PT-2026-50583

Summary The API endpoint POST /api/v1/repos/owner/repo/forks only checks IsOrgMember when a user forks a repository into an organization, but does not check CanCreateOrgRepo. The web UI fork handler correctly checks both. This allows a read-only organization member — in a team with can create org...

PT-2026-50603

Impact The getLoginRedirect method contains a weakness to backslash bypasses allowing redirect targets with attacker controlled hostnames. Patches 3.3.6 and 4.1.1 contain a fix for this issue. Workarounds If you are unable to upgrade, you should consider adding application validation to the...

PT-2026-50600

Summary org.hl7.fhir.utilities.XsltUtilities exposes two parallel families of XSLT transform helpers. The transform... overloads obtain their TransformerFactory from the project's hardened helper XMLUtil.newXXEProtectedTransformerFactory which sets ACCESS EXTERNAL DTD="" and ACCESS EXTERNAL...

PT-2026-50477

Summary The spreadsheet-import endpoint axiosRequestMake could be used as a generic HTTP proxy. Before the fix it was reachable unauthenticated, and its URL-extension allowlist was a regex tested against the full URL string, so URLs whose query string ended in .csv for example...

PT-2026-50584

Summary Many authenticated self routes under /api/v1/user/... do not enforce the public-only token restriction. As a result, a token or OAuth grant marked public-only, but otherwise carrying the route-required read/write scope category, can access or modify private account resources through self...

PT-2026-50510

Improper Neutralization of Script in Attributes in a Web Page vulnerability in pragdave earmark allows stored cross-site scripting via unescaped HTML attribute values. 'Elixir.Earmark.Transform': make att1/2 in lib/earmark/transform.ex splices attribute values verbatim between two literal " bytes...

Photon OS 4.0: Nghttp2 PHSA-2026-4.0-1002

An update of the nghttp2 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1002. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

ImageMagick < 6.9.13-49 / 7.x < 7.1.2-24 Multiple Vulnerabilities

The remote host has a version of ImageMagick installed that is prior to 6.9.13-49 or 7.x prior to 7.1.2-24. It is, therefore, affected by multiple vulnerabilities: - A crafted MVG file could result in a stack overflow due to a missing depth or visited-set check. CVE-2026-48734 - An infinite loop ...

Fedora 44 : tig (2026-5cb64cc909)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-5cb64cc909 advisory. Fix editor command injection vulnerability only affectsversion 2.6.0. 1432 https://github.com/jonas/tig/issues/1432 Tenable has extracted the preceding...

Security Updates for Microsoft Office Products (June 2026) (macOS)

The version of Microsoft Office for Mac installed on the remote host is affected by multiple vulnerabilities as referenced in the june-16-2026 advisory. - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. CVE-2026-44819, CVE-2026-44824,...

Fedora 44 : xen (2026-24b84f97af)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-24b84f97af advisory. x86 HVM I/O port list traversal XSA-491, CVE-2026-42487 domctl lock open to abuse XSA-492, CVE-2026-42489, CVE-2026-42490 Arm: Completion of memory...

Fedora 44 : perl-Protocol-HTTP2 (2026-12765c0719)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-12765c0719 advisory. This release fixes CVE-2026-10725 exhausting memory when decompressing request headers. It also improves examples. Tenable has extracted the precedi...

Fedora 44 : openslide (2026-e31dda6e44)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-e31dda6e44 advisory. Fix arbitrary memory write with crafted Ventana BIF file CVE-2026-48977. Tenable has extracted the preceding description block directly from the Fedora...

PUFFERDOS: Efficient and Effective Attack String Generation for Regular Expression Denial of Service Vulnerabilities

ReDoS attacks constitute a critical class of resource-exhaustion vulnerabilities. In such attacks, adversaries exploit the pathological worst-case execution behavior of regular expression regex engines to induce highly asymmetric computational workloads, ultimately exhausting system resources and...

Hitachi Energy RTU500 Integer Overflow or Wraparound (CVE-2026-25210)

In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation, primarily causing Denial of Service and potentially confidentiality and integrity impact to the product. Product is only...

Bosch Security Systems IP Cameras Improper Input Validation (CVE-2021-23853)

In Bosch IP cameras, improper validation of the HTTP header allows an attacker to inject arbitrary HTTP headers through crafted URLs. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Hitachi Energy RTU500 NULL Pointer Dereference (CVE-2026-32778)

libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier out-of-memory condition, causing Denial of Service impact. Product is only affected if IEC 61850 functionality is configured. This plugin only works with Tenable.ot. Please visit...

RHCOS 4 : OpenShift Container Platform 4.18.44 (RHSA-2026:25180)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25180 advisory. - net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 - crypto/x509: crypto/tls: golang: Go: Denial of Servi...

Oracle Linux 8 : libxml2 (ELSA-2026-26354)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-26354 advisory. 2.9.7-21.5 - Fix CVE-2024-34459 RHEL-36405 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

Bosch Security Systems IP Cameras Improper Authentication (CVE-2021-23847)

A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. Only devices of the CPP6, CPP7 and CPP7.3 family with firmware 7.70, 7.72, and...