Amazon Linux 2 : amazon-ecr-credential-helper, --advisory ALAS2NITRO-ENCLAVES-2026-095 (ALASNITRO-ENCLAVES-2026-095)

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.12.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-095 advisory. url.Parse insufficiently validated the host/authority component and accepted some inval...

FreeBSD : chromium -- security fixes (1dc2aae1-0793-4dbd-8548-e63ae0e1bdaf)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 1dc2aae1-0793-4dbd-8548-e63ae0e1bdaf advisory. Chrome Releases reports: This update includes 21 security fixes: Tenable has extracted the...

PT-2026-28790

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /newsletter/image/images API endpoint is vulnerable to path traversal, allowing unauthenticated attackers to read arbitrary files from the application server's filesystem. This issue has be...

TencentOS Server 2: python3 (TSSA-2026:0176)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0176 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

CVE-2025-38630 affecting package kernel for versions less than 5.15.200.1-1

CVE-2025-38630 affecting package kernel for versions less than 5.15.200.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2025-23143 affecting package kernel for versions less than 5.15.200.1-1

CVE-2025-23143 affecting package kernel for versions less than 5.15.200.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2025-40164 affecting package kernel for versions less than 5.15.200.1-1

CVE-2025-40164 affecting package kernel for versions less than 5.15.200.1-1. An upgraded version of the package is available that resolves this issue...

Amazon Linux 2 : amazon-cloudwatch-agent, --advisory ALAS2-2026-3174 (ALAS-2026-3174)

The version of amazon-cloudwatch-agent installed on the remote host is prior to 1.300064.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3174 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported...

CVE-2026-1578 HP App – Potential Cross-Site Scripting

HP App for Android is potentially vulnerable to cross-site scripting XSS when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities...

CVE-2026-1578 HP App – Potential Cross-Site Scripting

HP App for Android is potentially vulnerable to cross-site scripting XSS when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities...

PT-2026-7994

HP App for Android is potentially vulnerable to cross-site scripting XSS when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20230302.103100)

The version of AHV installed on the remote host is prior to 20230302.102005. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20230302.103100 advisory. - A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf...

HP App – Potential Cross-Site Scripting

HP App for Android is potentially vulnerable to cross-site scripting XSS when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities. Update your application...

JetBrains Hub 访问控制错误漏洞

JetBrains Hub is a web-based application developed by Czech company JetBrains. This program allows for the integration of various JetBrains tools. Versions of JetBrains Hub prior to 2025.3.119807 contained a access control vulnerability caused by an authentication bypass, which could lead to the...

CVE-2026-24940 WordPress Travelfic Toolkit plugin <= 1.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themefic Travelfic Toolkit travelfic-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travelfic Toolkit: from n/a through = 1.3.3...

Azure Linux 3.0 Security Update: pcp (CVE-2024-45770)

The version of pcp installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-45770 advisory. - A vulnerability was found in Performance Co-Pilot PCP. This flaw can only be exploited if an attacker has acces...

AZL-74778 CVE-2026-0992 affecting package libxml2 for versions less than 2.10.4-10

A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to...

PT-2026-1950

Name of the Vulnerable Software and Affected Versions Broadcom DX NetOps Spectrum versions 24.3.9 and earlier Description The software has a flaw due to reliance on a vulnerable third-party component, which allows for DOM-Based Cross-Site Scripting XSS. DOM-Based XSS occurs when client-side scrip...

Amazon Linux 2 : oci-add-hooks, --advisory ALAS2DOCKER-2025-091 (ALASDOCKER-2025-091)

The version of oci-add-hooks installed on the remote host is prior to 0-0.6.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-091 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdoma...

Amazon Linux 2 : docker, --advisory ALAS2DOCKER-2025-089 (ALASDOCKER-2025-089)

The version of docker installed on the remote host is prior to 25.0.13-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2025-089 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate...