ROOT-OS-UBUNTU-2204-CVE-2026-45956 CVE-2026-45956 in rootio-linux - Patched by Root

Root has patched CVE-2026-45956 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

TinaCMS - Path Traversal

TinaCMS CLI 2.1.8 contains a file system read vulnerability caused by disabled Vite server.fs.strict setting, letting unauthenticated attackers read arbitrary files on the host system, exploit requires access to the dev server. id: CVE-2026-29066 info: name: TinaCMS - Path Traversal author:...

ROOT-OS-DEBIAN-13-CVE-2026-43309 CVE-2026-43309 in rootio-linux - Patched by Root

Root has patched CVE-2026-43309 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

DEBIAN-CVE-2026-52950

In the Linux kernel, the following vulnerability has been resolved: drm/xe/dma-buf: fix UAF with retry loop Retry doesn't work here, since bo will be freed on error, leading to UAF. However, now that we do the alloc & init before the attach, we can now combine this as one unit and have the init d...

DEBIAN-CVE-2026-52949

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix ttmboshrink infinite LRU walk on backup failure Apply the same fix as b2ed01e7ad "drm/ttm: Fix ttmboswapout infinite LRU walk on swapout failure" to the ttmboshrink path. Move delbulkmove from before the backup to...

RockyLinux 9 : nginx:1.24 (RLSA-2026:28212)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:28212 advisory. nginx: ngxhttprewritemodule: code execution and denial of service CVE-2026-9256 Tenable has extracted the preceding description block directly from the RockyLinu...

CVE-2026-8823

Mattermost versions affected are 11.7.x <= 11.7.0 and 10.11.x

EUVD-2026-38248

Mattermost versions 11.7.x = 11.7.0, 10.11.x = 10.11.17 fail to enforce bot-specific permission checks on the user active status endpoint, which allows a User Manager with user management write access but no Integrations access to deactivate bot accounts via the PUT /api/v4/users/id/active API...

RHSA-2026:27737 Red Hat Security Advisory: libxml2 security update

Bulletin has no description...

RHSA-2026:27705 Red Hat Security Advisory: kernel security update

Bulletin has no description...

Fedora 43 : vips (2026-3b2ddea116)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-3b2ddea116 advisory. - update to v8.18.3 - enable uhdr - fix several security issues Tenable has extracted the preceding description block directly from the Fedora...

Photon OS 4.0: Nginx PHSA-2026-4.0-1036

An update of the nginx package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1036. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

DEBIAN-CVE-2026-48618

Bulletin has no description...

RHSA-2026:26224 Red Hat Security Advisory: libexif security update

Bulletin has no description...

Photon OS 4.0: Python3 PHSA-2026-4.0-1018

An update of the python3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1018. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Chromium: CVE-2026-11666 Insufficient validation of untrusted input in Input

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

SUSE SLES15 Security Update : kernel (SUSE-SU-2026:2310-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2310-1 advisory. The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: -...

SUSE SLES12 Security Update : strongswan (SUSE-SU-2026:2312-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:2312-1 advisory. This update for strongswan fixes the following issue - CVE-2026-47895: double-free when destroying certain cloned identities bsc1266360. Tenable has...

CVE-2026-7184 Mattermost Remote Cluster PATCH API Leaks Authentication Tokens

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15 fail to sanitize the Remote Cluster API response on PATCH operations, which allows authenticated users with the managesecureconnections permission to obtain remote cluster authentication tokens via a PATCH request to the...

EUVD-2026-36499

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 fail to require system-level permission when patching protected default system roles, which allows authenticated users with delegated user-management permissions to escalate privileges by altering built-i...