Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.9 views

CVE-2026-6375

A vulnerability in SpiceJet’s booking API allows unauthenticated users to query passenger name records PNRs without any access controls. Because PNR identifiers follow a predictable pattern, an attacker could systematically enumerate valid records and obtain associated passenger names. This flaw...

8.7CVSS5.5AI score0.00311EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/23 9:31 p.m.9 views

EUVD-2026-25299

A vulnerability in SpiceJet’s booking API allows unauthenticated users to query passenger name records PNRs without any access controls. Because PNR identifiers follow a predictable pattern, an attacker could systematically enumerate valid records and obtain associated passenger names. This flaw...

8.7CVSS5.8AI score0.00311EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/23 8:7 p.m.38 views

CVE-2026-6375 Authorization bypass through User-Controlled key in SpiceJet Online Booking System

A vulnerability in SpiceJet’s booking API allows unauthenticated users to query passenger name records PNRs without any access controls. Because PNR identifiers follow a predictable pattern, an attacker could systematically enumerate valid records and obtain associated passenger names. This flaw...

8.7CVSS0.00311EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/23 8:7 p.m.5 views

CVE-2026-6375

A vulnerability in SpiceJet’s booking API allows unauthenticated users to query passenger name records PNRs without any access controls. Because PNR identifiers follow a predictable pattern, an attacker could systematically enumerate valid records and obtain associated passenger names. This flaw...

8.7CVSS5.8AI score0.00311EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/23 8:7 p.m.6 views

CVE-2026-6375 Authorization bypass through User-Controlled key in SpiceJet Online Booking System

A vulnerability in SpiceJet’s booking API allows unauthenticated users to query passenger name records PNRs without any access controls. Because PNR identifiers follow a predictable pattern, an attacker could systematically enumerate valid records and obtain associated passenger names. This flaw...

8.7CVSS5.2AI score0.00311EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.5 views

PT-2026-34749

Name of the Vulnerable Software and Affected Versions SpiceJet booking API affected versions not specified Description A flaw in the booking API allows unauthenticated users to query passenger name records PNRs due to a lack of access controls. Since PNR identifiers follow a predictable pattern, ...

8.7CVSS5.8AI score0.00311EPSS
Exploits0References3
Rows per page
Query Builder