TinaCMS - Path Traversal

TinaCMS CLI 2.1.8 contains a file system read vulnerability caused by disabled Vite server.fs.strict setting, letting unauthenticated attackers read arbitrary files on the host system, exploit requires access to the dev server. id: CVE-2026-29066 info: name: TinaCMS - Path Traversal author:...

CVE-2026-21826

HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the application to behave in unexpected ways...

ROOT-OS-DEBIAN-13-CVE-2026-43309 CVE-2026-43309 in rootio-linux - Patched by Root

Root has patched CVE-2026-43309 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

Photon OS 5.0: Linux PHSA-2026-5.0-0862

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0862. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Slackware Linux 15.0 / current kernel-generic Multiple Vulnerabilities (SSA:2026-152-01)

The version of kernel-generic installed on the remote host is prior to 5.15.209 / 5.15.209smp / 6.12.92 / 6.18.34. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2026-152-01 advisory. New kernel packages are available for Slackware 15.0 and -current to fix securit...

RHEL 9 : qemu-kvm (RHSA-2026:22147)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:22147 advisory. Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the...

RHEL 10 : mod_http2 (RHSA-2026:22528)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:22528 advisory. The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: Apache HTTP...

RHEL 8 : fence-agents (RHSA-2026:22134)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:22134 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable...

Slackware Linux 15.0 / current libinput Vulnerability (SSA:2026-155-02)

The version of libinput installed on the remote host is prior to 1.31.3. It is, therefore, affected by a vulnerability as referenced in the SSA:2026-155-02 advisory. New libinput packages are available for Slackware 15.0 and -current to fix a security issue. Tenable has extracted the preceding...

Fedora 44 : webkitgtk (2026-a63aad0224)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-a63aad0224 advisory. Add support for half-width fonts. Improve content filter compilation by avoiding file copies. Improve handling of out of disk space conditions when...

CVE-2026-38568

HireFlow v1.2 is vulnerable to Incorrect Access Control. The application does not enforce object-level authorization on the /candidate/ and /interview/ endpoints. The route handlers retrieve records by the user-supplied ID without verifying that the requesting user is the owner or has an authoriz...

OESA-2026-2568 wireshark security update

Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless WiFi or Bluetooth networks, USB devices, and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols. Security Fixes: ROHC...

RHSA-2026:23329 Red Hat Security Advisory: kernel security update

Bulletin has no description...

ROOT-OS-UBUNTU-2204-CVE-2026-45956 CVE-2026-45956 in rootio-linux - Patched by Root

Root has patched CVE-2026-45956 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

RockyLinux 10 : openssl (RLSA-2026:22314)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:22314 advisory. openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing CVE-2026-28390 Tenable has extracted the preceding descripti...

Fedora 44 : libre (2026-837d6ef455)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-837d6ef455 advisory. libre v4.8.1 2026-05-28 - fmt/pl: add plstriphtml - sys/fs: add getpwuid fallback for fsgethome - tls: remove unused include rsa.h - ice: check source addres...

Fedora 44 : perl-Crypt-Argon2 / perl-Dist-Build / perl-ExtUtils-Builder / etc (2026-dafdad8fd3)

The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-dafdad8fd3 advisory. Update to 0.031 2477035 2481131 fixes CVE-2026-8463 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note th...

DEBIAN-CVE-2026-11109

Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

AlmaLinux 10 : ruby4.0 (ALSA-2026:20606)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:20606 advisory. ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection CVE-2026-33210 erb: ERB: Arbitrary code execution via...

Fedora 45 : systemd (2026-4280f7beb8)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-4280f7beb8 advisory. Automatic update for systemd-261rc3-1.fc45. Changelog Thu Jun 4 2026 Zbigniew Jdrzejewski-Szmek - 261rc3-1 - Version 261rc3 - Various smaller and larger fixe...