Gladinet Triofox Agent is a software solution for secure, remote, and mobile access to file servers.

The version of Microsoft Edge installed on the remote Windows host is prior to 143.0.3650.139. It is, therefore, affected by a vulnerability as referenced in the January 9, 2026 advisory.

  - Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an     attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged     page via a crafted Chrome Extension. (Chromium security severity: High) (CVE-2026-0628)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to its self-reported version, the Trend Micro Apex Central application installed on the remote Windows host is prior to Build 7190. It is, therefore, affected by multiple vulnerabilities as described in Trend Micro Solution ID KA-0022071:

  - A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an     attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of     SYSTEM on affected installations. (CVE-2025-69258)   
  - A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to     create a denial-of-service condition on affected installations. Please note: authentication is not required in order     to exploit this vulnerability. (CVE-2025-69259)

  - A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a     denial-of-service condition on affected installations. Please note: authentication is not required in order to     exploit this vulnerability. (CVE-2025-69260)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version   number.

The version of Veeam Backup and Replication installed on the remote Windows host is prior to 13.0.1.1071. It is, therefore, affected by multiple vulnerabilities:

  - This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by     creating a malicious backup configuration file. (CVE-2025-55125)

  - This vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the postgres     user by sending a malicious password parameter. (CVE-2025-59468)

  - This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as the     postgres user by sending a malicious interval or order parameter. (CVE-2025-59470)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its self-reported version, the Tenable Nessus Agent running on the remote host is prior to 10.9.3 or 11.0.3. It is, therefore, affected by a Privilege Escalation Vulnerability as referenced in the TNS-2026-01 advisory.

  - A vulnerability has been identified in the installation/uninstallation of the Nessus Agent Tray App on Windows     Hosts which could lead to escalation of privileges. (CVE-2025-36640)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Microsoft Entra Cloud Sync, a cloud integration tool for Microsoft Entra ID, is installed on the remote Windows host.

The version of JetBrains Rider installed on the remote host is prior to 2025.2.5. It is, therefore, affected by a local privilege escalation vulnerability:

  - In JetBrains ReSharper, Rider and dotTrace before 2025.2.5 local privilege escalation was possible via race     condition. (CVE-2025-64457)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Autodesk Shared Components installed on the remote Windows host is 2026.4 or earlier. It is, therefore, affected by multiple vulnerabilities.

  - A maliciously crafted SLDPRT file, when parsed through certain Autodesk products, can force a memory corruption     vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the     current process. (CVE-2025-9452)

  - A maliciously crafted CATPRODUCT file, when parsed through certain Autodesk products, can force a heap-based overflow     vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute     arbitrary code in the context of the current process. (CVE-2025-10881)

  - A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an out-of-bounds write     vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute     arbitrary code in the context of the current process. (CVE-2025-10884)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of National Instruments (NI) LabVIEW installed on the remote Windows host is affected by multiple memory corruption vulnerabilities that may result in information disclosure or arbitrary code execution, including the following:

  - There is an out of bounds write vulnerability in NI LabVIEW in mgocre_SH_25_3!RevBL() when parsing a     corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution.
    Successful exploitation requires an attacker to get a user to open a specially crafted VI. (CVE-2025-64461)

  - There is an out of bounds read vulnerability in NI LabVIEW in LVResFile::RGetMemFileHandle() when     parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary     code execution. Successful exploitation requires an attacker to get a user to open a specially crafted     VI. (CVE-2025-64462)

  - There is an out of bounds read vulnerability in NI LabVIEW in LVResource::DetachResource() when     parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary     code execution. Successful exploitation requires an attacker to get a user to open a specially crafted     VI. (CVE-2025-64463)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote Windows host is prior to 143.0.7499.192. It is, therefore, affected by a vulnerability as referenced in the 2026_01_stable-channel-update-for-desktop advisory.

  - Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an     attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged     page via a crafted Chrome Extension. (Chromium security severity: High) (CVE-2026-0628)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Elastic Beats filebeat installed on the remote host is 7.0.x prior to 8.19.9, 9.0.x prior to 9.1.9, 9.2.x prior to 9.2.3. It is, therefore, affected by multiple vulnerabilities. 

    - Improper Bounds Check (CWE-787) in Packetbeat can allow a remote unauthenticated attacker to exploit a       Buffer Overflow (CAPEC-100) and reliably crash the application or cause significant resource       exhaustion via a single crafted UDP packet with an invalid fragment sequence number. (CVE-2025-68381)

    - Out-of-bounds read (CWE-125) allows an unauthenticated remote attacker to perform a buffer overflow       (CAPEC-100) via the NFS protocol dissector, leading to a denial-of-service (DoS) through a reliable       process crash when handling truncated XDR-encoded RPC messages. (CVE-2025-68382)

    - Improper Validation of Specified Index, Position, or Offset in Input (CWE-1285) in Filebeat Syslog       parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow (CAPEC-100) and       cause a denial of service (panic/crash) of the Filebeat process via either a malformed Syslog message       or a malicious tokenizer pattern in the Dissect configuration. (CVE-2025-68383)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Microsoft Windows 11 22H2 Education is no longer maintained by its vendor or provider.
Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities.

Microsoft Windows 11 22H2 Enterprise is no longer maintained by its vendor or provider.
Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities.

Autodesk Shared Components is installed on the remote Windows host.

Microsoft Azure Guest Agent is installed on the remote Windows host.

OpenPLC ScadaBR is installed on the remote Windows host.

ScadaBR is a SCADA (Supervisory Control and Data Acquisition) system with applications in Process Control and Automation, being developed and distributed using the open source model.

HCL AppScan Source is installed on the remote Windows host.

The remote Windows host contains an installation of Dell SupportAssist that is affected by an elevation of privilege vulnerability:

  - Dell SupportAssist for Home PCs (versions 4.8.2.29006 and prior) and Dell SupportAssist for Business   PCs (versions 4.9.0.40943 and prior) contain a UNIX Symbolic Link (Symlink) Following vulnerability. A low   privileged attacker with local access could potentially exploit this vulnerability by creating symbolic   links to point to files with higher permissions, leading to an elevation of privileges.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Microsoft Edge installed on the remote Windows host is prior to 143.0.3650.96. It is, therefore, affected by multiple vulnerabilities as referenced in the December 18, 2025 advisory.

  - Out of bounds read and write in V8 in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)     (CVE-2025-14766)

  - Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2025-14765)

  - Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2025-65046)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote Windows host is prior to 1.5.0.4. It is, therefore, affected by a vulnerability as referenced in the mfsa2006-31 advisory.

  - EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges     via javascript that calls the valueOf method on objects that were created outside of the sandbox.
    (CVE-2006-2787)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote Windows host is prior to 10.0. It is, therefore, affected by a vulnerability as referenced in the mfsa2012-06 advisory.

  - Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly     initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially     sensitive information by reading a PNG image that was created through conversion from an ICO image.
    (CVE-2012-0447)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 3.0.6. It is, therefore, affected by a vulnerability as referenced in the mfsa2009-02 advisory.

  - Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers     to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site     scripting (XSS) attacks, via vectors involving a chrome XBL method and the window.eval function.
    (CVE-2009-0354)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote Windows host is prior to 17.0.5. It is, therefore, affected by a vulnerability as referenced in the mfsa2013-40 advisory.

  - CERTDecodeCertPackage reads bytes outside the input buffer(CVE-2013-0791) (CVE-2013-0791)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 2.0.0.8. It is, therefore, affected by a vulnerability as referenced in the mfsa2007-33 advisory.

  - Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the window's titlebar when displaying     XUL markup language documents, which makes it easier for remote attackers to conduct phishing and spoofing     attacks by setting the hidechrome attribute. (CVE-2007-5334)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote Windows host is prior to 1.0.8. It is, therefore, affected by a vulnerability as referenced in the mfsa2006-18 advisory.

  - https://bugzilla.mozilla.org/showbug.cgi?id=269095CVE-2006-0749 (CVE-2006-0749)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote Windows host is prior to 3.0.7. It is, therefore, affected by a vulnerability as referenced in the mfsa2010-63 advisory.

  - Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and     SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest     objects, which allows remote attackers to discover the existence of intranet web servers via cross-origin     requests. (CVE-2010-2764)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 3.5.6. It is, therefore, affected by a vulnerability as referenced in the mfsa2009-68 advisory.

  - Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers     to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser     user. (CVE-2009-3983)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 3.0.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2009-34 advisory.

  - The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a     denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors     related to (1) nsDOMClassInfo.cpp, (2) JS_HashTableRawLookup, and (3) MirrorWrappedNativeParent and     js_LockGCThingRT. (CVE-2009-2466)

  - Mozilla Firefox before 3.0.12 and Thunderbird allow remote attackers to cause a denial of service (memory     corruption and application crash) or execute arbitrary code via vectors involving double frame     construction, related to (1) nsHTMLContentSink.cpp, (2) nsXMLContentSink.cpp, and (3) nsPresShell.cpp, and     the nsSubDocumentFrame::Reflow function. (CVE-2009-2465)

  - The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a     denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors     related to (1) the frame chain and synchronous events, (2) a SetMayHaveFrame assertion and     nsCSSFrameConstructor::CreateFloatingLetterFrame, (3) nsCSSFrameConstructor::ConstructFrame, (4) the child     list and initial reflow, (5) GetLastSpecialSibling, (6) nsFrameManager::GetPrimaryFrameFor and MathML, (7)     nsFrame::GetBoxAscent, (8) nsCSSFrameConstructor::AdjustParentFrame, (9) nsDOMOfflineResourceList, and     (10) nsContentUtils::ComparePosition. (CVE-2009-2462)

  - Multiple integer overflows in the (1) PL_Base64Decode and (2) PL_Base64Encode functions in     nsprpub/lib/libc/src/base64.c in Mozilla Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey     before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application     crash) or possibly execute arbitrary code via unspecified vectors that trigger buffer overflows.
    (CVE-2009-2463)

  - The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3.0.12, SeaMonkey     2.0a1pre, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and     application crash) or possibly execute arbitrary code via vectors related to loading multiple RDF files in     a XUL tree element. (CVE-2009-2464)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 10.0. It is, therefore, affected by a vulnerability as referenced in the mfsa2012-06 advisory.

  - Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly     initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially     sensitive information by reading a PNG image that was created through conversion from an ICO image.
    (CVE-2012-0447)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 1.0.8. It is, therefore, affected by a vulnerability as referenced in the mfsa2006-18 advisory.

  - https://bugzilla.mozilla.org/showbug.cgi?id=269095CVE-2006-0749 (CVE-2006-0749)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 2.0.0.19. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2008-68 advisory.

  - Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19,     Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary     JavaScript with chrome privileges via unknown vectors in which page content can pollute     XPCNativeWrappers. (CVE-2008-5512)

  - Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey     1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site     scripting (XSS) attacks via an XBL binding to an unloaded document. (CVE-2008-5511)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird ESR installed on the remote Windows host is prior to 17.0.6. It is, therefore, affected by a vulnerability as referenced in the mfsa2013-42 advisory.

  - Call content level constructor as if from a chrome/privileged page(CVE-2013-1670) (CVE-2013-1670)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 3.6. It is, therefore, affected by a vulnerability as referenced in the mfsa2010-05 advisory.

  - Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly     support the application/octet-stream content type as a protection mechanism against execution of web     script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to     bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document.
    (CVE-2010-0162)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote Windows host is prior to 8.0. It is, therefore, affected by a vulnerability as referenced in the mfsa2011-51 advisory.

  - Mozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do not properly interact with the GPU     memory behavior of a certain driver for Intel integrated GPUs, which allows remote attackers to bypass the     Same Origin Policy and read image data via vectors related to WebGL textures. (CVE-2011-3653)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote Windows host is prior to 17.0.6. It is, therefore, affected by a vulnerability as referenced in the mfsa2013-42 advisory.

  - Call content level constructor as if from a chrome/privileged page(CVE-2013-1670) (CVE-2013-1670)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 3.5.4. It is, therefore, affected by a vulnerability as referenced in the mfsa2009-55 advisory.

  - Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to     execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file.
    (CVE-2009-3372)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 1.5.0.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2006-57 advisory.

  - https://bugzilla.mozilla.org/showbug.cgi?id=346794CVE-2006-4566 (CVE-2006-4566)

  - https://bugzilla.mozilla.org/showbug.cgi?id=346090CVE-2006-4565 (CVE-2006-4565)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 3.0.16. It is, therefore, affected by a vulnerability as referenced in the mfsa2009-68 advisory.

  - Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers     to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser     user. (CVE-2009-3983)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote Windows host is prior to 17.0.5. It is, therefore, affected by a vulnerability as referenced in the mfsa2013-40 advisory.

  - CERTDecodeCertPackage reads bytes outside the input buffer(CVE-2013-0791) (CVE-2013-0791)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 3.6.9. It is, therefore, affected by a vulnerability as referenced in the mfsa2010-63 advisory.

  - Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and     SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest     objects, which allows remote attackers to discover the existence of intranet web servers via cross-origin     requests. (CVE-2010-2764)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 19.0. It is, therefore, affected by a vulnerability as referenced in the mfsa2013-22 advisory.

  - out-of-bounds-read in mozilla::image::RasterImage::DrawFrameTo(CVE-2013-0772) (CVE-2013-0772)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 7.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2011-41 advisory.

  - Mozilla Firefox before 7.0 and SeaMonkey before 2.4 allow remote attackers to cause a denial of service     (application crash) or possibly execute arbitrary code via an unspecified WebGL test case that triggers a     memory-allocation error and a resulting out-of-bounds write operation. (CVE-2011-3003)

  - Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 7.0 and SeaMonkey before     2.4, does not validate the return value of a GrowAtomTable function call, which allows remote attackers to     cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger     a memory-allocation error and a resulting buffer overflow. (CVE-2011-3002)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 22.0. It is, therefore, affected by a vulnerability as referenced in the mfsa2013-54 advisory.

  - Do not send data XHR HEAD request(CVE-2013-1692) (CVE-2013-1692)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 21.0. It is, therefore, affected by a vulnerability as referenced in the mfsa2013-42 advisory.

  - Call content level constructor as if from a chrome/privileged page(CVE-2013-1670) (CVE-2013-1670)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 3.0.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2008-68 advisory.

  - Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19,     Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary     JavaScript with chrome privileges via unknown vectors in which page content can pollute     XPCNativeWrappers. (CVE-2008-5512)

  - Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey     1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site     scripting (XSS) attacks via an XBL binding to an unloaded document. (CVE-2008-5511)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 2.0.0.12. It is, therefore, affected by a vulnerability as referenced in the mfsa2008-10 advisory.

  - Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the     .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote     attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as     with Single-Signon systems. (CVE-2008-0593)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 146.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-98 advisory.

  - Memory safety bugs present in Firefox 146. Some of these bugs showed evidence of memory corruption and we     presume that with enough effort some of these could have been exploited to run arbitrary code.
    (CVE-2025-14861)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote Windows host is prior to 2.0.0.19. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2008-68 advisory.

  - Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19,     Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary     JavaScript with chrome privileges via unknown vectors in which page content can pollute     XPCNativeWrappers. (CVE-2008-5512)

  - Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey     1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site     scripting (XSS) attacks via an XBL binding to an unloaded document. (CVE-2008-5511)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 2.0.0.15. It is, therefore, affected by a vulnerability as referenced in the mfsa2008-24 advisory.

  - Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow     remote attackers to execute arbitrary code via an XUL document that includes a script from a chrome: URI     that points to a fastload file, related to this file's privilege level. (CVE-2008-2802)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Thunderbird ESR installed on the remote Windows host is prior to 17.0.7. It is, therefore, affected by a vulnerability as referenced in the mfsa2013-54 advisory.

  - Do not send data XHR HEAD request(CVE-2013-1692) (CVE-2013-1692)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Severity
282577	Gladinet Triofox Agent Installed (Windows)	info
282534	Microsoft Edge (Chromium) < 143.0.3650.139 (CVE-2026-0628)	high
282525	Trend Micro Apex Central < Build 7190 Multiple Vulnerabilities (KA-0022071)	critical
282518	Veeam Backup and Replication < 13.0.1.1071 Multiple Vulnerabilities (January 2026) (KB4792)	critical
282477	Tenable Nessus Agent < 10.9.3 / 11.x < 11.0.3 Privilege Escalation Vulnerability (TNS-2026-01)	high
282476	Microsoft Entra Cloud Sync Installed (Windows)	info
282473	JetBrains Rider < 2025.2.5 Local Privilege Escalation	high
282472	Autodesk Shared Components < 2026.5 Multiple Vulnerabilities (adsk-sa-2025-0024)	high
282314	National Instruments LabVIEW 2022 < 2022 Q3 Patch 7 / 2023 < 2023 Q3 Patch 8 / 2024 Q3 Patch 5 / 20205 < 2025 Q3 Patch 3 Multiple Vulnerabilities	high
281894	Google Chrome < 143.0.7499.192 Vulnerability	high
281874	Elastic Beats filebeat 7.0.x < 8.19.9 / 9.0.x < 9.1.9 / 9.2.x 9.2.3 Multiple Vulnerabilities	medium
281612	Microsoft Windows 11 22H2 Education SEoL	low
281611	Microsoft Windows 11 22H2 Enterprise SEoL	low
280328	Autodesk Shared Components Installed (Windows)	info
280146	Microsoft Azure Guest Agent Installed (Windows)	info
279636	OpenPLC ScadaBR Installed (Windows)	info
279544	HCL AppScan Source Installed (Windows)	info
279409	Dell SupportAssist Privilege Escalation (DSA-2025-445)	medium
279262	Microsoft Edge (Chromium) < 143.0.3650.96 Multiple Vulnerabilities	high
279243	Mozilla Thunderbird < 1.5.0.4	critical
279241	Mozilla Thunderbird < 10.0	medium
279238	Mozilla Firefox < 3.0.6	medium
279236	Mozilla Firefox ESR < 17.0.5	high
279235	Mozilla Firefox < 2.0.0.8	medium
279232	Mozilla Thunderbird < 1.0.8	high
279231	Mozilla Thunderbird < 3.0.7	high
279230	Mozilla Firefox < 3.5.6	critical
279229	Mozilla Firefox < 3.0.12	high
279226	Mozilla Firefox < 10.0	medium
279224	Mozilla Firefox < 1.0.8	high
279223	Mozilla Firefox < 2.0.0.19	medium
279222	Mozilla Thunderbird ESR < 17.0.6	medium
279221	Mozilla Firefox < 3.6	medium
279220	Mozilla Thunderbird < 8.0	high
279218	Mozilla Thunderbird < 17.0.6	medium
279217	Mozilla Firefox < 3.5.4	critical
279216	Mozilla Firefox < 1.5.0.7	high
279211	Mozilla Firefox < 3.0.16	critical
279207	Mozilla Thunderbird < 17.0.5	high
279200	Mozilla Firefox < 3.6.9	high
279199	Mozilla Firefox < 19.0	high
279195	Mozilla Firefox < 7.0	critical
279193	Mozilla Firefox < 22.0	high
279192	Mozilla Firefox < 21.0	medium
279190	Mozilla Firefox < 3.0.5	medium
279187	Mozilla Firefox < 2.0.0.12	high
279186	Mozilla Firefox < 146.0.1	critical
279184	Mozilla Thunderbird < 2.0.0.19	medium
279183	Mozilla Firefox < 2.0.0.15	critical
279182	Mozilla Thunderbird ESR < 17.0.7	high

Detections

Analytics

Windows Family for Nessus

info

high

critical

critical

high

info

high

high

high

high

medium

low

low

info

info

info

info

medium

high

critical

medium

medium

high

medium

high

high

critical

high

medium

high

medium

medium

medium

high

medium

critical

high

critical

high

high

high

critical

high

medium

medium

high

critical

medium

critical

high