Malicious code in @atlisp/mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5f4a9667f0a13220de9b838fde4fc16bd5aaa7f79d91f1122725e4799582515 The package's MCP server auto-injects a LISP bootstrap into every CAD command sent through cadSend/cadSendWithResult, plus connectcad's initAtlisp an...

Mozilla Firefox ESR < 140.11

The version of Firefox ESR installed on the remote Windows host is prior to 140.11. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-48 advisory. - Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR...

Microsoft Edge (Chromium) < 148.0.3967.55 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 148.0.3967.55. It is, therefore, affected by multiple vulnerabilities as referenced in the May 11, 2026 advisory. - Insufficient validation of untrusted input in Media in Google Chrome on Android prior to 148.0.7778.96...

Mozilla Firefox ESR < 140.10.2

The version of Firefox ESR installed on the remote Windows host is prior to 140.10.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-41 advisory. - Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. Some of these bug...

Mozilla Firefox < 150.0.2

The version of Firefox installed on the remote Windows host is prior to 150.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-40 advisory. - Memory safety bugs present in Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presum...

Google Chrome < 148.0.7778.96 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 148.0.7778.96. It is, therefore, affected by multiple vulnerabilities as referenced in the 202605stable-channel-update-for-desktop advisory. - Use after free in WebRTC. CVE-2026-7928, CVE-2026-7987, CVE-2026-8016 -...

CVE-2026-25266 Exposed dangerous function in windows host

Memory corruption while processing IOCTL command when device is in power-save state...

CVE-2026-25266 Exposed dangerous function in windows host

Memory corruption while processing IOCTL command when device is in power-save state...

CVE-2026-25266

CVE-2026-25266 describes memory corruption in the IOCTL handling path when the device is in power-save state. The entry notes a local issue with low attack complexity and low privileges required, no user interaction, and a high impact on confidentiality, integrity, and availability per CVSS 3.1 (...

Wireshark 2.6.x < 2.6.16 A Vulnerability

The version of Wireshark installed on the remote Windows host is prior to 2.6.16. It is, therefore, affected by a vulnerability as referenced in the wireshark-2.6.16 advisory. - In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed ...

Wireshark 3.0.x < 3.0.10 A Vulnerability

The version of Wireshark installed on the remote Windows host is prior to 3.0.10. It is, therefore, affected by a vulnerability as referenced in the wireshark-3.0.10 advisory. - In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed ...

Mozilla Thunderbird < 140.10.1

The version of Thunderbird installed on the remote Windows host is prior to 140.10.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-39 advisory. - Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was...

Mozilla Firefox < 150.0.1

The version of Firefox installed on the remote Windows host is prior to 150.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-35 advisory. - Memory safety bugs present in Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory...

Veeam Backup and Replication 12.x < 12.3.2.4465 Multiple Vulnerabilities (KB4830)

The version of Veeam Backup and Replication installed on the remote Windows host is 12.x prior to 12.3.2.4465. It is, therefore, affected by multiple vulnerabilities, including: - A vulnerability allowing an authenticated domain user to perform remote code execution RCE on the Backup Server...

BuildReview2

BuildReview2 - Attack-Path-Driven Windows Host Review A rewri...

Mozilla Firefox < 150.0

The version of Firefox installed on the remote Windows host is prior to 150.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-30 advisory. - Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component. This vulnerability was fixed i...

Mozilla Thunderbird < 150.0

The version of Thunderbird installed on the remote Windows host is prior to 150.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-33 advisory. - Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component. This vulnerability was fix...

Mozilla Firefox ESR < 115.35

The version of Firefox ESR installed on the remote Windows host is prior to 115.35. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-31 advisory. - Integer overflow in the Libraries component in NSS. This vulnerability was fixed in Firefox 148, Firefox ESR 140....

CVE-2026-6482

The Rapid7 Insight Agent versions 4.1.0.2 is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard...

CVE-2026-6482

The Rapid7 Insight Agent versions 4.1.0.2 is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard...