Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mealie vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-34615
Mealie 1.0.0beta3 employs weak password requirements which allows malicious users to potentially gain unauthorized access to the application via brute-force attacks.
Mealie Mealie 0.5.5
Mealie Mealie 1.0.0
NA
CVE-2022-34621
Mealie 1.0.0beta3 exists to contain an Insecure Direct Object Reference (IDOR) vulnerability which allows malicious users to modify user passwords and other attributes via modification of the user_id parameter.
Mealie Mealie 0.5.5
Mealie Mealie 1.0.0
NA
CVE-2022-34624
Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing malicious users to perform a man-in-the-middle attack via a crafted GET request.
Mealie Mealie 0.5.5
Mealie Mealie 1.0.0
NA
CVE-2022-32425
The login function of Mealie v1.0.0beta-2 allows malicious users to enumerate existing usernames by timing the server's response time.
Mealie Mealie 1.0.0
NA
CVE-2022-34613
Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows malicious users to execute arbitrary code via a crafted file.
Mealie Project Mealie 1.0.0
NA
CVE-2022-34618
A stored cross-site scripting (XSS) vulnerability in Mealie 1.0.0beta3 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the recipe description text field.
Mealie Project Mealie 1.0.0
NA
CVE-2022-34625
Mealie1.0.0beta3 exists to contain a Server-Side Template Injection vulnerability, which allows malicious users to execute arbitrary code via a crafted Jinja2 template.
Mealie Project Mealie 1.0.0
NA
CVE-2022-34619
A stored cross-site scripting (XSS) vulnerability in Mealie v0.5.5 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Shopping Lists item names text field.
Mealie Project Mealie 0.5.5
NA
CVE-2024-31992
Mealie is a self hosted recipe manager and meal planner. before 1.4.0, the safe_scrape_html function utilizes a user-controlled URL to issue a request to a remote server, however these requests are not rate-limited. While there are efforts to prevent DDoS by implementing a timeou...
NA
CVE-2024-31993
Mealie is a self hosted recipe manager and meal planner. before 1.4.0, the scrape_image function will retrieve an image based on a user-provided URL, however the provided URL is not validated to point to an external location and does not have any enforced rate limiting. The respo...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »