Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mealie vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-34615
Mealie 1.0.0beta3 employs weak password requirements which allows malicious users to potentially gain unauthorized access to the application via brute-force attacks.
Mealie Mealie 0.5.5
Mealie Mealie 1.0.0
6.5
CVSSv3
CVE-2022-34621
Mealie 1.0.0beta3 exists to contain an Insecure Direct Object Reference (IDOR) vulnerability which allows malicious users to modify user passwords and other attributes via modification of the user_id parameter.
Mealie Mealie 0.5.5
Mealie Mealie 1.0.0
5.3
CVSSv3
CVE-2022-34623
Mealie1.0.0beta3 is vulnerable to user enumeration via timing response discrepancy between users and non-users when an invalid password message is displayed during an authentication attempt.
Mealie Mealie 0.5.5
Mealie Mealie 1.0.0
5.9
CVSSv3
CVE-2022-34624
Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing malicious users to perform a man-in-the-middle attack via a crafted GET request.
Mealie Mealie 0.5.5
Mealie Mealie 1.0.0
5.3
CVSSv3
CVE-2022-32425
The login function of Mealie v1.0.0beta-2 allows malicious users to enumerate existing usernames by timing the server's response time.
Mealie Mealie 1.0.0
9.8
CVSSv3
CVE-2022-34613
Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows malicious users to execute arbitrary code via a crafted file.
Mealie Project Mealie 1.0.0
5.4
CVSSv3
CVE-2022-34618
A stored cross-site scripting (XSS) vulnerability in Mealie 1.0.0beta3 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the recipe description text field.
Mealie Project Mealie 1.0.0
5.4
CVSSv3
CVE-2022-34619
A stored cross-site scripting (XSS) vulnerability in Mealie v0.5.5 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Shopping Lists item names text field.
Mealie Project Mealie 0.5.5
7.2
CVSSv3
CVE-2022-34625
Mealie1.0.0beta3 exists to contain a Server-Side Template Injection vulnerability, which allows malicious users to execute arbitrary code via a crafted Jinja2 template.
Mealie Project Mealie 1.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29758
CVE-2023-42931
unauthorized
CVE-2024-1540
unprivileged
CVE-2023-24955
CVE-2024-20259
logic flaw
CVE-2024-20333
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started