Photon OS 5.0: Libssh2 PHSA-2026-5.0-0857

An update of the libssh2 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0857. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Squid vulnerabilities (USN-8435-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8435-1 advisory. It was discovered that Squid incorrectly handled FTP gateway processing under certain circumstances, which could result i...

PT-2026-50556

Name of the Vulnerable Software and Affected Versions Steeltoe.Management.Endpoint versions prior to 4.2.0 Steeltoe.Management.EndpointCore versions prior to 3.4.0 Description The Sanitizer component in the Environment actuator redacts configuration values by matching key names against a suffix...

Linux Distros Unpatched Vulnerability : CVE-2026-12318

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152 and Thunderbird 152. CVE-2026-12318 Note that Nessu...

Fedora 44 : ldns (2026-1c6479b257)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-1c6479b257 advisory. Update to 1.9.2 for CVE-2026-10846 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

RockyLinux 9 : hplip (RLSA-2026:26297)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26297 advisory. HPLIP: HPLIP: Privilege escalation and arbitrary code execution via operating system command injection CVE-2026-8632 HPLIP: HPLIP: Arbitrary code...

Debian dsa-6348 : gsasl - security update

The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6348 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6348-1 [email protected] https://www.debian.org/security/ Moritz...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 24.04 LTS / 26.04 LTS : OpenImageIO vulnerabilities (USN-8438-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8438-1 advisory. It was discovered that OpenImageIO incorrectly performed bounds checking when processing SGI files. An...

PT-2026-50478

Summary POST /api/v1/calendars/events/event id/update validates that the caller has write access to the calendar the event currently belongs to, but does not validate the destination calendar id supplied in the request body. The model layer then persists the new calendar id unconditionally. A...

Oracle Linux 8 : rsync (ELSA-2026-26408)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-26408 advisory. - Integer overflow in compressed-token decoding CVE-2026-43618 Tenable has extracted the preceding description block directly from the Oracle Linux...

RockyLinux 9 : rsync (RLSA-2026:26410)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26410 advisory. rsync: rsync: Remote memory disclosure via integer overflow in compressed-token decoding CVE-2026-43618 rsync: TOCTOU symlink race condition allowing...

RockyLinux 8 : openssl (RLSA-2026:26275)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26275 advisory. openssl: Use After Free with SSLfreebuffers CVE-2024-4741 openssl: Heap Use-After-Free in OpenSSL PKCS7verify CVE-2026-45447 Tenable has extracted the...

openSUSE 16 Security Update : cyrus-imapd (openSUSE-SU-2026:20962-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20962-1 advisory. Changes in cyrus-imapd: - cyrus-imapd don't start because of missing Requires=var-run.mount from systemd bsc1251788 Remove var-run.mount from...

RockyLinux 8 : rsync (RLSA-2026:26408)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26408 advisory. rsync: rsync: Remote memory disclosure via integer overflow in compressed-token decoding CVE-2026-43618 rsync: TOCTOU symlink race condition allowing...

Linux Distros Unpatched Vulnerability : CVE-2026-12466

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page...

Oracle Linux 8 : openssl (ELSA-2026-26275)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-26275 advisory. - Fix CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify Resolves: RHEL-180978 Tenable has extracted the preceding description block directly...

PT-2026-50583

Summary The API endpoint POST /api/v1/repos/owner/repo/forks only checks IsOrgMember when a user forks a repository into an organization, but does not check CanCreateOrgRepo. The web UI fork handler correctly checks both. This allows a read-only organization member — in a team with can create org...

Linux Distros Unpatched Vulnerability : CVE-2026-12303

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Information disclosure due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

RHEL 8 : postgresql:15 (RHSA-2026:26561)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26561 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL: Operating system accou...

RHEL 9 : postgresql:16 (RHSA-2026:26525)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26525 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL: Operating system accou...