33 matches found
CVE-2026-43977
creationtimestamp| type| source ---|---|--- 2026-05-14 12:37:19+00:00| published-proof-of-concept| https://github.com/wger-project/wger/security/advisories/GHSA-cj9g-27ph-4cgv...
CVE-2026-43978
creationtimestamp| type| source ---|---|--- 2026-05-14 12:36:41+00:00| published-proof-of-concept| https://github.com/wger-project/wger/security/advisories/GHSA-9qpr-vc49-hqg2...
CVE-2026-43948
creationtimestamp| type| source ---|---|--- 2026-04-28 08:06:13+00:00| published-proof-of-concept| https://github.com/wger-project/wger/security/advisories/GHSA-mhc8-p3jx-84mm...
wger 安全漏洞
wger is an open-source FLOSS fitness/exercise, nutrition, and weight tracking application developed using Django by the wger Project. Versions of wger 2.5 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the fact that the GymConfigUpdateView declared a...
CVE-2026-40353
creationtimestamp| type| source ---|---|--- 2026-04-15 21:01:16+00:00| published-proof-of-concept| https://github.com/wger-project/wger/security/advisories/GHSA-6f54-qjvm-wwq3...
CVE-2026-27839
CVE-2026-27839 affects wger up to version 2.4, where three nutritional_values endpoints fetch objects via Model.objects.get(pk=pk) instead of using a user-scoped queryset. This allows any authenticated user to read another user’s private nutrition data (caloric intake and full macro breakdown) by...
wger 安全漏洞
WGER is an open-source project developed by the WGER Team, written in Django, and serves as a self-hosted FLOSS fitness/exercise, nutrition, and weight tracking application. Versions of WGER 2.4 and earlier contained security vulnerabilities, which were caused by improper handling of cache key...
wger 安全漏洞
WGER is an open-source project developed by the WGER Team, written in Django, and it’s a self-hosted FLOSS fitness/exercise, nutrition, and weight tracking application. Versions of WGER 2.4 and earlier contained security vulnerabilities. These vulnerabilities were due to improper filtering of que...
EUVD-2023-0284
Malicious code in bioql PyPI...
EUVD-2023-0283
Malicious code in bioql PyPI...
EUVD-2022-7352
Malicious code in bioql PyPI...
CVE-2023-38759
Cross Site Request Forgery CSRF vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/resetuserpassword.html, templates/user/overview.html, core/views/user.py, and...
CVE-2022-2650
Improper Restriction of Excessive Authentication Attempts in GitHub repository wger-project/wger prior to 2.2...
GHSA-WRW3-QMQW-4X9W wger Workout Manager Cross-Site Request Forgery vulnerability
Cross Site Request Forgery CSRF vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/resetuserpassword.html, templates/user/overview.html, core/views/user.py, and...
wger Workout Manager Cross-Site Request Forgery vulnerability
Cross Site Request Forgery CSRF vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/resetuserpassword.html, templates/user/overview.html, core/views/user.py, and...
CVE-2023-38758
Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the licenseauthor field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components...
Cross site scripting
Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the licenseauthor field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components...
Cross site request forgery (csrf)
Cross Site Request Forgery CSRF vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/resetuserpassword.html, templates/user/overview.html, core/views/user.py, and...
PYSEC-2023-143
Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the licenseauthor field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components...
CVE-2023-38758
Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the licenseauthor field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components...