| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-27460 | Tandoor Recipes Affected by Denial of Service via Recipe Import | TandoorRecipes | recipes | Medium | 6.5 | 2026-04-10 19:09:06 | Deep Dive |
| CVE-2026-35489 | Tandoor Recipes — `amount`/`unit` bypass serializer in `food/{id}/shopping/` | TandoorRecipes | recipes | High | 7.3 | 2026-04-07 14:53:18 | Deep Dive |
| CVE-2026-35488 | Tandoor Recipes — CustomIsShared permits DELETE/PUT on RecipeBook by shared (read-only) users | TandoorRecipes | recipes | High | 8.1 | 2026-04-07 14:51:26 | Deep Dive |
| CVE-2026-35046 | Tandoor has a Stored CSS Injection via <style> Tag in Recipe Instructions (API-Level) | TandoorRecipes | recipes | Medium | 5.4 | 2026-04-06 17:20:01 | Deep Dive |
| CVE-2026-35045 | Tandoor Recipes Affected by Private Recipe Exposure and Unauthorized Modification | TandoorRecipes | recipes | High | 8.1 | 2026-04-06 17:17:58 | Deep Dive |
| CVE-2026-33152 | Tandoor Recipes Vulnerable to Unrestricted Brute-Force via BasicAuthentication | TandoorRecipes | recipes | Critical | 9.1 | 2026-03-26 19:07:39 | Deep Dive |
| CVE-2026-33153 | Tandoor Recipes's Unauthenticated Debug Parameter Leaks Full Raw SQL Queries Including Schema, Table Names, and Access Control Logic | TandoorRecipes | recipes | 中危 | - | 2026-03-26 19:06:16 | Deep Dive |
| CVE-2026-33148 | URL Parameter Injection in FDC Food Search API Causes Server Crash and Exposes Internal API Key | TandoorRecipes | recipes | Medium | 6.5 | 2026-03-26 19:04:26 | Deep Dive |
| CVE-2026-29055 | Tandoor Recipes: WebP and GIF Image Uploads Bypass EXIF/Metadata Stripping, Leaking GPS Coordinates and PII | TandoorRecipes | recipes | Medium | 5.3 | 2026-03-26 19:03:07 | Deep Dive |
| CVE-2026-28503 | Tandoor Recipes has Cross-Space IDOR in SyncViewSet.query_synced_folder: missing space scoping on get_object_or_404 | TandoorRecipes | recipes | 中危 | - | 2026-03-26 18:55:53 | Deep Dive |
| CVE-2026-33149 | Tandoor Recipes Vulnerable to Host Header Injection | TandoorRecipes | recipes | High | 8.1 | 2026-03-26 18:53:23 | Deep Dive |
| CVE-2026-25991 | Tandoor Recipes affected by Blind SSRF with Internal Network Access via Recipe Import | TandoorRecipes | recipes | High | 7.7 | 2026-02-13 18:29:11 | Deep Dive |
| CVE-2026-25964 | Tandoor Recipes Affected by Authenticated Local File Disclosure (LFD) via Recipe Import leads to Arbitrary File Read | TandoorRecipes | recipes | Medium | 4.9 | 2026-02-13 18:27:09 | Deep Dive |
| CVE-2025-23213 | Tandoor Recipes - Stored XSS through Unrestricted File Upload | TandoorRecipes | recipes | High | 8.7 | 2025-01-28 15:31:20 | Deep Dive |
| CVE-2025-23212 | Tandoor Recipes - Local file disclosure - Users can read the content of any file on the server | TandoorRecipes | recipes | High | 7.7 | 2025-01-28 15:29:08 | Deep Dive |
| CVE-2025-23211 | Tandoor Recipes - SSTI - Remote Code Execution | TandoorRecipes | recipes | Critical | 9.9 | 2025-01-28 15:24:27 | Deep Dive |