Bosch Security Systems IP Cameras Cross-site Scripting (CVE-2021-23848)

An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting XSS in the web-based interface. An attacker with knowledge of the camera address can send a crafted link to a user, which will execute javascript code in the context of the user. This plugin only works with...

Photon OS 5.0: Libssh2 PHSA-2026-5.0-0857

An update of the libssh2 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0857. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Squid vulnerabilities (USN-8435-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8435-1 advisory. It was discovered that Squid incorrectly handled FTP gateway processing under certain circumstances, which could result i...

PT-2026-50556

Name of the Vulnerable Software and Affected Versions Steeltoe.Management.Endpoint versions prior to 4.2.0 Steeltoe.Management.EndpointCore versions prior to 3.4.0 Description The Sanitizer component in the Environment actuator redacts configuration values by matching key names against a suffix...

Linux Distros Unpatched Vulnerability : CVE-2026-12318

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152 and Thunderbird 152. CVE-2026-12318 Note that Nessu...

Oracle Linux 8 : libpng12 (ELSA-2026-26348)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-26348 advisory. 1.2.57-7 - fix CVE-2026-33416: use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE RHEL-161345 Tenable has extracted the preceding description blo...

Fedora 44 : ldns (2026-1c6479b257)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-1c6479b257 advisory. Update to 1.9.2 for CVE-2026-10846 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

RockyLinux 9 : hplip (RLSA-2026:26297)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26297 advisory. HPLIP: HPLIP: Privilege escalation and arbitrary code execution via operating system command injection CVE-2026-8632 HPLIP: HPLIP: Arbitrary code...

Debian dsa-6348 : gsasl - security update

The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6348 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6348-1 [email protected] https://www.debian.org/security/ Moritz...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 24.04 LTS / 26.04 LTS : OpenImageIO vulnerabilities (USN-8438-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8438-1 advisory. It was discovered that OpenImageIO incorrectly performed bounds checking when processing SGI files. An...

Photon OS 4.0: Python3 PHSA-2026-4.0-1018

An update of the python3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1018. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Linux Distros Unpatched Vulnerability : CVE-2026-12322

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. CVE-2026-12322 Note that Nessus relies on the...

PT-2026-50478

Summary POST /api/v1/calendars/events/event id/update validates that the caller has write access to the calendar the event currently belongs to, but does not validate the destination calendar id supplied in the request body. The model layer then persists the new calendar id unconditionally. A...

RHEL 9 : 389-ds-base (RHSA-2026:26464)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26464 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server a...

Oracle Linux 8 : rsync (ELSA-2026-26408)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-26408 advisory. - Integer overflow in compressed-token decoding CVE-2026-43618 Tenable has extracted the preceding description block directly from the Oracle Linux...

RockyLinux 9 : rsync (RLSA-2026:26410)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26410 advisory. rsync: rsync: Remote memory disclosure via integer overflow in compressed-token decoding CVE-2026-43618 rsync: TOCTOU symlink race condition allowing...

RockyLinux 8 : openssl (RLSA-2026:26275)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26275 advisory. openssl: Use After Free with SSLfreebuffers CVE-2024-4741 openssl: Heap Use-After-Free in OpenSSL PKCS7verify CVE-2026-45447 Tenable has extracted the...

openSUSE 16 Security Update : cyrus-imapd (openSUSE-SU-2026:20962-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20962-1 advisory. Changes in cyrus-imapd: - cyrus-imapd don't start because of missing Requires=var-run.mount from systemd bsc1251788 Remove var-run.mount from...

RockyLinux 8 : rsync (RLSA-2026:26408)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26408 advisory. rsync: rsync: Remote memory disclosure via integer overflow in compressed-token decoding CVE-2026-43618 rsync: TOCTOU symlink race condition allowing...

Linux Distros Unpatched Vulnerability : CVE-2026-12466

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page...