CVE-2026-53632

CVE-2026-53632 affects the npm package launch-editor . Before version 2.14.1, it can open arbitrary paths including Windows UNC paths; when a UNC path is opened Windows triggers NTLM authentication to the remote host, causing the user’s NTLMv2 password hash to be leaked to an attacker-controlled ...

Microsoft Edge (Chromium) < 149.0.4022.80 (CVE-2026-32208)

The version of Microsoft Edge installed on the remote Windows host is prior to 149.0.4022.80. It is, therefore, affected by a vulnerability as referenced in the June 18, 2026 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported...

Mozilla Thunderbird < 140.12

The version of Thunderbird installed on the remote Windows host is prior to 140.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-61 advisory. - Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox E...

Mozilla Firefox ESR < 115.37

The version of Firefox ESR installed on the remote Windows host is prior to 115.37. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-59 advisory. - Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and...

7-Zip >= 9.11 < 26.01 UDF OOB Read (GHSL-2026-115_GHSL-2026-122)

The version of 7-Zip installed on the remote Windows host is = 9.11 and prior to 26.01. It is, therefore, affected by multiple vulnerabilities: - An out-of-bounds read exists in 7-Zip's UDF field handling, which can lead to a crash when processing a crafted UDF image. CVE-2026-48102 - A path...

Malicious code in @atlisp/mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5f4a9667f0a13220de9b838fde4fc16bd5aaa7f79d91f1122725e4799582515 The package's MCP server auto-injects a LISP bootstrap into every CAD command sent through cadSend/cadSendWithResult, plus connectcad's initAtlisp an...

Mozilla Firefox ESR < 140.11

The version of Firefox ESR installed on the remote Windows host is prior to 140.11. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-48 advisory. - Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR...

Microsoft Edge (Chromium) < 148.0.3967.55 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 148.0.3967.55. It is, therefore, affected by multiple vulnerabilities as referenced in the May 11, 2026 advisory. - Insufficient validation of untrusted input in Media in Google Chrome on Android prior to 148.0.7778.96...

Mozilla Firefox ESR < 140.10.2

The version of Firefox ESR installed on the remote Windows host is prior to 140.10.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-41 advisory. - Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. Some of these bug...

Mozilla Firefox < 150.0.2

The version of Firefox installed on the remote Windows host is prior to 150.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-40 advisory. - Memory safety bugs present in Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presum...

Google Chrome < 148.0.7778.96 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 148.0.7778.96. It is, therefore, affected by multiple vulnerabilities as referenced in the 202605stable-channel-update-for-desktop advisory. - Use after free in WebRTC. CVE-2026-7928, CVE-2026-7987, CVE-2026-8016 -...

CVE-2026-25266 Exposed dangerous function in windows host

Memory corruption while processing IOCTL command when device is in power-save state...

CVE-2026-25266 Exposed dangerous function in windows host

Memory corruption while processing IOCTL command when device is in power-save state...

CVE-2026-25266

CVE-2026-25266 describes memory corruption in the IOCTL handling path when the device is in power-save state. The entry notes a local issue with low attack complexity and low privileges required, no user interaction, and a high impact on confidentiality, integrity, and availability per CVSS 3.1 (...

Wireshark 2.6.x < 2.6.16 A Vulnerability

The version of Wireshark installed on the remote Windows host is prior to 2.6.16. It is, therefore, affected by a vulnerability as referenced in the wireshark-2.6.16 advisory. - In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed ...

Wireshark 3.0.x < 3.0.10 A Vulnerability

The version of Wireshark installed on the remote Windows host is prior to 3.0.10. It is, therefore, affected by a vulnerability as referenced in the wireshark-3.0.10 advisory. - In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed ...

Mozilla Thunderbird < 140.10.1

The version of Thunderbird installed on the remote Windows host is prior to 140.10.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-39 advisory. - Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was...

Mozilla Firefox < 150.0.1

The version of Firefox installed on the remote Windows host is prior to 150.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-35 advisory. - Memory safety bugs present in Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory...

Veeam Backup and Replication 12.x < 12.3.2.4465 Multiple Vulnerabilities (KB4830)

The version of Veeam Backup and Replication installed on the remote Windows host is 12.x prior to 12.3.2.4465. It is, therefore, affected by multiple vulnerabilities, including: - A vulnerability allowing an authenticated domain user to perform remote code execution RCE on the Backup Server...

BuildReview2

BuildReview2 - Attack-Path-Driven Windows Host Review A rewri...