Python Library OpenEXR 3.4.x < 3.4.12 Multiple Vulnerabilities

The version of the OpenEXR Python package installed on the remote host is 3.4.x prior to 3.4.12. It is, therefore, affected by multiple vulnerabilities: - An integer overflow in htundoimpl in src/lib/OpenEXRCore/internalht.cpp leads to a heap-buffer-overflow when decoding a crafted HTJ2K-compress...

RHCOS 4 : OpenShift Container Platform 4.18.44 (RHSA-2026:25180)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25180 advisory. - net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 - crypto/x509: crypto/tls: golang: Go: Denial of Servi...

RHEL 9 : kernel-rt (RHSA-2026:26462)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26462 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...

RockyLinux 9 : podman (RLSA-2026:26447)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26447 advisory. crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation CVE-2026-32281 crypto/tls: golang: Go crypto/tls:...

RHEL 8 : kernel (RHSA-2026:26563)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26563 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: geneve: Fix use-after-free in...

PT-2026-50473

Summary The spreadsheet-fetch endpoint axiosRequestMake accepted URLs whose path contained a permitted extension anywhere in the string, and applied a hand-rolled regex blocklist that omitted 127.0.0.0/8 and 169.254.0.0/16, allowing the cloud-metadata endpoint to be reached with a crafted URL...

Linux Distros Unpatched Vulnerability : CVE-2026-12314

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

PT-2026-50568

Name of the Vulnerable Software and Affected Versions Steeltoe.Configuration.Encryption versions 4.0.0 through 4.1.0 Description Steeltoe is an open source project providing libraries for building cloud-native applications. An issue exists where configuring the encrypt:rsa:algorithm variable with...

httpd:2.4 security update

httpd 2.4.37-65.0.1.8 - Replace index.html with Oracle's index page oracleindex.html 2.4.37-65.8 - Resolves: RHEL-173558 - httpd:2.4/httpd: Apache HTTP Server modproxyajp: Arbitrary code execution via heap-based buffer overflow CVE-2026-28780 - Resolves: RHEL-175074 - httpd:2.4/httpd: NULL pointe...

dracut security update

049-244.git20260529.0.1 - Refactor getucodefile Orabug: 36989953 - Revert the fixes for bugs 33676753 and 33888951 due to regressions Orabug: 35656614 - Fix typo in orabug33888951-dracut-Enable-the-code-to-create-ifcfg-file.patch Orabug: 35268918 - Enable the code to create ifcfg file Orabug:...

PUFFERDOS: Efficient and Effective Attack String Generation for Regular Expression Denial of Service Vulnerabilities

ReDoS attacks constitute a critical class of resource-exhaustion vulnerabilities. In such attacks, adversaries exploit the pathological worst-case execution behavior of regular expression regex engines to induce highly asymmetric computational workloads, ultimately exhausting system resources and...

PT-2026-50557

Name of the Vulnerable Software and Affected Versions marimo versions prior to 0.23.9 Description A reflected cross-site scripting issue exists in the notebook page. Unauthenticated attackers can inject arbitrary JavaScript by exploiting improper escaping of single quotes in the file query...

Fedora 44 : bird (2026-8f225adf49)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-8f225adf49 advisory. BIRD 3.3.1 2026-06-09 BGP: Fix crash when incoming connection for disabled protocol arrives BGP: Fix parsing labelled NLRIs with no next hop BGP: Fix cork...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 24.04 LTS / 26.04 LTS : OpenImageIO vulnerabilities (USN-8438-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8438-1 advisory. It was discovered that OpenImageIO incorrectly performed bounds checking when processing SGI files. An...

VulnCheck KEV: CVE-2026-27760

OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity action parameter. Attackers can break out of the define string...

Linux Distros Unpatched Vulnerability : CVE-2026-12457

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient data validation in Extensions. CVE-2026-12457 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900...

Linux Distros Unpatched Vulnerability : CVE-2026-12289

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152,...

Linux Distros Unpatched Vulnerability : CVE-2026-53615

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - util-linux - None Ubuntu Linux - Integer Overflow or Wraparound in libblkid/src/partitions/dos.c CVE-2026-53615 Note that Nessus relies on the...

Linux Distros Unpatched Vulnerability : CVE-2026-12438

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process t...

Linux Distros Unpatched Vulnerability : CVE-2026-12452

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Downloads in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted...