Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2026/06/05 7:23 p.m.8 views

CVE-2026-43948

wger is a free, open-source workout and fitness manager. Prior to 2.6, the resetuserpassword and gympermissionsuseredit views in wger perform a gym-scope authorization check using Python object comparison != that evaluates None != None as False, silently bypassing the guard when both the attacker...

9.9CVSS5.5AI score0.00013EPSS
Exploits0References1
NVD
NVDadded 2026/05/12 10:16 p.m.7 views

CVE-2026-43948

wger is a free, open-source workout and fitness manager. Prior to 2.6, the resetuserpassword and gympermissionsuseredit views in wger perform a gym-scope authorization check using Python object comparison != that evaluates None != None as False, silently bypassing the guard when both the attacker...

9.9CVSS0.00013EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/12 8:47 p.m.31 views

CVE-2026-43948 wger: cross-tenant password reset and plaintext disclosure via gym=None bypass

wger is a free, open-source workout and fitness manager. Prior to 2.6, the resetuserpassword and gympermissionsuseredit views in wger perform a gym-scope authorization check using Python object comparison != that evaluates None != None as False, silently bypassing the guard when both the attacker...

9.9CVSS0.00013EPSS
Exploits0References1
OSV
OSVadded 2026/04/16 1:37 a.m.2 views

GHSA-6F54-QJVM-WWQ3 wger has Stored XSS via Unescaped License Attribution Fields

Stored XSS via Unescaped License Attribution Fields Summary The AbstractLicenseModel.attributionlink property in wger/utils/models.py constructs HTML strings by directly interpolating user-controlled fields licenseauthor, licensetitle, licenseobjecturl, licenseauthorurl, licensederivativesourceur...

5.4CVSS6AI score0.00014EPSS
Exploits1References4
RedhatCVE
RedhatCVEadded 2026/02/28 1:55 a.m.3 views

CVE-2026-27839

wger is a free, open-source workout and fitness manager. In versions up to and including 2.4, three nutritionalvalues action endpoints fetch objects via Model.objects.getpk=pk — a raw ORM call that bypasses the user-scoped queryset. Any authenticated user can read another user's private nutrition...

4.3CVSS6AI score0.0004EPSS
Exploits1References1
NVD
NVDadded 2026/02/26 11:16 p.m.3 views

CVE-2026-27838

wger is a free, open-source workout and fitness manager. Five routine detail action endpoints check a cache before calling self.getobject. In versions up to and including 2.4, ache keys are scoped only by pk — no user ID is included. When a victim has previously accessed their routine via the API...

3.5CVSS0.00036EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/02/26 10:4 p.m.2 views

CVE-2026-27838

wger is a free, open-source workout and fitness manager. Five routine detail action endpoints check a cache before calling self.getobject. In versions up to and including 2.4, ache keys are scoped only by pk — no user ID is included. When a victim has previously accessed their routine via the API...

3.5CVSS5.7AI score0.00036EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder