Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mealie vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-34615
Mealie 1.0.0beta3 employs weak password requirements which allows malicious users to potentially gain unauthorized access to the application via brute-force attacks.
Mealie Mealie 0.5.5
Mealie Mealie 1.0.0
5.9
CVSSv3
CVE-2022-34624
Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing malicious users to perform a man-in-the-middle attack via a crafted GET request.
Mealie Mealie 0.5.5
Mealie Mealie 1.0.0
6.5
CVSSv3
CVE-2022-34621
Mealie 1.0.0beta3 exists to contain an Insecure Direct Object Reference (IDOR) vulnerability which allows malicious users to modify user passwords and other attributes via modification of the user_id parameter.
Mealie Mealie 0.5.5
Mealie Mealie 1.0.0
5.3
CVSSv3
CVE-2022-32425
The login function of Mealie v1.0.0beta-2 allows malicious users to enumerate existing usernames by timing the server's response time.
Mealie Mealie 1.0.0
9.8
CVSSv3
CVE-2022-34613
Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows malicious users to execute arbitrary code via a crafted file.
Mealie Project Mealie 1.0.0
5.4
CVSSv3
CVE-2022-34618
A stored cross-site scripting (XSS) vulnerability in Mealie 1.0.0beta3 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the recipe description text field.
Mealie Project Mealie 1.0.0
7.2
CVSSv3
CVE-2022-34625
Mealie1.0.0beta3 exists to contain a Server-Side Template Injection vulnerability, which allows malicious users to execute arbitrary code via a crafted Jinja2 template.
Mealie Project Mealie 1.0.0
5.4
CVSSv3
CVE-2022-34619
A stored cross-site scripting (XSS) vulnerability in Mealie v0.5.5 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Shopping Lists item names text field.
Mealie Project Mealie 0.5.5
NA
CVE-2024-31992
Mealie is a self hosted recipe manager and meal planner. before 1.4.0, the safe_scrape_html function utilizes a user-controlled URL to issue a request to a remote server, however these requests are not rate-limited. While there are efforts to prevent DDoS by implementing a timeou...
NA
CVE-2024-31993
Mealie is a self hosted recipe manager and meal planner. before 1.4.0, the scrape_image function will retrieve an image based on a user-provided URL, however the provided URL is not validated to point to an external location and does not have any enforced rate limiting. The respo...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »