Linux Distros Unpatched Vulnerability : CVE-2026-49271

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offse...

Linux Distros Unpatched Vulnerability : CVE-2026-49346

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit...

Linux Distros Unpatched Vulnerability : CVE-2026-48933

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js WebCrypto implementation can crash the process if the input of subtle.encrypt is a multiple of 2GiB. This vulnerability affects all supported...

Linux Distros Unpatched Vulnerability : CVE-2026-45696

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11...

Linux Distros Unpatched Vulnerability : CVE-2026-48619

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client. This...

Linux Distros Unpatched Vulnerability : CVE-2026-42530

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticate...

Linux Distros Unpatched Vulnerability : CVE-2026-48818

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows CVE-2026-48818 Note that Nessus relies on the presence of the package as...

Linux Distros Unpatched Vulnerability : CVE-2026-48930

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings...

Linux Distros Unpatched Vulnerability : CVE-2026-55392

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfssbisvalid function fails to validate slogblocksize field in NILFS2 superblock before bit-shift...

Linux Distros Unpatched Vulnerability : CVE-2026-55202

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthenticated attackers to...

Linux Distros Unpatched Vulnerability : CVE-2026-44691

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files e.g. .theia/tasks.json, .vscode/tasks.json could be executed without...

Linux Distros Unpatched Vulnerability : CVE-2026-48618

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver an...

Linux Distros Unpatched Vulnerability : CVE-2026-48821

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a DOM-based Cross-Site Scripting XSS vulnerability in the Thumbnail Synchronizer...

Linux Distros Unpatched Vulnerability : CVE-2026-53488

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - containerd - None CVE-2026-53488 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenable,...

Linux Distros Unpatched Vulnerability : CVE-2026-52908

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA: During reregmr ensure that REREGACCESS is compatible If IBMRREREGACCESS changes from RO to RW then the umem has to be re-evaluated to ensure it is properl...

Linux Distros Unpatched Vulnerability : CVE-2026-47262

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - containerd image-triggered runtime DoS via unbounded group parsing CVE-2026-47262 Note that Nessus relies on the presence of the package as reported by the...

Linux Distros Unpatched Vulnerability : CVE-2026-47178

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - libheif - None Ubuntu Linux - Unknown description CVE-2026-47178 Note that Nessus relies on the presence of the package as reported by the vendor...

Linux Distros Unpatched Vulnerability : CVE-2026-12442

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Passwords in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page...

Linux Distros Unpatched Vulnerability : CVE-2026-53614

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - util-linux - None Ubuntu Linux - Local Privilege Escalation via LIBMOUNTFORCEMOUNT2 Environment Variable - nosuid/noexec Bypass in SUID mount8...

Linux Distros Unpatched Vulnerability : CVE-2026-12305

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...