CVE-2026-42758

CVE-2026-42758 is a privilege-escalation vulnerability in the WordPress WebinarIgnition plugin (Saleswonder Team: Tobias WebinarIgnition). The issue is described as Incorrect Privilege Assignment and affects WebinarIgnition versions before 4.08.253. The vulnerability is categorized with a high/cr...

Amazon Linux 2 : kernel, --advisory ALAS2-2026-3289 (ALAS-2026-3289)

The version of kernel installed on the remote host is prior to 4.14.355-281.727. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3289 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too-short AAD...

CVE-2026-41676

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive and PkeyCtxRef::derive sets len = buf.len and passes it as the in/out length to EVPPKEYderive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extra...

Microsoft Edge (Chromium) < 146.0.3856.97 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 146.0.3856.97. It is, therefore, affected by multiple vulnerabilities as referenced in the April 2, 2026 advisory. - Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to...

Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2026-055 (ALASFIREFOX-2026-055)

The version of firefox installed on the remote host is prior to 140.8.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2026-055 advisory. A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted XM...

OpenSSL 3.5.0 < 3.5.6 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.5.6. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.5.6 advisory. - Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group...

Mozilla Thunderbird < 140.7.2

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 140.7.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2026-11 advisory. - Heap buffer overflow in libvpx. This vulnerability affects Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR...

CVE-2025-71132 affecting package kernel for versions less than 6.6.121.1-1

CVE-2025-71132 affecting package kernel for versions less than 6.6.121.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2025-66199 affecting package openssl for versions less than 3.3.5-2

CVE-2025-66199 affecting package openssl for versions less than 3.3.5-2. A patched version of the package is available...

CVE-2026-0897 affecting package keras for versions less than 3.3.3-6

CVE-2026-0897 affecting package keras for versions less than 3.3.3-6. A patched version of the package is available...

CVE-2026-0696 Session Cookies Missing HttpOnly Attribute

In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some scenarios, this could allow client-side scripts access to session cookie values...

Mozilla Firefox ESR < 17.0.6

The version of Firefox ESR installed on the remote Windows host is prior to 17.0.6. It is, therefore, affected by a vulnerability as referenced in the mfsa2013-42 advisory. - Call content level constructor as if from a chrome/privileged pageCVE-2013-1670 CVE-2013-1670 Note that Nessus has not...

FreeBSD : Mozilla -- Use-after-free (a74a1ffc-d6a8-11f0-8e1b-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a74a1ffc-d6a8-11f0-8e1b-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=1840666 reports: Use-after-free in the Audio/Video: GMP...

Mozilla Thunderbird < 52.4

The version of Thunderbird installed on the remote Windows host is prior to 52.4. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-23 advisory. - Mozilla developers and community members Christoph Diehl, Jan de Mooij, Jason Kratzer, Randell Jesup, Tom Ritter,...

Amazon Linux 2 : pam, --advisory ALAS2-2025-3057 (ALAS-2025-3057)

The version of pam installed on the remote host is prior to 1.1.8-23. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3057 advisory. A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit...

CVE-2025-34248

D-Link Nuclias Connect firmware versions 1.3.1.4 contain a directory traversal vulnerability within /api/web/dnc/global/database/deleteBackup due to improper sanitization of the deleteBackupList parameter. This can allow an authenticated attacker to delete arbitrary files impacting the integrity...

FreeBSD : chromium -- multiple security fixes (a60e73e0-7942-11f0-b3f7-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the a60e73e0-7942-11f0-b3f7-a8a1599412c6 advisory. Chrome Releases reports: This update includes 6 security fixes: Tenable has extracted the...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write due to the improper handling of buffer size validations. An attacker can cause a buffer overflow and potentially execute arbitrary code or cause a system crash by supplying crafted input to the affected function. Thi...

AZL-58890 CVE-2025-21762 affecting package kernel for versions less than 5.15.180.1-1

In the Linux kernel, the following vulnerability has been resolved: arp: use RCU protection in arpxmit arpxmit can be called without RTNL or RCU protection. Use RCU protection to avoid potential UAF...

AZL-55851 CVE-2024-57882 affecting package kernel for versions less than 6.6.76.1-1

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix TCP options overflow. Syzbot reported the following splat: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 1 PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range...