Vulnerabilidades em TandoorRecipes
16 resultadosCVE-2025-23211CRITICALTandoor Recipes - SSTI - Remote Code ExecutionEPSS 3.3%CVE-2026-33152CRITICALTandoor Recipes Vulnerable to Unrestricted Brute-Force via BasicAuthenticationEPSS 0.5%CVE-2025-23212HIGHTandoor Recipes - Local file disclosure - Users can read the content of any file on the serverEPSS 0.5%CVE-2026-33148MEDIUMURL Parameter Injection in FDC Food Search API Causes Server Crash and Exposes Internal API KeyEPSS 0.5%CVE-2026-33153HIGHTandoor Recipes's Unauthenticated Debug Parameter Leaks Full Raw SQL Queries Including Schema, Table Names, and Access Control LogicEPSS 0.4%CVE-2026-25964MEDIUMTandoor Recipes Affected by Authenticated Local File Disclosure (LFD) via Recipe Import leads to Arbitrary File ReadEPSS 0.4%CVE-2026-35488HIGHTandoor Recipes — CustomIsShared permits DELETE/PUT on RecipeBook by shared (read-only) usersEPSS 0.4%CVE-2025-23213HIGHTandoor Recipes - Stored XSS through Unrestricted File UploadEPSS 0.3%CVE-2026-29055MEDIUMTandoor Recipes: WebP and GIF Image Uploads Bypass EXIF/Metadata Stripping, Leaking GPS Coordinates and PIIEPSS 0.3%CVE-2026-33149HIGHTandoor Recipes Vulnerable to Host Header InjectionEPSS 0.3%CVE-2026-28503MEDIUMTandoor Recipes has Cross-Space IDOR in SyncViewSet.query_synced_folder: missing space scoping on get_object_or_404EPSS 0.3%CVE-2026-27460MEDIUMTandoor Recipes Affected by Denial of Service via Recipe ImportEPSS 0.3%CVE-2026-25991HIGHTandoor Recipes affected by Blind SSRF with Internal Network Access via Recipe ImportEPSS 0.3%CVE-2026-35045HIGHTandoor Recipes Affected by Private Recipe Exposure and Unauthorized ModificationEPSS 0.3%CVE-2026-35489HIGHTandoor Recipes — `amount`/`unit` bypass serializer in `food/{id}/shopping/`EPSS 0.2%CVE-2026-35046MEDIUMTandoor has a Stored CSS Injection via <style> Tag in Recipe Instructions (API-Level)EPSS 0.2%