| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-27460 | Tandoor Recipes Affected by Denial of Service via Recipe Import | TandoorRecipes | recipes | Medium | 6.5 | 2026-04-10 19:09:06 | Deep Dive |
| CVE-2026-35489 | Tandoor Recipes — `amount`/`unit` bypass serializer in `food/{id}/shopping/` | TandoorRecipes | recipes | High | 7.3 | 2026-04-07 14:53:18 | Deep Dive |
| CVE-2026-35488 | Tandoor Recipes — CustomIsShared permits DELETE/PUT on RecipeBook by shared (read-only) users | TandoorRecipes | recipes | High | 8.1 | 2026-04-07 14:51:26 | Deep Dive |
| CVE-2026-35046 | Tandoor has a Stored CSS Injection via <style> Tag in Recipe Instructions (API-Level) | TandoorRecipes | recipes | Medium | 5.4 | 2026-04-06 17:20:01 | Deep Dive |
| CVE-2026-35045 | Tandoor Recipes Affected by Private Recipe Exposure and Unauthorized Modification | TandoorRecipes | recipes | High | 8.1 | 2026-04-06 17:17:58 | Deep Dive |
| CVE-2026-33152 | Tandoor Recipes Vulnerable to Unrestricted Brute-Force via BasicAuthentication | TandoorRecipes | recipes | Critical | 9.1 | 2026-03-26 19:07:39 | Deep Dive |
| CVE-2026-33153 | Tandoor Recipes's Unauthenticated Debug Parameter Leaks Full Raw SQL Queries Including Schema, Table Names, and Access Control Logic | TandoorRecipes | recipes | 中危 | - | 2026-03-26 19:06:16 | Deep Dive |
| CVE-2026-33148 | URL Parameter Injection in FDC Food Search API Causes Server Crash and Exposes Internal API Key | TandoorRecipes | recipes | Medium | 6.5 | 2026-03-26 19:04:26 | Deep Dive |
| CVE-2026-29055 | Tandoor Recipes: WebP and GIF Image Uploads Bypass EXIF/Metadata Stripping, Leaking GPS Coordinates and PII | TandoorRecipes | recipes | Medium | 5.3 | 2026-03-26 19:03:07 | Deep Dive |
| CVE-2026-28503 | Tandoor Recipes has Cross-Space IDOR in SyncViewSet.query_synced_folder: missing space scoping on get_object_or_404 | TandoorRecipes | recipes | 中危 | - | 2026-03-26 18:55:53 | Deep Dive |
| CVE-2026-33149 | Tandoor Recipes Vulnerable to Host Header Injection | TandoorRecipes | recipes | High | 8.1 | 2026-03-26 18:53:23 | Deep Dive |
| CVE-2026-25991 | Tandoor Recipes affected by Blind SSRF with Internal Network Access via Recipe Import | TandoorRecipes | recipes | High | 7.7 | 2026-02-13 18:29:11 | Deep Dive |
| CVE-2026-25964 | Tandoor Recipes Affected by Authenticated Local File Disclosure (LFD) via Recipe Import leads to Arbitrary File Read | TandoorRecipes | recipes | Medium | 4.9 | 2026-02-13 18:27:09 | Deep Dive |
| CVE-2025-62131 | WordPress Tasty Recipes Lite plugin <= 1.1.5 - Broken Access Control vulnerability | Strategy11 Team | Tasty Recipes Lite | Medium | 4.3 | 2025-12-31 16:04:31 | Deep Dive |
| CVE-2025-62132 | WordPress Tasty Recipes Lite plugin <= 1.1.5 - Broken Access Control vulnerability | Strategy11 Team | Tasty Recipes Lite | Medium | 4.3 | 2025-12-31 16:03:41 | Deep Dive |
| CVE-2025-11755 | Delicious Recipes <= 1.9.0 - Authenticated (Contributor+) Arbitrary File Upload | wpdelicious | WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) | High | 8.8 | 2025-11-01 06:40:39 | Deep Dive |
| CVE-2025-50011 | WordPress plugin Recipes manager - WPH <=1.0.4 - Cross Site Scripting (XSS) Vulnerability | Félix Martínez | Recipes manager - WPH | Medium | 5.9 | 2025-06-20 15:04:03 | Deep Dive |
| CVE-2025-32555 | WordPress SEO, Nutrition and Print for Recipes by Edamam plugin <= 3.3 - CSRF to Cross-Site Scripting vulnerability | Edamam | SEO, Nutrition and Print for Recipes by Edamam | High | 7.1 | 2025-04-09 16:09:38 | Deep Dive |
| CVE-2025-31759 | WordPress Boo Recipes plugin <= 2.4.1 - Cross Site Scripting (XSS) vulnerability | BooSpot | Boo Recipes | Medium | 6.5 | 2025-04-01 14:51:14 | Deep Dive |
| CVE-2025-30549 | WordPress Yummly Rich Recipes plugin <= 4.2 - Cross Site Request Forgery (CSRF) vulnerability | Yummly | Yummly Rich Recipes | Medium | 4.3 | 2025-03-24 13:46:54 | Deep Dive |