CVE-2026-35489 Tandoor Recipes — `amount`/`unit` bypass serializer in `food/{id}/shopping/`

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the POST /api/food/id/shopping/ endpoint reads amount and unit directly from request.data and passes them without validation to ShoppingListEntry.objects.create. Invalid amount...

CVE-2026-35489

Tandoor Recipes CVE-2026-35489 affects the POST /api/food/{id}/shopping/ endpoint. Before version 2.6.4, the handler reads amount and unit directly from request.data and passes them to ShoppingListEntry.objects.create() without validation, which can cause an unhandled exception (HTTP 500) for non...

CGM CLININET SQL注入漏洞

CGM CLININET is a hospital information management system developed by the German company CGM. CGM CLININET has a SQL injection vulnerability, which stems from the SQL injection vulnerability present in the validateOrgUnit function within the CheckUnitCodeAndKey.pl service...

AZL-43354 CVE-2024-36968 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix div-by-zero in l2capleflowctlinit l2capleflowctlinit can cause both div-by-zero and an integer overflow since hdev-lemtu may not fall in the valid range. Move MTU from hcidev to hciconn to validate MTU and...