TencentOS Server 3: mingw-libtiff (TSSA-2025:1015)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:1015 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Linux Distros Unpatched Vulnerability : CVE-2026-48844

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection...

Linux Distros Unpatched Vulnerability : CVE-2026-48849

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, an unsanitized subject field in the draft restored value could lead to stored XSS/HTML/CSS...

Linux Distros Unpatched Vulnerability : CVE-2026-42502

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications...

EUVD-2026-31740

A vulnerability was identified in GNU LibreDWG up to 0.14. This affects the function decompressR2004section of the file src/decode.c of the component Dwgread Utility. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available an...

CVE-2026-9502 GNU LibreDWG Dwgread Utility decode.c decompress_R2004_section heap-based overflow

A vulnerability was identified in GNU LibreDWG up to 0.14. This affects the function decompressR2004section of the file src/decode.c of the component Dwgread Utility. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available an...

Linux Distros Unpatched Vulnerability : CVE-2026-48710

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP Host request header was not validated before being used to reconstruct...

Linux Distros Unpatched Vulnerability : CVE-2026-42899

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Loop with unreachable exit condition 'infinite loop' in ASP.NET Core allows an unauthorized attacker to deny service over a network. CVE-2026-42899 Note that...

Linux Distros Unpatched Vulnerability : CVE-2026-41149

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and earlier, as well as 11.0.0-alpha.1...

CVE-2026-3592 affecting package bind for versions less than 9.20.23-1

CVE-2026-3592 affecting package bind for versions less than 9.20.23-1. A patched version of the package is available...

Linux Distros Unpatched Vulnerability : CVE-2026-45753

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux - Unknown description CVE-2026-45753 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenabl...

Linux Distros Unpatched Vulnerability : CVE-2026-45133

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - symfony - None Ubuntu Linux - Unknown description CVE-2026-45133 Note that Nessus relies on the presence of the package as reported by the vendor...

Linux Distros Unpatched Vulnerability : CVE-2026-45755

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Symfony's Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC Unauthenticated Webhook Event Injection CVE-2026-45755 Note that Nessus relies o...

Linux Distros Unpatched Vulnerability : CVE-2026-46557

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-23, due to a missing depth check a stack...

Linux Distros Unpatched Vulnerability : CVE-2026-33381

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When a user's access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will...

Linux Distros Unpatched Vulnerability : CVE-2026-45305

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - symfony - None Ubuntu Linux - Unknown description CVE-2026-45305 Note that Nessus relies on the presence of the package as reported by the vendor...

Linux Distros Unpatched Vulnerability : CVE-2026-8945

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sandbox escape in Firefox and Firefox Focus for Android. This vulnerability was fixed in Firefox 151. CVE-2026-8945 Note that Nessus relies on the presence of t...

Linux Distros Unpatched Vulnerability : CVE-2026-28376

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to...

Linux Distros Unpatched Vulnerability : CVE-2026-28380

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Any Editor could delete any snapshot, even if they have no access to read or write them. CVE-2026-28380 Note that Nessus relies on the presence of the package a...

Linux Distros Unpatched Vulnerability : CVE-2026-45071

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - symfony - None Ubuntu Linux - Unknown description CVE-2026-45071 Note that Nessus relies on the presence of the package as reported by the vendor...