JLSEC-2026-464 Mbed TLS might use cloned PSA random generator states

Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator PRNG...

Fedora 43 : mbedtls (2026-8c332fbf00)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-8c332fbf00 advisory. Update to 3.6.6 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested fo...

Fedora 42 : mbedtls (2026-10443c65e3)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-10443c65e3 advisory. Update to 3.6.6 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested fo...

Fedora 45 : micropython (2026-d619d8d077)

The remote Fedora 45 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d619d8d077 advisory. Automatic update for micropython-1.28.0-1.fc45. Changelog Mon Apr 6 2026 Lumr Balhar - 1.28.0-1 - Update to 1.28.0 - Security fix for CVE-2026-1998 ...

libeverest-3.6.6-1.1 on GA media (moderate)

libeverest-3.6.6-1.1 on GA media Announcement ID: openSUSE-SU-2026:10498-1 Rating: moderate Cross-References: CVE-2026-25833 CVE-2026-25834 CVE-2026-25835 CVE-2026-34871 CVE-2026-34872 CVE-2026-34873 CVE-2026-34874 CVE-2026-34875 CVE-2026-34876 CVE-2026-34877 CVSS scores: CVE-2026-25833 SUSE : 7....

Linux Distros Unpatched Vulnerability : CVE-2026-25835

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator PRNG. CVE-2026-25835 Note that Nessus relies on the presen...

CVE-2026-34876

An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtlsccmfinish in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized taglen parameter. This is caused by missing validation of t...

EUVD-2026-18001

An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator PRNG...

UBUNTU-CVE-2026-25835

Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator PRNG...

CVE-2026-25833

Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509inetptonipv6 function...

CVE-2026-34871

An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator PRNG...

CVE-2026-25833

Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509inetptonipv6 function...

PT-2026-29584

Name of the Vulnerable Software and Affected Versions Mbed TLS versions 3.5.0 through 3.6.5 Description A buffer overflow exists in the x509 inet pton ipv6 function. This issue was addressed in versions 3.6.6 and 4.1.0. Recommendations Update to version 3.6.6 or 4.1.0...

CVE-2026-31894

WeGIA is a web manager for charitable institutions. In 3.6.5, The patched loadBackupDB extracts tar.gz archives to a temporary directory using PHP's PharData class, then uses glob and filegetcontents to read SQL files from the extracted contents. Neither the extraction nor the file reading...

CVE-2026-31896

WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, a critical SQL injection vulnerability exists in the WeGIA application. The removerprodutoocultar.php script uses extract$REQUEST to populate local variables and then directly concatenates these variables into a SQL query...

CVE-2026-33136 WeGIA has Reflected Cross-Site Scripting (XSS) in `listar_memorandos_ativos.php` via `sccd` parameter

WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the listarmemorandosativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the sccd GET parameter, which is then directly echoed into...

EUVD-2026-13682

WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the listarmemorandosativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the sccd GET parameter, which is then directly echoed into...

CVE-2026-33136 WeGIA has Reflected Cross-Site Scripting (XSS) in `listar_memorandos_ativos.php` via `sccd` parameter

WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the listarmemorandosativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the sccd GET parameter, which is then directly echoed into...

CVE-2026-33136

WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the listarmemorandosativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the sccd GET parameter, which is then directly echoed into...

CVE-2026-33136

WeGIA Web Manager (versions ≤ 3.6.6) contains a Reflected XSS in listar_memorandos_ativos.php via the sccd parameter, where $_GET['sccd'] is echoed into the HTML without sanitization. This is triggered when $_GET['msg'] equals 'success' and results in an HTML alert containing the attacker-supplie...