CVE-2026-49141

WACRM vulnerability CVE-2026-49141: auth bypass in the automation engine allows an authenticated attacker to access/modify contacts of other tenants by sending a caller-controlled contact_id in a POST body, bypassing tenant ownership verification. Exploitation occurs via the service-role client t...

PT-2026-37042

Name of the Vulnerable Software and Affected Versions Gambio versions 4.0.0.0 through 4.9.2.0 Description A flaw in the password reset function allows an attacker to bypass security checks and set arbitrary passwords for any account, provided the account ID is known. Recommendations Apply the...

I

Description Improper authorization controls in the conversation sharing feature make it possible to access other user's conversations given a known conversation ID. The exploitability is limited by the fact that UUIDv4 conversation IDs are generated on the server side and are practically impossib...

The vulnerability of the software for general access to openstack-manila files, related to errors in using standard permissions, allows a perpetrator to gain unauthorized access to common files.

The vulnerability of the openstack-manila software for general access to files is related to errors in the use of standard permissions. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to common files, provided that the value of the UUID...