Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

TandoorRecipes — Vulnerabilities & Security Advisories 16

Browse all 16 CVE security advisories affecting TandoorRecipes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by TandoorRecipes:recipes
CVE IDTitleCVSSSeverityPublished
CVE-2026-27460 Tandoor Recipes Affected by Denial of Service via Recipe Import — recipesCWE-409 6.5 Medium2026-04-10
CVE-2026-35489 Tandoor Recipes — `amount`/`unit` bypass serializer in `food/{id}/shopping/` — recipesCWE-639 7.3 High2026-04-07
CVE-2026-35488 Tandoor Recipes — CustomIsShared permits DELETE/PUT on RecipeBook by shared (read-only) users — recipesCWE-749 8.1 High2026-04-07
CVE-2026-35046 Tandoor has a Stored CSS Injection via <style> Tag in Recipe Instructions (API-Level) — recipesCWE-79 5.4 Medium2026-04-06
CVE-2026-35045 Tandoor Recipes Affected by Private Recipe Exposure and Unauthorized Modification — recipesCWE-639 8.1 High2026-04-06
CVE-2026-33152 Tandoor Recipes Vulnerable to Unrestricted Brute-Force via BasicAuthentication — recipesCWE-307 9.1 Critical2026-03-26
CVE-2026-33153 Tandoor Recipes's Unauthenticated Debug Parameter Leaks Full Raw SQL Queries Including Schema, Table Names, and Access Control Logic — recipesCWE-89 6.5 -2026-03-26
CVE-2026-33148 URL Parameter Injection in FDC Food Search API Causes Server Crash and Exposes Internal API Key — recipesCWE-74 6.5 Medium2026-03-26
CVE-2026-29055 Tandoor Recipes: WebP and GIF Image Uploads Bypass EXIF/Metadata Stripping, Leaking GPS Coordinates and PII — recipesCWE-1230 5.3 Medium2026-03-26
CVE-2026-28503 Tandoor Recipes has Cross-Space IDOR in SyncViewSet.query_synced_folder: missing space scoping on get_object_or_404 — recipesCWE-639 6.5 -2026-03-26
CVE-2026-33149 Tandoor Recipes Vulnerable to Host Header Injection — recipesCWE-644 8.1 High2026-03-26
CVE-2026-25991 Tandoor Recipes affected by Blind SSRF with Internal Network Access via Recipe Import — recipesCWE-918 7.7 High2026-02-13
CVE-2026-25964 Tandoor Recipes Affected by Authenticated Local File Disclosure (LFD) via Recipe Import leads to Arbitrary File Read — recipesCWE-22 4.9 Medium2026-02-13
CVE-2025-23213 Tandoor Recipes - Stored XSS through Unrestricted File Upload — recipesCWE-434 8.7 High2025-01-28
CVE-2025-23212 Tandoor Recipes - Local file disclosure - Users can read the content of any file on the server — recipesCWE-200 7.7 High2025-01-28
CVE-2025-23211 Tandoor Recipes - SSTI - Remote Code Execution — recipesCWE-1336 10.0 Critical2025-01-28

This page lists every published CVE security advisory associated with TandoorRecipes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.