CVE-2026-9490

Affected product: Acer Care Center (ACC Svc). The vulnerability arises because the ACCSvc service creates a Named Pipe with a weak security descriptor, permitting an authenticated local user to connect and send a crafted message (type 0x03). This can trigger the service to crash with exit code 10...

Fedora 44 : python3.15 (2026-2ee2d7abd5)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-2ee2d7abd5 advisory. New prerelease of Python 3.15 with several CVE fixes Tenable has extracted the preceding description block directly from the Fedora security advisor...

Fedora 42 : kernel (2026-b9f338a467)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-b9f338a467 advisory. The 6.19.14-108 stable kernel update contains a couple if important security fixes. Tenable has extracted the preceding description block directly from the...

Fedora 44 : composer (2026-bd05cb6c4d)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-bd05cb6c4d advisory. Version 2.9.8 - 2026-05-13 Security: Fixed GitHub token validation and disclosure GHSA-f9f8-rm49-7jv2 Tenable has extracted the preceding description block...

PT-2026-43021

Name of the Vulnerable Software and Affected Versions Acer Care Center affected versions not specified Description The ACCSvc service creates a Named Pipe with a weak Security Descriptor. This allows an authenticated local user to connect and send a specially crafted message of type 0x03 to the...

RockyLinux 9 : osbuild-composer (RLSA-2026:9044)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:9044 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 Tenable has extracted the preceding description block directly from the RockyLinux...

Advisory ROSA-SA-2026-3287

software: kernel-6.12 6.12.74 WASP: ROSA-CHROME unaffected versions = kernel-6.12-6.12.74-13 affected versions data.opnents field during buffer management. By exploiting the RDS TCP transport SORDSTRANSPORT=2 in conjunction with iouring, a local unprivileged attacker can cause memory corruption a...

RockyLinux 9 : grafana-pcp (RLSA-2026:19184)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19184 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 Tenable has extracted the preceding description block directly from the RockyLinux...

Fedora 43 : pgadmin4 (2026-1545df20ad)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-1545df20ad advisory. Update to pgadmin4-9.15. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Fedora 44 : expat (2026-4ef690dc30)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-4ef690dc30 advisory. Rebase to version 2.8.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

Amazon Linux 2023 : dnsmasq, dnsmasq-utils (ALAS2023-2026-1516)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1516 advisory. dnsmasqs extractname function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an...

Fedora 43 : firefox / nss (2026-cd20332935)

The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-cd20332935 advisory. Update NSS to 3.123.1 Update to Firefox 151.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

CVE-2026-6365

CVE-2026-6365 is an XSS vulnerability in Drupal core caused by improper neutralization of input during web page generation. Affects Drupal core versions: 8.0.0–before 10.5.9, 10.6.0–before 10.6.7, 11.0.0–before 11.2.11, 11.3.0–before 11.3.7. The issue relates to Drupal core’s jQuery integration f...

Advisory ROSA-SA-2026-3278

software: curl 8.7.1 OS: ROSA-CHROME unaffected versions = curl-8.7.1-7 affected versions curl-8.7.1-7 CVE-ID: CVE-2026-3784 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in curl involves incorrectly reusing an existing HTTP proxy connection CONNECT when making requests with different...

MiracleLinux 9 : nginx-1.20.1-24.el9_7.3.ML.1 (AXSA:2026-640:03)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-640:03 advisory. nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 Tenable has extracted the preceding description block directly from the MiracleLinux...

AlmaLinux 10 : ruby (ALSA-2026:18065)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:18065 advisory. erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 Tenable has extracted the preceding description block directly from the AlmaLinux...

Fedora 44 : python-pysam (2026-28858c383e)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-28858c383e advisory. Update pysam Resolves CVE issues Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

Microsoft Security Advisory CVE-2026-35433 – .NET Elevation of Privilege Vulnerability

Executive Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Improper input validation i...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the file ngap/handler.go of the component NGAP Message Handler. This manipulation causes null pointer dereference. Remote exploitation of the attack is possible. The exploit has been made available to the...

PT-2026-41716

Name of the Vulnerable Software and Affected Versions AVideo versions 29.0 and earlier Description An issue exists in the open source video platform where the endpoint "objects/mention.json.php" lacks a User::loginCheck or admin gate. The endpoint only implements an entry guard using preg...