Fedora 44 : openslide (2026-e31dda6e44)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-e31dda6e44 advisory. Fix arbitrary memory write with crafted Ventana BIF file CVE-2026-48977. Tenable has extracted the preceding description block directly from the Fedora...

PUFFERDOS: Efficient and Effective Attack String Generation for Regular Expression Denial of Service Vulnerabilities

ReDoS attacks constitute a critical class of resource-exhaustion vulnerabilities. In such attacks, adversaries exploit the pathological worst-case execution behavior of regular expression regex engines to induce highly asymmetric computational workloads, ultimately exhausting system resources and...

📄 dedoc/scramble 0.13.2 Remote Code Execution

This is a Metasploit exploit module for CVE-2026-44262, an unauthenticated remote code execution vulnerability in the Laravel-based tool dedoc/scramble. ================================================================================================================================== | Title :...

Hitachi Energy RTU500 Integer Overflow or Wraparound (CVE-2026-25210)

In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation, primarily causing Denial of Service and potentially confidentiality and integrity impact to the product. Product is only...

Bosch Security Systems IP Cameras Improper Input Validation (CVE-2021-23853)

In Bosch IP cameras, improper validation of the HTTP header allows an attacker to inject arbitrary HTTP headers through crafted URLs. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Hitachi Energy RTU500 NULL Pointer Dereference (CVE-2026-32778)

libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier out-of-memory condition, causing Denial of Service impact. Product is only affected if IEC 61850 functionality is configured. This plugin only works with Tenable.ot. Please visit...

RHCOS 4 : OpenShift Container Platform 4.18.44 (RHSA-2026:25180)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25180 advisory. - net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 - crypto/x509: crypto/tls: golang: Go: Denial of Servi...

Oracle Linux 8 : libxml2 (ELSA-2026-26354)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-26354 advisory. 2.9.7-21.5 - Fix CVE-2024-34459 RHEL-36405 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

Bosch Security Systems IP Cameras Improper Authentication (CVE-2021-23847)

A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. Only devices of the CPP6, CPP7 and CPP7.3 family with firmware 7.70, 7.72, and...

RHEL 9 : dracut (RHSA-2026:26533)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26533 advisory. The dracut packages contain an event-driven initial RAM file system initramfs generator infrastructure based on the udev device manager. The virtual...

VulnCheck KEV: CVE-2026-27760

OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity action parameter. Attackers can break out of the define string...

IBM WebSphere Application Server 8.5.x < 8.5.5.30 / 9.x < 9.0.5.29 / Liberty 17.0.0.3 < 26.0.0.7 (7276579)

The version of IBM WebSphere Application Server running on the remote host is affected by multiple vulnerabilities as referenced in the 7276579 advisory. - IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to HTTP request smuggling. A remote attacker could...

Hitachi Energy RTU500 NULL Pointer Dereference (CVE-2026-24515)

In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data, causing Denial of Service impact. Product is only affected if IEC 61850 functionality is configured. This plugin only works with Tenable.ot. Please visit...

Bosch Security Systems IP Cameras Uncontrolled Resource Consumption (CVE-2021-23852)

An authenticated attacker with administrator rights Bosch IP cameras can call an URL with an invalid parameter that causes the camera to become unresponsive for a few seconds and cause a Denial of Service DoS. This plugin only works with Tenable.ot. Please visit...

MiracleLinux 8 : dotnet9.0-9.0.118-1.el8_10 (AXSA:2026-790:10)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-790:10 advisory. dotnet: .NET: Local file tampering via link following vulnerability CVE-2026-45491 dotnet: ASP.NET Core: Denial of Service via uncontrolled resource...

Linux Distros Unpatched Vulnerability : CVE-2026-12320

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Information disclosure in the Password Manager component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. CVE-2026-12320 Note that Nessus relie...

RockyLinux 9 : fence-agents (RLSA-2026:26206)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:26206 advisory. python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens CVE-2026-48526 Tenable has extracted the preceding description block directly from the...

Oracle Linux 8 : libxslt (ELSA-2026-26355)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-26355 advisory. 1.1.32-6.4.0.1 - Added libxslt-oracle-enterprise.patch and replaced doc/redhat.gif in tarball 1.1.32-6.4 - Fix CVE-2025-10911 RHEL-171739 Tenable has extracted...

RockyLinux 8 : openssl (RLSA-2026:26275)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26275 advisory. openssl: Use After Free with SSLfreebuffers CVE-2024-4741 openssl: Heap Use-After-Free in OpenSSL PKCS7verify CVE-2026-45447 Tenable has extracted the...

Fedora 44 : nextcloud (2026-86fab2703b)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-86fab2703b advisory. 33.0.5 Release Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...