368 matches found
CVE-2026-6375
A vulnerability in SpiceJet’s booking API allows unauthenticated users to query passenger name records PNRs without any access controls. Because PNR identifiers follow a predictable pattern, an attacker could systematically enumerate valid records and obtain associated passenger names. This flaw...
CVE-2026-6376
A weakness in SpiceJet’s public booking retrieval page permits full passenger booking details to be accessed using only a PNR and last name, with no authentication or verification mechanisms. This results in exposure of extensive personal, travel, and booking metadata to any unauthenticated user...
Malicious code in @datatrain/passenger-v3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ff70d96169a200be30c83b3e37506f7abf2f377ed1d6dec8005269d98b58104 The package @datatrain/passenger-v3 was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3802 Malicious code in @datatrain/passenger-v3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ff70d96169a200be30c83b3e37506f7abf2f377ed1d6dec8005269d98b58104 The package @datatrain/passenger-v3 was found to contain malicious code. Source: ossf-package-analysis...
RHCOS 1 : rubygem-passenger (RHSA-2013:1136)
The remote Red Hat Enterprise Linux CoreOS 1 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:1136 advisory. - rubygem-passenger: incorrect temporary file usage CVE-2013-2119 - rubygem-passenger: insecure temporary directory usage due to reu...
EUVD-2026-25300
A weakness in SpiceJet’s public booking retrieval page permits full passenger booking details to be accessed using only a PNR and last name, with no authentication or verification mechanisms. This results in exposure of extensive personal, travel, and booking metadata to any unauthenticated user...
EUVD-2026-25299
A vulnerability in SpiceJet’s booking API allows unauthenticated users to query passenger name records PNRs without any access controls. Because PNR identifiers follow a predictable pattern, an attacker could systematically enumerate valid records and obtain associated passenger names. This flaw...
CVE-2026-6375
A vulnerability in SpiceJet’s booking API allows unauthenticated users to query passenger name records PNRs without any access controls. Because PNR identifiers follow a predictable pattern, an attacker could systematically enumerate valid records and obtain associated passenger names. This flaw...
CVE-2026-6376
A weakness in SpiceJet’s public booking retrieval page permits full passenger booking details to be accessed using only a PNR and last name, with no authentication or verification mechanisms. This results in exposure of extensive personal, travel, and booking metadata to any unauthenticated user...
CVE-2026-6376 Missing authentication for critical function in SpiceJet Online Booking System
A weakness in SpiceJet’s public booking retrieval page permits full passenger booking details to be accessed using only a PNR and last name, with no authentication or verification mechanisms. This results in exposure of extensive personal, travel, and booking metadata to any unauthenticated user...
CVE-2026-6376
CVE-2026-6376 affects SpiceJet’s public booking retrieval page where an unauthenticated user can obtain full passenger booking details using only a PNR and last name due to improper access control on a sensitive data retrieval function. The NVD/CVELIST entries describe a network-accessible exposu...
CVE-2026-6375
A vulnerability in SpiceJet’s booking API allows unauthenticated users to query passenger name records PNRs without any access controls. Because PNR identifiers follow a predictable pattern, an attacker could systematically enumerate valid records and obtain associated passenger names. This flaw...
CVE-2026-6375
CVE-2026-6375 affects SpiceJet’s booking API, where unauthenticated users can enumerate PNRs and retrieve passenger names due to missing authorization checks on an endpoint intended for authenticated profile access. The entry notes a predictable PNR identifier pattern enabling systematic enumerat...
CVE-2026-6375 Authorization bypass through User-Controlled key in SpiceJet Online Booking System
A vulnerability in SpiceJet’s booking API allows unauthenticated users to query passenger name records PNRs without any access controls. Because PNR identifiers follow a predictable pattern, an attacker could systematically enumerate valid records and obtain associated passenger names. This flaw...
CVE-2026-6375 Authorization bypass through User-Controlled key in SpiceJet Online Booking System
A vulnerability in SpiceJet’s booking API allows unauthenticated users to query passenger name records PNRs without any access controls. Because PNR identifiers follow a predictable pattern, an attacker could systematically enumerate valid records and obtain associated passenger names. This flaw...
PT-2026-34749
Name of the Vulnerable Software and Affected Versions SpiceJet booking API affected versions not specified Description A flaw in the booking API allows unauthenticated users to query passenger name records PNRs due to a lack of access controls. Since PNR identifiers follow a predictable pattern, ...
SpiceJet Online Booking System 访问控制错误漏洞
The SpiceJet Online Booking System is an online ticketing system provided by the Indian company SpiceJet. It supports flight search, booking, and order management. The SpiceJet Online Booking System has a security vulnerability related to access control. This vulnerability stems from improper...
SpiceJet Online Booking System 安全漏洞
The SpiceJet Online Booking System is an online ticketing system provided by the Indian company SpiceJet. It supports flight inquiries, bookings, and order management. The SpiceJet Online Booking System has a security vulnerability, which stems from the lack of authorization checks. This...
PT-2026-34750
Name of the Vulnerable Software and Affected Versions SpiceJet public booking retrieval page affected versions not specified Description Improper access control on a sensitive data retrieval function in the public booking retrieval page allows unauthenticated users to access full passenger bookin...
EUVD-2018-0392
Malware in sbrugna...