PUFFERDOS: Efficient and Effective Attack String Generation for Regular Expression Denial of Service Vulnerabilities

ReDoS attacks constitute a critical class of resource-exhaustion vulnerabilities. In such attacks, adversaries exploit the pathological worst-case execution behavior of regular expression regex engines to induce highly asymmetric computational workloads, ultimately exhausting system resources and...

PT-2026-50557

Name of the Vulnerable Software and Affected Versions marimo versions prior to 0.23.9 Description A reflected cross-site scripting issue exists in the notebook page. Unauthenticated attackers can inject arbitrary JavaScript by exploiting improper escaping of single quotes in the file query...

openSUSE 16 Security Update : libXpm (openSUSE-SU-2026:20953-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20953-1 advisory. This update for libXpm fixes the following issue: - CVE-2026-4367: out-of-bounds read in xpmNextWord bsc1260928. Tenable has extracted the preceding...

Linux Distros Unpatched Vulnerability : CVE-2026-12455

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Tab Strip in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to...

Linux Distros Unpatched Vulnerability : CVE-2026-12462

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to execute arbitrary code...

FreeBSD : chromium -- security fixes (cffe1232-e4b3-4c72-8b4c-6a8298c9b289)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the cffe1232-e4b3-4c72-8b4c-6a8298c9b289 advisory. Chrome Releases reports: This update includes 33 security fixes: Tenable has extracted the...

Linux Distros Unpatched Vulnerability : CVE-2026-12468

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Race in Updater in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a...

Ubuntu 22.04 LTS : Linux kernel (Azure) vulnerabilities (USN-8440-1)

"The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8440-1 advisory. Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the...

Linux Distros Unpatched Vulnerability : CVE-2026-12445

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a malicious extension to potentially...

Linux Distros Unpatched Vulnerability : CVE-2026-12466

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page...

Linux Distros Unpatched Vulnerability : CVE-2026-12452

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Downloads in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted...

Linux Distros Unpatched Vulnerability : CVE-2026-12457

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient data validation in Extensions. CVE-2026-12457 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900...

RockyLinux 9 : hplip (RLSA-2026:26297)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26297 advisory. HPLIP: HPLIP: Privilege escalation and arbitrary code execution via operating system command injection CVE-2026-8632 HPLIP: HPLIP: Arbitrary code...

Linux Distros Unpatched Vulnerability : CVE-2026-12469

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromi...

Linux Distros Unpatched Vulnerability : CVE-2026-12446

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient data validation in Passwords. CVE-2026-12446 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 ...

RockyLinux 9 : valkey (RLSA-2026:25925)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:25925 advisory. redis: use-after-free in unblock client flow may allow remote code execution CVE-2026-23479 redis: Remote code execution via use-after-free in Lua...

RHEL 8 : 389-ds:1.4 (RHSA-2026:26454)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26454 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server a...

Linux Distros Unpatched Vulnerability : CVE-2026-12312

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

RHEL 9 : 389-ds-base (RHSA-2026:26455)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26455 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server a...

Linux Distros Unpatched Vulnerability : CVE-2026-12327

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corrupti...