
Query Builder