14 matches found
EUVD-2026-25299
A vulnerability in SpiceJet’s booking API allows unauthenticated users to query passenger name records PNRs without any access controls. Because PNR identifiers follow a predictable pattern, an attacker could systematically enumerate valid records and obtain associated passenger names. This flaw...
EUVD-2026-25300
A weakness in SpiceJet’s public booking retrieval page permits full passenger booking details to be accessed using only a PNR and last name, with no authentication or verification mechanisms. This results in exposure of extensive personal, travel, and booking metadata to any unauthenticated user...
CVE-2026-6376
CVE-2026-6376 affects SpiceJet’s public booking retrieval page where an unauthenticated user can obtain full passenger booking details using only a PNR and last name due to improper access control on a sensitive data retrieval function. The NVD/CVELIST entries describe a network-accessible exposu...
CVE-2026-6376
A weakness in SpiceJet’s public booking retrieval page permits full passenger booking details to be accessed using only a PNR and last name, with no authentication or verification mechanisms. This results in exposure of extensive personal, travel, and booking metadata to any unauthenticated user...
CVE-2026-6376 Missing authentication for critical function in SpiceJet Online Booking System
A weakness in SpiceJet’s public booking retrieval page permits full passenger booking details to be accessed using only a PNR and last name, with no authentication or verification mechanisms. This results in exposure of extensive personal, travel, and booking metadata to any unauthenticated user...
CVE-2026-6376 Missing authentication for critical function in SpiceJet Online Booking System
A weakness in SpiceJet’s public booking retrieval page permits full passenger booking details to be accessed using only a PNR and last name, with no authentication or verification mechanisms. This results in exposure of extensive personal, travel, and booking metadata to any unauthenticated user...
CVE-2026-6375 Authorization bypass through User-Controlled key in SpiceJet Online Booking System
A vulnerability in SpiceJet’s booking API allows unauthenticated users to query passenger name records PNRs without any access controls. Because PNR identifiers follow a predictable pattern, an attacker could systematically enumerate valid records and obtain associated passenger names. This flaw...
CVE-2026-6375
CVE-2026-6375 affects SpiceJet’s booking API, where unauthenticated users can enumerate PNRs and retrieve passenger names due to missing authorization checks on an endpoint intended for authenticated profile access. The entry notes a predictable PNR identifier pattern enabling systematic enumerat...
CVE-2026-6375 Authorization bypass through User-Controlled key in SpiceJet Online Booking System
A vulnerability in SpiceJet’s booking API allows unauthenticated users to query passenger name records PNRs without any access controls. Because PNR identifiers follow a predictable pattern, an attacker could systematically enumerate valid records and obtain associated passenger names. This flaw...
CVE-2026-6375
A vulnerability in SpiceJet’s booking API allows unauthenticated users to query passenger name records PNRs without any access controls. Because PNR identifiers follow a predictable pattern, an attacker could systematically enumerate valid records and obtain associated passenger names. This flaw...
SpiceJet Online Booking System
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure for all...
SpiceJet Online Booking System 访问控制错误漏洞
The SpiceJet Online Booking System is an online ticketing system provided by the Indian company SpiceJet. It supports flight search, booking, and order management. The SpiceJet Online Booking System has a security vulnerability related to access control. This vulnerability stems from improper...
SpiceJet Online Booking System 安全漏洞
The SpiceJet Online Booking System is an online ticketing system provided by the Indian company SpiceJet. It supports flight inquiries, bookings, and order management. The SpiceJet Online Booking System has a security vulnerability, which stems from the lack of authorization checks. This...
PT-2026-34749
A vulnerability in SpiceJet’s booking API allows unauthenticated users to query passenger name records PNRs without any access controls. Because PNR identifiers follow a predictable pattern, an attacker could systematically enumerate valid records and obtain associated passenger names. This flaw...