Package impact
PyPI / wger
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-43948 | critical | 9.9 | 9.9 | 16d ago | wger: cross-tenant password reset and plaintext disclosure via gym=None bypass | |||
| CVE-2026-43978 | high | — | 8.0 | 14d ago | wger: Privilege escalation via trainer-login session chaining allows gym trainer to impersonate gym manager | |||
| CVE-2026-43977 | high | — | 8.0 | 14d ago | wger Vulnerable to IDOR: Authenticated Users Can Read Any User's Private Workout Session Data via Template Routine API |