Vulnerabilidades em wger-project
7 resultadosCVE-2022-2650HIGHImproper Restriction of Excessive Authentication Attempts in wger-project/wgerEPSS 0.7%CVE-2026-43948CRITICALwger: cross-tenant password reset and plaintext disclosure via gym=None bypassEPSS 0.4%CVE-2026-40474HIGHwger has Broken Access Control in the Global Gym Configuration Update EndpointEPSS 0.3%CVE-2026-27839MEDIUMwger: IDOR in nutritional_values endpoints exposes private dietary data via direct ORM lookupEPSS 0.3%CVE-2026-27835MEDIUMwger: IDOR in RepetitionsConfig and MaxRepetitionsConfig API leak other users' workout dataEPSS 0.3%CVE-2026-27838LOWwger: IDOR via user-unscoped cache keys on routine API actions exposes workout dataEPSS 0.2%CVE-2026-40353MEDIUMwger: Stored XSS via Unescaped License Attribution FieldsEPSS 0.2%