CVE-2026-6375 - Authorization bypass through User-Controlled key in SpiceJet Online Booking System
CVE ID :CVE-2026-6375 Published : April 23, 2026, 9:16 p.m. | 34 minutes ago Description :A vulnerability in SpiceJet’s booking API allows unauthenticated users to query passenger name records (PNRs) without any access controls. Because PNR identifiers follow a predictable pattern, an attacker
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface
- [CYBER] Mullvad VPN Creates iOS Master Switch to Protect Users From Data Leaks
- [CYBER] CVE-2026-29197 - Apache Apps Engine Log Information Disclosure Vulnerability
- [CYBER] CVE-2026-6732 - Libxml2: libxml2: denial of service via crafted xsd-validated document
- [CYBER] Anthropic CVP Run 3 — Does Claude's Safety Stack Scale Down to Haiku 4.5?
- [CYBER] DeFi bleeds $7B in a day after $290M exploit – Layer Zero calls it another Lazarus hit - MSN