Skip to main content
2026-07-15

2026-07-16

CVE-2026-12907 LOW POC PATCH Monitor

The RTMKit WordPress plugin before 2.0.9 does not perform a proper capability check on one of its -builder AJAX actions, allowing users with at least the Author role to create and activate a site-wide template that overrides the header, footer or other global areas displayed to all visitors, which is normally restricted to administrators.

WordPress Rtmkit Authentication Bypass
NVD WPScan
CVSS 3.1
2.7
EPSS
0.1%
CVE-2026-12906 LOW POC PATCH Monitor

The RTMKit WordPress plugin before 2.0.9 does not perform a capability check in one of its AJAX actions and resolves a request-supplied post identifier directly, allowing users with at least the Contributor role to read the titles of other users' private, draft, pending, scheduled and trashed posts.

WordPress Rtmkit Authentication Bypass
NVD WPScan
CVSS 3.1
2.7
EPSS
0.1%
CVE-2026-47086 LOW Monitor

Unauthorized mailbox access in Cyrus IMAP through 3.12.2 allows any authenticated user to read email from mailboxes they have no ACL permissions on by exploiting the GENURLAUTH command's failure to enforce access controls before issuing URLAUTH tokens. The authorization boundary between mailboxes is effectively eliminated for any user who can name a target mailbox, undermining the server's entire multi-user isolation model. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, though the impact is materially more significant in multi-tenant or shared-server environments than the CVSS score of 3.5 suggests.

Authentication Bypass Cyrus Imap
NVD
CVSS 3.1
3.5
CVE-2026-47087 LOW Monitor

Cyrus IMAP through version 3.12.2 fails to invalidate URLAUTH-minted URLs when the authorizer's access is subsequently revoked, allowing continued unauthorized access to delegated mailbox content. The flaw (CWE-672: Operation on Resource after Expiration or Release) affects the URLAUTH extension defined in RFC 4467, which is designed to let users grant third-party access to mailbox data without sharing credentials. No public exploit code exists and this vulnerability is not listed in CISA KEV; real-world risk is highest in environments with active IMAP delegation workflows where access revocation is security-critical, such as departing employee scenarios.

Information Disclosure Cyrus Imap
NVD
CVSS 3.1
3.5
CVE-2026-35145 LOW Monitor

Missing HSTS header in HCL DFXAnalytics exposes authenticated sessions to protocol downgrade and man-in-the-middle attacks by network-positioned adversaries. All versions per the CPE wildcard are affected, and the application fails to include the Strict-Transport-Security response header, leaving browsers without enforcement of HTTPS-only communication. No active exploitation has been identified (not in CISA KEV) and no public exploit code is known, consistent with the low CVSS score of 3.1.

Information Disclosure Dfxanalytics
NVD VulDB
CVSS 3.1
3.1
CVE-2026-47088 LOW Monitor

Heap over-read in Cyrus IMAP through version 3.12.2 enables authenticated IMAP users to leak server heap memory by submitting a crafted email containing an RFC 822 MIME comment whose final character is a backslash. During message parsing, the server reads past the end of the message buffer into adjacent heap memory and returns the exposed content to the requesting user, resulting in partial, non-deterministic heap disclosure. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis; a fix is referenced in the Cyrus IMAP 3.12.3 release notes.

Buffer Overflow Cyrus Imap
NVD
CVSS 3.1
3.1
CVE-2026-47081 LOW Monitor

Cyrus IMAP through version 3.12.2 contains an authorization flaw in its XAPPLEPUSHSERVICE (XAPS) command that lets authenticated IMAP users enumerate arbitrary mailboxes belonging to other accounts and redirect Apple Push Notification Service alerts about those mailboxes to their own device. The flaw (CWE-863, Incorrect Authorization) does not expose message content - only whether a target mailbox exists and when its modification sequence (modseq) changes - but it enables cross-account probing and unauthorized push subscription in multi-tenant IMAP deployments. No public exploit code has been identified and this vulnerability is not listed in CISA KEV; the low CVSS score of 3.1 is consistent with the limited confidentiality impact and mandatory authentication requirement.

Apple Authentication Bypass Oracle Cyrus Imap
NVD
CVSS 3.1
3.1
CVE-2026-35143 LOW Monitor

Cross-Site Request Forgery exposure in HCL DFXAnalytics arises because session cookies generated during authentication are issued without the SameSite attribute, allowing browsers to attach them to cross-origin requests. An attacker who can lure an authenticated victim to a malicious page may issue forged state-changing requests that the server honors under the victim's identity, provided the application also lacks Anti-CSRF token validation - a condition the CVE description explicitly names as the decisive amplifying factor. No public exploit code has been identified and the vulnerability is not listed in the CISA KEV catalog; real-world risk is further constrained by modern browser defaults (Chrome 80+ and Firefox apply SameSite=Lax by default), high attack complexity, and the required user interaction.

CSRF Information Disclosure Dfxanalytics
NVD VulDB
CVSS 3.1
3.0
CVE-2026-35140 LOW Monitor

HCL DFXAnalytics fails to set the 'secure' attribute on session cookies generated during authentication, enabling a network-positioned attacker to capture session tokens transmitted in cleartext over unencrypted HTTP channels. Authenticated sessions are at risk when traffic traverses a path the attacker can observe, such as shared networks or HTTP downgrade scenarios. No public exploit code has been identified at time of analysis, and CISA has not listed this in the Known Exploited Vulnerabilities catalog.

Information Disclosure Dfxanalytics
NVD VulDB
CVSS 3.1
3.0
CVE-2026-35142 LOW Monitor

Internal IP address exposure in HCL DFXAnalytics allows remote attackers who have obtained high-privilege authenticated access to harvest internal network topology details from generated server responses. The application embeds private IP addresses directly in its output, violating the CWE-200 information boundary and enabling attackers to map internal infrastructure for follow-on targeted attacks. No public exploit code exists and no active exploitation has been confirmed; the CVSS score of 2.6 reflects the significant access prerequisites that substantially limit real-world risk.

Information Disclosure Dfxanalytics
NVD VulDB
CVSS 3.1
2.6
CVE-2026-35141 LOW Monitor

Login replay vulnerability in HCL DFXAnalytics enables a remote attacker in a man-in-the-middle network position to capture and retransmit valid authentication messages, gaining unauthorized access as a legitimate user. The application lacks message-freshness enforcement - no timestamps or nonce mechanisms are applied to bound the validity window of authentication data, a design gap classified under CWE-294. No public exploit code has been identified and the vulnerability is not listed in CISA KEV; the combination of high attack complexity and mandatory user interaction substantially limits realistic exploitation scope.

Authentication Bypass Dfxanalytics
NVD VulDB
CVSS 3.1
2.6

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy