Linux Distros Unpatched Vulnerability : CVE-2026-12458

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect security UI in Passwords. CVE-2026-12458 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C...

Linux Distros Unpatched Vulnerability : CVE-2026-12446

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient data validation in Passwords. CVE-2026-12446 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 ...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : rabbitmq-c vulnerabilities (USN-8437-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8437-1 advisory. It was discovered that rabbitmq-c exposed credentials in command-line arguments under certain circumstances. A local...

Fedora 45 : krita (2026-4084e20f7e)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-4084e20f7e advisory. Automatic update for krita-6.0.2.1-1.fc45. Changelog Wed Jun 17 2026 Than Ngo - 6.0.2.1-1 - Fix rhbz2481429, Update to 6.0.2.1 - Fix rhbz2476570,...

Linux Distros Unpatched Vulnerability : CVE-2026-12310

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. CVE-2026-12310...

RHEL 10 : 389-ds-base (RHSA-2026:26456)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26456 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server...

RHEL 9 : firefox (RHSA-2026:26493)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26493 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

IBM WebSphere Application Server 8.5.x < 8.5.5.30 / 9.x < 9.0.5.28 RCE (7276560)

The version of IBM WebSphere Application Server running on the remote host is affected by a remote code execution vulnerability as referenced in the 7276560 advisory. - IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, when using Intelligent Management with the...

Fedora 44 : nextcloud (2026-86fab2703b)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-86fab2703b advisory. 33.0.5 Release Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

IBM WebSphere Application Server 8.5.x < 8.5.5.30 / 9.x < 9.0.5.29 (7276597)

The version of IBM WebSphere Application Server running on the remote host is affected by a vulnerability as referenced in the 7276597 advisory. - IBM WebSphere Application Server could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications. CWE:...

Linux Distros Unpatched Vulnerability : CVE-2026-53612

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - util-linux - None Ubuntu Linux - Local Privilege Escalation via TOCTOU in mount8 hookowner.c chmod/chown CVE-2026-53612 Note that Nessus relies o...

RockyLinux 8 : libpng15 (RLSA-2026:26347)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:26347 advisory. libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVE-2026-33416 Tenable has extracted the preceding description block directly from t...

Traefik 2.x < 2.11.48 / 3.x < 3.6.19 / 3.7.x < 3.7.3 Authentication Bypass (CVE-2026-48020)

The version of Traefik installed on the remote macOS host is 2.x prior to 2.11.48, 3.x prior to 3.6.19, or 3.7.x prior to 3.7.3. It is, therefore, affected by an authentication bypass vulnerability: - The StripPrefix middleware allows unauthenticated attackers to bypass route-level authentication...

Fortra GoAnywhere Managed File Transfer (MFT) < 7.10.0 Multiple Vulnerabilities

According to its self-reported version, the instance of Fortra GoAnywhere Managed File Transfer MFT running on the remote host is prior to 7.10.0. It is, therefore, affected by multiple vulnerabilities, including: - The login limit is not enforced on the SFTP service if the Web User is configured...

ConnectWise ScreenConnect < 26.2 Improper Input Validation (CVE-2026-11596)

According to its version, the ConnectWise ScreenConnect remote access software installed on the remote host is prior to 26.2. It is, therefore, affected by an improper input validation vulnerability: - Input validation within the Host Pass creation functionality could allow an authenticated user...

Linux Distros Unpatched Vulnerability : CVE-2026-53613

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - upstream upgrade with security fixes: - CVE-2026-53612 - libmount: TOCTOU attack via ancestor directory swap during mount - CVE-2026-53613 - libmount: SUID bypa...

Fedora 43 : nextcloud (2026-cb3feafe41)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-cb3feafe41 advisory. 33.0.5 Release Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

RockyLinux 8 : hplip (RLSA-2026:26335)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26335 advisory. HPLIP: HPLIP: Privilege escalation and arbitrary code execution via operating system command injection CVE-2026-8632 HPLIP: HPLIP: Arbitrary code...

MinIO RELEASE.2022-07-24T01-54-52Z < RELEASE.2026-04-14T21-32-45Z Path Traversal (CVE-2026-42600)

The version of MinIO installed on the remote host is RELEASE.2022-07-24T01-54-52Z or later but prior to RELEASE.2026-04-14T21-32-45Z. It is, therefore, affected by a path traversal vulnerability: - A path traversal vulnerability in MinIO's ReadMultiple internode storage-REST endpoint allows a...

Linux Distros Unpatched Vulnerability : CVE-2026-12466

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page...