CVE-2026-44237 FreePBX: Authenticated Access can lead to Subsequent OAuth2 Authentication Bypass in API Module

FreePBX is an open source IP PBX. Prior to 17.0.8, the FreePBX api module's OAuth2 implementation does not sufficiently validate client credentials during token issuance. Knowledge of a valid clientid is required. The validateClient method in ClientRepository.php unconditionally returns true,...

CVE-2026-44239

Affected software : FreePBX Dashboard module (Dashboard getcontent AJAX handler). Vulnerability : Prior to 16.0.22 and 17.0.5, the handler includes PHP files based on unsanitized user input, concatenating $_REQUEST['rawname'] into an include() call with a .class.php suffix. This enables path trav...

EUVD-2026-33297

FreePBX is an open source IP PBX. Prior to 16.0.22 and 17.0.5, the Dashboard module's getcontent AJAX handler includes PHP files based on user-supplied input without path sanitization. The $REQUEST'rawname' parameter is concatenated into an include call with a .class.php suffix, allowing path...

CVE-2026-49317

The CVE CVE-2026-49317 affects the Infotainment Digital Round on the Indian Scout Bobber + Tech 2025 model year. The vulnerability arises when the boot window relies on Wireless Control Module (WCM) traffic as a proxy for immobilizer presence. If no WCM messages are observed (e.g., by silencing W...

CVE-2026-49317 Indian Scout Bobber 2025 Infotainment Digital Round skips PIN entry when WCM is silent at boot

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module WCM traffic during its boot window as a...

EUVD-2026-33296

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module WCM traffic during its boot window as a...

CVE-2026-49317

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module WCM traffic during its boot window as a...

CVE-2026-49317 Indian Scout Bobber 2025 Infotainment Digital Round skips PIN entry when WCM is silent at boot

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module WCM traffic during its boot window as a...

CVE-2026-49316

The CVE-2026-49316 entry describes an in-vehicle CAN bus‑level fault: an adjacent-network attacker can force the Wireless Control Module (WCM) into bus‑off via a CAN error‑frame‑injection technique against periodic WCM transmissions. This drives the WCM CAN controller’s transmit error counter pas...

CVE-2026-49316

Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the motorcycle's anti-theft shutdown by forcing the Wireless Control Module WCM into the CAN bus-off state. Using a well-known CAN...

CVE-2026-49316 Indian Scout Bobber 2025 WCM CAN bus-off attack silently bypasses anti-theft shutdown

Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the motorcycle's anti-theft shutdown by forcing the Wireless Control Module WCM into the CAN bus-off state. Using a well-known CAN...

EUVD-2026-33293

Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the motorcycle's anti-theft shutdown by forcing the Wireless Control Module WCM into the CAN bus-off state. Using a well-known CAN...

CVE-2026-49325 Indian Scout Bobber 2025 WCM voltage-based shutdown

Improper handling of physical conditions in the bike-shutdown control of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows a physical attacker with access to the Wireless Control Module WCM wiring harness to bypass the anti-theft shutdown. The WCM signals shutdown to a peer ECU via...

EUVD-2026-33292

Improper handling of physical conditions in the bike-shutdown control of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows a physical attacker with access to the Wireless Control Module WCM wiring harness to bypass the anti-theft shutdown. The WCM signals shutdown to a peer ECU via...

CVE-2026-49325

Improper handling of physical conditions in the bike-shutdown control of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows a physical attacker with access to the Wireless Control Module WCM wiring harness to bypass the anti-theft shutdown. The WCM signals shutdown to a peer ECU via...

CVE-2026-49325 Indian Scout Bobber 2025 WCM voltage-based shutdown

Improper handling of physical conditions in the bike-shutdown control of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows a physical attacker with access to the Wireless Control Module WCM wiring harness to bypass the anti-theft shutdown. The WCM signals shutdown to a peer ECU via...

CVE-2026-49324

Uncontrolled resource consumption in the Wireless Control Module WCM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with write access to the in-vehicle network to permanently immobilize the motorcycle. The WCM enforces a brute-force lockout on the...

CVE-2026-49324

The CVE-2026-49324 affects the Wireless Control Module (WCM) in the Indian Motorcycle Scout Bobber + Tech 2025 model year. The root cause is an exploitable brute‑force lockout that is reachable via any unauthenticated in‑vehicle network message, with no session binding and no reset on power cycle...

CVE-2026-49324 Indian Scout Bobber 2025 WCM brute-force

Uncontrolled resource consumption in the Wireless Control Module WCM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with write access to the in-vehicle network to permanently immobilize the motorcycle. The WCM enforces a brute-force lockout on the...

CVE-2026-49324 Indian Scout Bobber 2025 WCM brute-force

Uncontrolled resource consumption in the Wireless Control Module WCM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with write access to the in-vehicle network to permanently immobilize the motorcycle. The WCM enforces a brute-force lockout on the...