CVE-2025-23212

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The external storage feature allows any user to enumerate the name and content of files on the server. This vulnerability is fixed in 1.5.28...

EUVD-2022-28179

Malicious code in bioql PyPI...

EUVD-2022-28180

Malicious code in bioql PyPI...

CVE-2024-43935

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WP Delicious Delicious Recipes – WordPress Recipe Plugin allows Stored XSS.This issue affects Delicious Recipes – WordPress Recipe Plugin: from n/a through 1.6.7...

CVE-2025-30549

CVE-2025-30549 is a CSRF vulnerability in the WordPress plugin “Yummly Rich Recipes,” affecting versions from unknown up to 4.2. The entry documents a Cross-Site Request Forgery issue with a CVSS 3.1 base score of 4.3 (Medium). Exploitation would require user interaction, and the connected data d...

CVE-2025-23212 Tandoor Recipes - Local file disclosure - Users can read the content of any file on the server

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The external storage feature allows any user to enumerate the name and content of files on the server. This vulnerability is fixed in 1.5.28...

PT-2025-4850

Name of the Vulnerable Software and Affected Versions: Tandoor Recipes versions prior to 1.5.24 Description: The issue is related to a Jinja2 SSTI vulnerability that allows any user to execute commands on the server, potentially with root privileges in the case of the provided Docker Compose file...

Recipes 跨站脚本漏洞

Recipes are apps for managing recipes, planning meals, creating shopping lists, and more. A cross-site scripting vulnerability exists in Recipes versions 1.0.5 through 1.2.5, which stems from a filtered escape of user data missing from the name parameter. A low-privileged attacker can exploit thi...