MAL-2026-4582 Malicious code in ignite-market-contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3632f7802511e2852d33925ab4d8612fe588de1f8a1d832011cd3588d23f62bc The package's preinstall lifecycle hook in package.json runs wget --quiet...

MAL-2026-4583 Malicious code in ignite-market-contractstest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9babd9b088785649368dbf885050b6a15b218a6b38d2dcd058f0c9eda5109da package.json declares a preinstall lifecycle hook that runs wget --quiet...

Docker Model Runner 安全漏洞

Docker Model Runner is an open-source Docker model runner developed by Docker. Docker Model Runner vllm-metal contains a security vulnerability. This vulnerability arises from setting trustremotecode=True without any sandbox protection. It may allow arbitrary Python files to be executed during...

Linux Distros Unpatched Vulnerability : CVE-2026-33637

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow...

Linux Distros Unpatched Vulnerability : CVE-2026-6335

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.3 that under certain conditions could have allowed an authenticate...

Linux Distros Unpatched Vulnerability : CVE-2025-12669

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have...

RockyLinux 9 : nginx (RLSA-2026:18029)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:18029 advisory. nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 Tenable has extracted the preceding description block directly from the RockyLinux security...

NVIDIA Windows GPU Display Driver (May 2026)

A display driver installed on the remote Windows host is affected by multiple vulnerabilities: - A vulnerability exists in the kernel mode layer, where an attacker could leverage improper access to GPU resources, potentially leading to code execution, denial of service, escalation of privileges,...

Linux Distros Unpatched Vulnerability : CVE-2026-32741

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and below contain a heap buffer overflow in MaskImageCodec::decodemaskimage. When...

Docker Model Runner 安全漏洞

Docker Model Runner is an open-source Docker model runner developed by Docker. There is a security vulnerability in Docker Model Runner MLX. This vulnerability stems from the unconditional import and execution of any Python file in the model directory. It may allow malicious models to be pulled...

Linux Distros Unpatched Vulnerability : CVE-2026-8706

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive...

RockyLinux 10 : osbuild-composer (RLSA-2026:13643)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:13643 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 Tenable has extracted the preceding description block directly from the RockyLinux...

Linux Distros Unpatched Vulnerability : CVE-2026-1659

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have...

Docker Desktop < 4.71.0 Container Escape (CVE-2026-5843)

The version of Docker Desktop installed on the remote host is prior to 4.71.0. It is, therefore, affected by a container escape vulnerability: - A container-to-host code execution vulnerability exists in the Docker Model Runner MLX inference backend. An attacker with access to a container could...

Fedora 44 : kernel (2026-66bba52149)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-66bba52149 advisory. The 7.0.9-105/205 stable kernel updates contain a couple if important security fixes. Tenable has extracted the preceding description block directly from the...

Unity Linux 20.1070e Security Update: nodejs-hawk (UTSA-2026-016758)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016758 advisory. Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response...

Boxlite: Path Traversal Vulnerability Leads to Arbitrary File Write on the Host

Summary Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and run OCI containers within them. Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when processing tar entries in OCI images, Boxlite does not account for...

GHSA-F396-4RP4-7V2J Boxlite: Path Traversal Vulnerability Leads to Arbitrary File Write on the Host

Summary Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and run OCI containers within them. Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when processing tar entries in OCI images, Boxlite does not account for...

BoxLite: Permission Bypass Allows Modification of Read-Only Files

Summary Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. One of the core security features claimed by Boxlite is the ability to mount host directories in read-only mode readonly=True into the V...

GHSA-G6WW-W5J2-R7X3 BoxLite: Permission Bypass Allows Modification of Read-Only Files

Summary Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. One of the core security features claimed by Boxlite is the ability to mount host directories in read-only mode readonly=True into the V...