Ubuntu 24.04 LTS : age vulnerability (USN-8372-1)

The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8372-1 advisory. It was discovered that age did not properly validate plugin names. An attacker could possibly use this issue to cause execution of an arbitrary program by supplyi...

RockyLinux 10 : flatpak (RLSA-2026:21757)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:21757 advisory. flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on...

PT-2026-46858

Summary AVideo stores category descriptions from user input and later renders category description as raw HTML in the Gallery view. A user who can create or edit categories can store JavaScript in a category description, which executes when another user views the affected Gallery/category page...

CVE-2026-35906

CVE-2026-35906 affects T3 Technology CPE models T625Pro v1.0.07 and T6825G v1.0.03. The vulnerability stems from an undocumented debug CGI endpoint that is accessible without authentication, allowing an attacker to supply a crafted HTTP query string to execute arbitrary commands with root privile...

PT-2026-46414

Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 149.0.7827.53 Description A use after free issue in Google Chrome on iOS allows a remote attacker to execute arbitrary code. This is achieved by inducing the victim to visit a specially crafted HTML page...

CVE-2026-41283

OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials...

Opportunities and Challenges in Securely Reusing and Repurposing Mobile Devices

An estimated 5.3 billion mobile phones became electronic waste in 2022. Many of these devices can be repurposed and used in different contexts to extend their lifetime and to reduce ecological impacts. An often overlooked aspect of smartphone reuse is cybersecurity: these devices embed...

PT-2026-46757

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 149.0.7827.53 Description An inappropriate implementation in Safe Browsing allows a remote attacker to execute arbitrary code through the use of a malicious file. Recommendations Update to version...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : XZ Utils vulnerability (USN-8362-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8362-1 advisory. It was discovered that XZ Utils did not properly manage memory when attempting to append data ...

RockyLinux 9 : flatpak (RLSA-2026:21755)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:21755 advisory. flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on ho...

RockyLinux 10 : cockpit (RLSA-2026:21676)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:21676 advisory. cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI CVE-2026-4802 Tenable has extracted the preceding description block directly...

Fedora 43 : pie (2026-b2fe14ec86)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-b2fe14ec86 advisory. Version 1.4.5 This release contains vulnerability fixes for the following security advisories: - GHSA-h842-vjwg-pxxx - Sudo-elevated arbitrary file deletion...

Debian dsa-6322 : frr - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6322 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6322-1 [email protected]...

Apache ActiveMQ < 5.19.7 / 6.x < 6.2.6 Multiple Vulnerabilities

The version of Apache ActiveMQ running on the remote host is prior to 5.19.7 or 6.x prior to 6.2.6. It is, therefore, affected by multiple vulnerabilities: - Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ...

RockyLinux 9 : libtiff (RLSA-2026:19363)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19363 advisory. libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing CVE-2026-4775 Tenable has extracted the...

Notepad++ < 8.9.6.1 Multiple Vulnerabilities

The version of Notepad++ installed on the remote host is prior to 8.9.6.1. It is, therefore, affected by multiple vulnerabilities: - A crash caused by any malformed structure that could allow an attacker to cause a denial of service condition. CVE-2026-48770 - An arbitrary code execution...

RockyLinux 10 : httpd (RLSA-2026:21433)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:21433 advisory. httpd: modproxyajp: heap-based buffer over-read and memory disclosure in ajpparsedata CVE-2026-34059 httpd: modproxyajp: heap-based buffer over-read du...

JetBrains IntelliJ IDEA < 2026.1 Multiple Vulnerabilities

The version of JetBrains IntelliJ IDEA installed on the remote host is prior to 2026.1. It is, therefore, affected by multiple vulnerabilities: - In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin CVE-2026-49382 - In JetBrains...

AlmaLinux 10 : samba (ALSA-2026:22963)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:22963 advisory. samba: Missing access check on reparse point operations CVE-2026-1933 samba: vfsworm does not block directory modification CVE-2026-2340 samba: group...

JetBrains TeamCity < 2026.1 Multiple Vulnerabilities

The version of JetBrains TeamCity installed on the remote host is prior to 2026.1. It is, therefore, affected by multiple vulnerabilities: - In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings CVE-2026-49373 - In JetBrains TeamCity before 2026.1...