PT-2026-47573

Impact Stigmem nodes with federation enabled could be configured to run without mTLS outside loopback-only local development. In affected deployments, federation traffic may traverse the network without the intended transport protection. Impacted users are operators who enabled federation and...

RockyLinux 10 : python-markdown (RLSA-2026:19155)

The remote RockyLinux 10 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2026:19155 advisory. python-markdown: denial of service via malformed HTML-like sequences CVE-2025-69534 Tenable has extracted the preceding description block directly from the...

Improper Handling of Case Sensitivity

Overview tuf is a secure updater framework for Python. Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to platform-dependent behavior in the DelegatedRole.istargetinpathpattern function. An attacker can bypass intended access restrictions by exploitin...

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions due to insecure default permissions that grant regular users elevated privileges. An attacker can gain unauthorized access to host files and execute code with root-level privileges by leveraging authenticat...

Server-side Request Forgery (SSRF)

Overview compliance-trestle is a Tools to manage & autogenerate python objects representing the OSCAL layers/models Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the HTTPSFetcher.dofetch function. A user can access internal services or cloud metadata...

HTTP Request Smuggling

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to HTTP Request Smuggling via the app.mount function. An attacker can access unintended routes or resources by sending requests with percent-encoded multi-byte characters in the URL path,...

CVE-2026-45374

CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, the taskcreate tool spawns durable sub-agents that inherit two insecure defaults, allowshell defaults to true config.rs:1499: self.allowshell.unwraportrue and autoapprove defaults to true taskmanager.rs:297: autoapprove:...

CVE-2026-52806: Authenticated RCE via Argument Injection in Gogs (FIXED as of June 7, 2026)

Overview Rapid7 Labs discovered a critical argument injection CWE-88 vulnerability in Gogs, a popular open-source self-hosted Git service, tracked as CVE-2026-52806. Rapid7 Labs scores this vulnerability as CVSSv4 9.4 Critical. The vulnerability allows any authenticated user to achieve remote cod...

EUVD-2026-32788

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix divide-by-zero in setupgeo with zero farcopies setupgeo extracts nearcopies nc and farcopies fc from the user-provided layout parameter without checking for zero. When fc=0 with the "improved" far set layout...

CVE-2026-46112

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix unlocked call to hnsroceqpremove Sashiko points out that hnsroceqpremove requires the caller to hold locks. The error flow in hnsrocecreateqpcommon doesn't hold those locks for the error unwind so it risks corruptin...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to not requiring POST requests for an HTTP endpoint. This vulnerability allows attackers to resume failed Multijob builds. Remediation Upgrade org.jenkins-ci.plugins:jenkins-multijob-plugin to version...

CIFSwitch

CIFSwitch CVE-2026-46243 Writeuphttps://heyitsas.im/post...

GitLab 18.7 < 18.10.7 / 18.11 < 18.11.4 / 19.0 < 19.0.1 (CVE-2026-5296)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Missing Authorization in GitLab CVE-2026-5296 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenabl...

RockyLinux 9 : luksmeta (RLSA-2026:18824)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:18824 advisory. luksmeta: Data corruption when handling LUKS1 partitions with luksmeta CVE-2025-11568 Tenable has extracted the preceding description block directly from the...

MiracleLinux 8 : glibc-2.28-251.el8_10.37 (AXSA:2026-726:04)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-726:04 advisory. glibc: glibc: Denial of Service via iconv function with specific character sets CVE-2026-4046 Tenable has extracted the preceding description block...

Fedora 43 : poppler (2026-2a9d57ce6b)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-2a9d57ce6b advisory. This update fixes CVE-2025-52885 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

[SECURITY] [DSA 6303-1] varnish security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6303-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 27, 2026 https://www.debian.org/security/faq -...

EUVD-2026-32622

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user to cause denial of service due to insufficient validation...

Improper Validation of Specified Index, Position, or Offset in Input

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Improper Validation of Specified Index, Position, or Offset in Input in the SandboxNodeVisitor that allows toString policy bypass via Traversable in join/replace filte...

Incorrect Authorization

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Incorrect Authorization via cached template security decisions in the sandbox implementation. An attacker can bypass sandbox filter, tag, and function restrictions...