EUVD-2026-25300

A weakness in SpiceJet’s public booking retrieval page permits full passenger booking details to be accessed using only a PNR and last name, with no authentication or verification mechanisms. This results in exposure of extensive personal, travel, and booking metadata to any unauthenticated user...

CVE-2026-6376

CVE-2026-6376 affects SpiceJet’s public booking retrieval page where an unauthenticated user can obtain full passenger booking details using only a PNR and last name due to improper access control on a sensitive data retrieval function. The NVD/CVELIST entries describe a network-accessible exposu...

EUVD-2025-25415

Malicious code in bioql PyPI...

UK Rail Operator LNER Confirms Cyber Attack Exposing Passenger Data

LNER cyber attack exposes passenger contact details and journey data. No financial information or passwords were taken, but…...

CVE-2025-9299

A vulnerability has been found in Tenda M3 1.0.0.12. Affected by this vulnerability is the function formGetMasterPassengerAnalyseData of the file /goform/getMasterPassengerAnalyseData. The manipulation of the argument Time leads to stack-based buffer overflow. The attack may be initiated remotely...

CVE-2025-9299 Tenda M3 getMasterPassengerAnalyseData formGetMasterPassengerAnalyseData stack-based overflow

A vulnerability has been found in Tenda M3 1.0.0.12. Affected by this vulnerability is the function formGetMasterPassengerAnalyseData of the file /goform/getMasterPassengerAnalyseData. The manipulation of the argument Time leads to stack-based buffer overflow. The attack may be initiated remotely...

Airlines Secretly Selling Passenger Data to the Government

This is news: A data broker owned by the country's major airlines, including Delta, American Airlines, and United, collected U.S. travellers' domestic flight records, sold access to them to Customs and Border Protection CBP, and then as part of the contract told CBP to not reveal where the data...

Airlines Don’t Want You to Know They Sold Your Flight Data to DHS

A contract obtained by 404 Media shows that an airline-owned data broker forbids the feds from revealing it sold them detailed passenger data...

Anonymous Hackers Steal Flight Data from US Deportation Airline GlobalX

A hacker group claiming affiliation with Anonymous says it breached GlobalX Airlines, leaking sensitive flight and passenger data…...

Air India Hack Exposes Credit Card and Passport Info of 4.5 Million Passengers

India's flag carrier airline, Air India, has disclosed a data breach affecting 4.5 million of its customers over a period stretching nearly 10 years after its Passenger Service System PSS provider SITA fell victim to a cyber attack earlier this year. The breach involves personal data registered...

Sprawling Cyberattack Breaches Several Airlines

A communications and IT vendor for 90 percent of the world’s airlines, SITA, has been breached, compromising passenger data stored on the company’s U.S. servers in what the company is calling a “highly sophisticated attack.” The affected servers are in Atlanta, and belong to the SITA Passenger...

British Airways E-Ticketing Flaw Exposes Passenger Flight, Personal Data

A security bug discovered in British Airways’ e-ticketing system has the potential to expose passengers’ data, including their flight booking details and personal information. Researchers on Tuesday said that check-in links being sent by British Airways to their passengers via email are unencrypt...

Panasonic, IOActive Clash on Vulnerability Report

Panasonic Avionics has pushed back against research released Tuesday by IOActive suggesting that in-flight entertainment system firmware used by more than a dozen airlines contains vulnerabilities that allow a local attacker to manipulate data displayed to passengers, or put their personal data a...

In-Flight Entertainment System Flaws Put Passenger Data at Risk

A simple tap on an in-flight entertainment system touchscreen kicked off an intellectual exercise that resulted in the discovery of a number of firmware vulnerabilities in embedded systems used by at least 13 airlines. The vulnerabilities in the Panasonic Avionics IFE firmware could allow a local...

Hacker Demonstrates How Easy In-flight Entertainment System Can Be Hacked

Next time when you hear an announcement in the flight, “Ladies and gentlemen, this is your captain speaking…," the chances are that the announcement is coming from a hacker controlling your flight. Dangerous vulnerabilities in an in-flight entertainment system used by the leading airlines,...