21 matches found
CVE-2026-43977
creationtimestamp| type| source ---|---|--- 2026-05-14 12:37:19+00:00| published-proof-of-concept| https://github.com/wger-project/wger/security/advisories/GHSA-cj9g-27ph-4cgv...
CVE-2026-43978
creationtimestamp| type| source ---|---|--- 2026-05-14 12:36:41+00:00| published-proof-of-concept| https://github.com/wger-project/wger/security/advisories/GHSA-9qpr-vc49-hqg2...
wger 安全漏洞
wger is an open-source FLOSS fitness/exercise, nutrition, and weight tracking application developed using Django by the wger Project. Versions of wger 2.5 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the fact that the GymConfigUpdateView declared a...
CVE-2026-40353
creationtimestamp| type| source ---|---|--- 2026-04-15 21:01:16+00:00| published-proof-of-concept| https://github.com/wger-project/wger/security/advisories/GHSA-6f54-qjvm-wwq3...
CVE-2026-27839
CVE-2026-27839 affects wger up to version 2.4, where three nutritional_values endpoints fetch objects via Model.objects.get(pk=pk) instead of using a user-scoped queryset. This allows any authenticated user to read another user’s private nutrition data (caloric intake and full macro breakdown) by...
wger 安全漏洞
WGER is an open-source project developed by the WGER Team, written in Django, and serves as a self-hosted FLOSS fitness/exercise, nutrition, and weight tracking application. Versions of WGER 2.4 and earlier contained security vulnerabilities, which were caused by improper handling of cache key...
EUVD-2023-0283
Malicious code in bioql PyPI...
EUVD-2023-0284
Malicious code in bioql PyPI...
CVE-2022-2650
Improper Restriction of Excessive Authentication Attempts in GitHub repository wger-project/wger prior to 2.2...
GHSA-WRW3-QMQW-4X9W wger Workout Manager Cross-Site Request Forgery vulnerability
Cross Site Request Forgery CSRF vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/resetuserpassword.html, templates/user/overview.html, core/views/user.py, and...
wger Workout Manager Cross-Site Request Forgery vulnerability
Cross Site Request Forgery CSRF vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/resetuserpassword.html, templates/user/overview.html, core/views/user.py, and...
CVE-2023-38758
Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the licenseauthor field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components...
Cross site scripting
Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the licenseauthor field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components...
Cross site request forgery (csrf)
Cross Site Request Forgery CSRF vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/resetuserpassword.html, templates/user/overview.html, core/views/user.py, and...
PYSEC-2023-143
Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the licenseauthor field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components...
CVE-2023-38759
CVE-2023-38759 describes a Cross-Site Request Forgery (CSRF) vulnerability in the wger Project, Workout Manager version 2.2.0a3. The issue enables a remote attacker to gain privileges via the user-management features, affecting multiple components/files (e.g., gym.py, reset_user_password.html, ov...
CVE-2023-38758
The CVE-2023-38758 entry concerns wger Workout Manager v2.2.0a3, with a Cross-Site Scripting flaw exploitable via the license_author field in the add-ingredient workflow (templates/ingredients/view.html, models/ingredients.py, views/ingredients.py). The underlying issue is a stored/ reflected XSS...
CVE-2023-38758
Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the licenseauthor field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components...
CVE-2023-38759
Cross Site Request Forgery CSRF vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/resetuserpassword.html, templates/user/overview.html, core/views/user.py, and...
CVE-2023-38758
Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the licenseauthor field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components...