Linux Distros Unpatched Vulnerability : CVE-2026-36849

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - tiff - None Ubuntu Linux - Denial of Service via large SamplesPerPixel tag CVE-2026-36849 Note that Nessus relies on the presence of the package ...

Hitachi Energy RTU500 NULL Pointer Dereference (CVE-2026-24515)

In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data, causing Denial of Service impact. Product is only affected if IEC 61850 functionality is configured. This plugin only works with Tenable.ot. Please visit...

Photon OS 5.0: Libssh2 PHSA-2026-5.0-0857

An update of the libssh2 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0857. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Nova vulnerability (USN-8434-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8434-1 advisory. It was discovered that Nova did not strip internal nova-prefixed scheduler hints supplied by users on instance creation. An attack...

RHEL 8 : postgresql:15 (RHSA-2026:26561)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26561 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL: Operating system accou...

Oracle Linux 8 : libxslt (ELSA-2026-26355)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-26355 advisory. 1.1.32-6.4.0.1 - Added libxslt-oracle-enterprise.patch and replaced doc/redhat.gif in tarball 1.1.32-6.4 - Fix CVE-2025-10911 RHEL-171739 Tenable has extracted...

Linux Distros Unpatched Vulnerability : CVE-2026-12003

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - To allow builds of Python to be run from an in-tree layout rather than an installed file layout, the VPATH variable is defined at build time and used to locate...

Linux Distros Unpatched Vulnerability : CVE-2026-12451

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially...

Linux Distros Unpatched Vulnerability : CVE-2026-12438

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process t...

Debian dsa-6348 : gsasl - security update

The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6348 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6348-1 [email protected] https://www.debian.org/security/ Moritz...

Hitachi Energy RTU500 NULL Pointer Dereference (CVE-2026-32776)

libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content, causing Denial of Service impact. Product is only affected if IEC 61850 functionality is configured. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-...

Oracle Linux 8 : opencryptoki (ELSA-2026-26352)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-26352 advisory. 3.22.0-3.3 - Resolves: RHEL-171558, Fix possible out-of-bounds access in BER decode functions Tenable has extracted the preceding description block directly fr...

openSUSE 16 Security Update : cyrus-imapd (openSUSE-SU-2026:20962-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20962-1 advisory. Changes in cyrus-imapd: - cyrus-imapd don't start because of missing Requires=var-run.mount from systemd bsc1251788 Remove var-run.mount from...

Fedora 44 : ldns (2026-1c6479b257)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-1c6479b257 advisory. Update to 1.9.2 for CVE-2026-10846 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Security Updates for Microsoft Office Products (June 2026) (macOS)

The version of Microsoft Office for Mac installed on the remote host is affected by multiple vulnerabilities as referenced in the june-16-2026 advisory. - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. CVE-2026-44819, CVE-2026-44824,...

Linux Distros Unpatched Vulnerability : CVE-2026-32836

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drlibs drflac.h version 0.13.3 and earlier fixed in commits fefced4, 4f5a4cd, and 663239a contain an uncontrolled memory allocation vulnerability in...

RHEL 8 : 389-ds:1.4 (RHSA-2026:26463)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26463 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server a...

Linux Distros Unpatched Vulnerability : CVE-2026-12463

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Views. CVE-2026-12463 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C...

RHEL 10 : valkey (RHSA-2026:26540)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26540 advisory. Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists,...

RockyLinux 9 : valkey (RLSA-2026:25925)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:25925 advisory. redis: use-after-free in unblock client flow may allow remote code execution CVE-2026-23479 redis: Remote code execution via use-after-free in Lua...