CLEANSTART-2026-MX56097 Security fixes for CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33186, CVE-2026-33811, CVE-2026-33814, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, ghsa-p77j-4mvh-x3m3, ghsa-vvgc-356p-c3xw applied in versions: 1.7.0-r0, 1.7.0-r1

Multiple security vulnerabilities affect the yunikorn-k8shim-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

Use After Free

Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

CVE-2026-24400 affecting package javapackages-bootstrap for versions less than 1.14.0-4

CVE-2026-24400 affecting package javapackages-bootstrap for versions less than 1.14.0-4. A patched version of the package is available...

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition in which maps from multiple components may be accessed without synchronization. When under heavy concurrent activity, either spontaneous or attacker-generated, the process can be caused to panic and crash with fatal error...

@ainsleydev/payload-helper (>=0.0.6 <=0.1.2), @davincicoding/payload-plugin-kit (=0.0.4) +9 more potentially affected by CVE-2026-25544 via @payloadcms/db-sqlite (>=3.0.0-beta.116 <=3.72.0)

@payloadcms/db-sqlite NPM version =3.0.0-beta.116, =0.0.6, =1.1.10, =1.2.0 - payload-smart-deletion =1.0.7 - simple-shop =1.0.0 Source cves: CVE-2026-25544 Source advisory: SNYK:JS-PAYLOADCMSDBSQLITE-15240188...

AZL-76793 CVE-2025-47911 affecting package azl-otel-collector 0.127.0-1

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

SUSE: Security Advisory (SUSE-SU-2026:0300-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MiracleLinux 7 : pesign-0.109-11.el7 (AXSA:2023-5211:03)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-5211:03 advisory. pesign: Local privilege escalation on pesign systemd service CVE-2022-3560 Tenable has extracted the preceding description block directly from the MiracleLin...

MiracleLinux 8 : open-vm-tools-12.1.5-2.el8.3.ML.1 (AXSA:2023-6434:09)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6434:09 advisory. open-vm-tools: SAML token signature bypass CVE-2023-20900 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 4 : 389-ds-base-1.2.11.15-34.AXS4 (AXSA:2014-504:04)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2014-504:04 advisory. Description : 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server...

CVE-2025-54371 vulnerabilities

Vulnerabilities for packages: kubeflow-centraldashboard, saf, lerna...

Fedora 43 : usd (2025-f882263432)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-f882263432 advisory. Backport fix for CVE-2025-14439/GHSA-grjp-54v3-c442 Tenable has extracted the preceding description block directly from the Fedora security advisory...

Fedora 43 : ov (2025-0d2748fa32)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-0d2748fa32 advisory. Update to 0.50.2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

0lever-utils (>=0.0.2 <=0.0.7), 1337x (=1.2.5) +16397 more potentially affected by CVE-2025-66471 via urllib3 (>=1.10.2 <=2.5.0)

urllib3 PYPI version =1.10.2, =0.0.2, =0.3.0, =0.0.1a0, =2.3.84, =0.1.0, =1.1.2, =0.1.0, =0.1.0, =0.0.2, =0.0.5, =0.0.7 - a-mailx =0.1.0 - a-texam =1.1.0 and more Source cves: CVE-2025-66471 Source advisory: OSV:GHSA-2XPW-W6GG-JR37...

Fedora 43 : timg (2025-d2b7d94014)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-d2b7d94014 advisory. Rebuilt with latest patched stbimage: memory-safety fixes Tenable has extracted the preceding description block directly from the Fedora security advisory...

Cross-site Scripting (XSS)

Overview yungifez/skuul is an A multi school management system. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the application, which uploaded SVG files directly without sanitization or enforcing content-type restrictions. An attacker can inject and execute...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

CVE-2025-11412 affecting package binutils for versions less than 2.41-10

CVE-2025-11412 affecting package binutils for versions less than 2.41-10. A patched version of the package is available...