CVE-2026-1223 BROWAN COMMUNICATIONS ｜PrismX MX100 AP controller - Insufficiently Protected Credentials

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to allowing authenticated remote attackers to obtain SMTP plaintext passwords through the web frontend...

CVE-2026-1223

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to allowing authenticated remote attackers to obtain SMTP plaintext passwords through the web frontend...

[SECURITY] Fedora 43 Update: exim-4.99.1-1.fc43

Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...

MiracleLinux 4 : thunderbird-78.9.1-1.0.1.AXS4 (AXSA:2021-1692:07)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-1692:07 advisory. Mozilla: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key CVE-2021-23991 Mozilla: A crafted OpenPGP key wit...

MiracleLinux 4 : thunderbird-78.12.0-2.0.1.AXS4 (AXSA:2021-2270:11)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-2270:11 advisory. Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed CVE-2021-29969 Mozilla: Use-after-free in accessibility features ...

PT-2026-3543

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to allowing authenticated remote attackers to obtain SMTP plaintext passwords through the web frontend...

MiracleLinux 8 : thunderbird-102.10.0-2.el8.ML.1 (AXSA:2023-5300:14)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5300:14 advisory. Thunderbird: Revocation status of S/Mime recipient certificates was not checked CVE-2023-0547 Mozilla: Matrix SDK bundled with Thunderbird vulnerabl...

WordPress Quick Contact Form plugin <= 8.2.6 - Unauthenticated Open Mail Relay vulnerability

Unauthenticated Open Mail Relay vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Quick Contact Form versions = 8.2.6...

CVE-2026-23829

CVE-2026-23829 — Mailpit SMTP header injection via regex bypass. Mailpit’s SMTP server (prior to v1.28.3) fails to properly filter control characters in RCPT TO/MAIL FROM addresses due to a regex with an incomplete character class, allowing CR/LF bypass and header injection. The flaw stems from G...

CVE-2025-12718

The Quick Contact Form plugin for WordPress is vulnerable to Open Mail Relay in all versions up to, and including, 8.2.6. This is due to the 'qcfvalidateform' AJAX endpoint allowing a user controlled parameter to set the 'from' email address. This makes it possible for unauthenticated attackers t...

CVE-2025-12718

The Quick Contact Form plugin for WordPress is vulnerable to Open Mail Relay in all versions up to, and including, 8.2.6. This is due to the 'qcfvalidateform' AJAX endpoint allowing a user controlled parameter to set the 'from' email address. This makes it possible for unauthenticated attackers t...

CVE-2025-12718

The Quick Contact Form plugin for WordPress is vulnerable to Open Mail Relay in all versions up to, and including, 8.2.6. This is due to the 'qcfvalidateform' AJAX endpoint allowing a user controlled parameter to set the 'from' email address. This makes it possible for unauthenticated attackers t...

EUVD-2026-3160

The Quick Contact Form plugin for WordPress is vulnerable to Open Mail Relay in all versions up to, and including, 8.2.6. This is due to the 'qcfvalidateform' AJAX endpoint allowing a user controlled parameter to set the 'from' email address. This makes it possible for unauthenticated attackers t...

CVE-2025-12718

CVE-2025-12718 pertains to the Quick Contact Form plugin for WordPress. A vulnerability in the qcf_validate_form AJAX endpoint permits a user-controlled parameter to set the from address, enabling unauthenticated attackers to relay mail through the server to arbitrary recipients (Open Mail Relay)...

CVE-2025-12718 Quick Contact Form <= 8.2.6 - Unauthenticated Open Mail Relay

The Quick Contact Form plugin for WordPress is vulnerable to Open Mail Relay in all versions up to, and including, 8.2.6. This is due to the 'qcfvalidateform' AJAX endpoint allowing a user controlled parameter to set the 'from' email address. This makes it possible for unauthenticated attackers t...

CVE-2025-12718 Quick Contact Form <= 8.2.6 - Unauthenticated Open Mail Relay

The Quick Contact Form plugin for WordPress is vulnerable to Open Mail Relay in all versions up to, and including, 8.2.6. This is due to the 'qcfvalidateform' AJAX endpoint allowing a user controlled parameter to set the 'from' email address. This makes it possible for unauthenticated attackers t...

PT-2026-3337

The Quick Contact Form plugin for WordPress is vulnerable to Open Mail Relay in all versions up to, and including, 8.2.6. This is due to the 'qcf validate form' AJAX endpoint allowing a user controlled parameter to set the 'from' email address. This makes it possible for unauthenticated attackers...

WordPress WP Mail plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin WP Mail versions = 1.3...

MiracleLinux 7 : mutt-1.5.21-28.el7 (AXSA:2018-3300:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2018-3300:01 advisory. mutt: Remote code injection vulnerability to an IMAP mailbox CVE-2018-14354 mutt: Remote Code Execution via backquote characters CVE-2018-14357 mutt...

MiracleLinux 4 : dovecot-2.0.9-22.AXS4.1 (AXSA:2019-4315:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-4315:01 advisory. dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes CVE-2019-11500 Tenable has extracted the precedin...