CVE-2026-40867
Horilla CVE-2026-40867 affects Horilla HRMS (version 1.5.0). A broken access control flaw in the helpdesk attachment viewer lets any authenticated user view attachments from other tickets by altering the attachment ID, exposing sensitive support files and internal documents across unrelated users...