PT-2026-28711

Name of the Vulnerable Software and Affected Versions wandb OpenUI versions up to 0.0.0.0/1.0 Description A security issue exists in wandb OpenUI related to hard-coded credentials. The manipulation of the LITELLM MASTER KEY argument within the file backend/openui/config.py can lead to exposure of...

Fedora 44 : suricata (2026-45a7e37b8a)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-45a7e37b8a advisory. Upstream security/bugfix release. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Fedora 44 : mongo-c-driver (2026-508009213f)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-508009213f advisory. - Fix handling in HTTP response parser CVE-2026-4359 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

Fedora 44 : rust-cargo-c (2026-ad73d6fafe)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-ad73d6fafe advisory. Rebuilt with rust-tar 0.4.45 for CVE-2026-33056 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

Fedora 43 : python3.6 (2026-1a816eeca2)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-1a816eeca2 advisory. Security fix for CVE-2026-4519. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

CVE-2026-33874 Authenticator vulnerable to Remote Code Execution

Gematik Authenticator securely authenticates users for login to digital health applications. Starting in version 4.12.0 and prior to version 4.16.0, the Mac OS version of the Authenticator is vulnerable to remote code execution, triggered when victims open a malicious file. Update the gematik...

PT-2026-28673

Name of the Vulnerable Software and Affected Versions Shenzhen Ruiming Technology Streamax Crocus versions up to 1.3.44 Description A security issue exists in Shenzhen Ruiming Technology Streamax Crocus. The issue involves a SQL injection affecting an unknown function within the /RemoteFormat.do...

CVE-2026-33530

The CVE affects InvenTree prior to version 1.2.6, where bulk data API endpoints (e.g., /api/part/, /api/stock/, /api/order/so/allocation/, etc.) accept a filters parameter that is passed directly to Django queryset.filter(**filters) without any field allowlisting. This allows an authenticated use...

EUVD-2026-16319

Zen C is a systems programming language that compiles to human-readable GNU C/C11. Prior to version 0.4.4, a stack-based buffer overflow vulnerability in the Zen C compiler allows attackers to cause a compiler crash or potentially execute arbitrary code by providing a specially crafted Zen C sour...

PT-2026-28398

Name of the Vulnerable Software and Affected Versions FuelCMS version 1.5.2 Description An issue exists in the /parser/dwoo component that allows attackers to execute arbitrary code through crafted PHP code. The affected component is susceptible to code execution when processing specially designe...

PT-2026-28285

Name of the Vulnerable Software and Affected Versions Small HTTP Server version 3.06.36 Description An authenticated path traversal issue exists in the Small HTTP Server service. A remote user can bypass the intended restrictions of the SecurityManager and potentially display any file if they hav...

PT-2026-28399

Name of the Vulnerable Software and Affected Versions Daylight Studio FuelCMS version 1.5.2 Description An issue exists in Daylight Studio FuelCMS version 1.5.2 that allows attackers to obtain users' password reset tokens through a mail splitting attack. A mail splitting attack involves...

PT-2026-28650

Name of the Vulnerable Software and Affected Versions code-projects Simple Laundry System version 1.0 Description A cross site scripting issue exists in the Parameter Handler component of code-projects Simple Laundry System. The issue is related to the manipulation of the firstName argument withi...

Debian: Security Advisory (DLA-4509-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 43 : vim (2026-a05ac070cd)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-a05ac070cd advisory. patchlevel 240 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

Fedora 44 : headscale (2026-76033f35ea)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-76033f35ea advisory. update to 0.28.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

RockyLinux 9 : libarchive (RLSA-2026:5080)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:5080 advisory. libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archivereaddata in libarchive CVE-2026-4111 Tenable has extracted the preceding description...

Ubuntu: Security Advisory (USN-8098-8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-8112-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2026-5c75eb75d1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...