Lucene search
K

5 matches found

Vulnrichment
Vulnrichment
added 2026/04/07 2:53 p.m.1 views

CVE-2026-35489 Tandoor Recipes — `amount`/`unit` bypass serializer in `food/{id}/shopping/`

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the POST /api/food/id/shopping/ endpoint reads amount and unit directly from request.data and passes them without validation to ShoppingListEntry.objects.create. Invalid amount...

7.3CVSS5.9AI score0.00224EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/07 2:53 p.m.7 views

CVE-2026-35489

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the POST /api/food/id/shopping/ endpoint reads amount and unit directly from request.data and passes them without validation to ShoppingListEntry.objects.create. Invalid amount...

7.3CVSS5.9AI score0.00224EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/04/07 2:53 p.m.8 views

EUVD-2026-19674

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the POST /api/food/id/shopping/ endpoint reads amount and unit directly from request.data and passes them without validation to ShoppingListEntry.objects.create. Invalid amount...

7.3CVSS5.9AI score0.00224EPSS
Exploits1References2
CVE
CVE
added 2026/04/07 2:53 p.m.11 views

CVE-2026-35489

Tandoor Recipes CVE-2026-35489 affects the POST /api/food/{id}/shopping/ endpoint. Before version 2.6.4, the handler reads amount and unit directly from request.data and passes them to ShoppingListEntry.objects.create() without validation, which can cause an unhandled exception (HTTP 500) for non...

7.3CVSS5.9AI score0.00224EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.8 views

Tandoor Recipes 安全漏洞

Tandoor Recipes is an open-source application designed for managing recipes, planning meals, creating shopping lists, and more. Versions of Tandoor Recipes prior to 2.6.4 contained security vulnerabilities. These vulnerabilities stemmed from the POST /api/food/id/shopping/ endpoint directly readi...

7.3CVSS5.8AI score0.00224EPSS
Exploits1References2
Rows per page
Query Builder