Linux Distros Unpatched Vulnerability : CVE-2026-12292

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird...

Linux Distros Unpatched Vulnerability : CVE-2026-12308

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. CVE-2026-12308...

Linux Distros Unpatched Vulnerability : CVE-2026-12311

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbi...

Linux Distros Unpatched Vulnerability : CVE-2026-12296

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird...

IBM WebSphere Application Server 8.5.x < 8.5.5.30 / 9.x < 9.0.5.29 (7276600)

The version of IBM WebSphere Application Server running on the remote host is affected by a vulnerability as referenced in the 7276600 advisory. - IBM WebSphere Application Server is vulnerable to server-side request forgery SSRF with the Ajax Proxy configured. This may allow an attacker to send...

Linux Distros Unpatched Vulnerability : CVE-2026-12307

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. CVE-2026-12307...

MinIO RELEASE.2022-07-24T01-54-52Z < RELEASE.2026-04-14T21-32-45Z Path Traversal (CVE-2026-42600)

The version of MinIO installed on the remote host is RELEASE.2022-07-24T01-54-52Z or later but prior to RELEASE.2026-04-14T21-32-45Z. It is, therefore, affected by a path traversal vulnerability: - A path traversal vulnerability in MinIO's ReadMultiple internode storage-REST endpoint allows a...

Fortra GoAnywhere Managed File Transfer (MFT) < 7.10.0 Multiple Vulnerabilities

According to its self-reported version, the instance of Fortra GoAnywhere Managed File Transfer MFT running on the remote host is prior to 7.10.0. It is, therefore, affected by multiple vulnerabilities, including: - The login limit is not enforced on the SFTP service if the Web User is configured...

RHEL 9 : 389-ds-base (RHSA-2026:26452)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26452 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server a...

IBM WebSphere Application Server 8.5.x < 8.5.5.30 / 9.x < 9.0.5.29 (7276597)

The version of IBM WebSphere Application Server running on the remote host is affected by a vulnerability as referenced in the 7276597 advisory. - IBM WebSphere Application Server could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications. CWE:...

Python Library OpenEXR 3.4.x < 3.4.12 Multiple Vulnerabilities

The version of the OpenEXR Python package installed on the remote host is 3.4.x prior to 3.4.12. It is, therefore, affected by multiple vulnerabilities: - An integer overflow in htundoimpl in src/lib/OpenEXRCore/internalht.cpp leads to a heap-buffer-overflow when decoding a crafted HTJ2K-compress...

PT-2026-50537

Name of the Vulnerable Software and Affected Versions NGINX Gateway Fabric affected versions not specified Description An injection issue exists in the NGINX configuration generator component of NGINX Gateway Fabric when NGINX Plus or NGINX Open Source is used as the data plane. User-supplied...

Fedora 43 : tig (2026-28df92c223)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-28df92c223 advisory. Fix editor command injection vulnerability only affectsversion 2.6.0. 1432 https://github.com/jonas/tig/issues/1432 Tenable has extracted the preceding...

RockyLinux 8 : libpng12 (RLSA-2026:26348)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:26348 advisory. libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVE-2026-33416 Tenable has extracted the preceding description block directly from t...

Linux Distros Unpatched Vulnerability : CVE-2026-6009

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution RCE, potentially allowing code execution on the affected system...

Linux Distros Unpatched Vulnerability : CVE-2026-12447

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap buffer overflow in WebRTC in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML...

Linux Distros Unpatched Vulnerability : CVE-2026-53615

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - util-linux - None Ubuntu Linux - Integer Overflow or Wraparound in libblkid/src/partitions/dos.c CVE-2026-53615 Note that Nessus relies on the...

Linux Distros Unpatched Vulnerability : CVE-2026-12291

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and...

Linux Distros Unpatched Vulnerability : CVE-2026-12452

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Downloads in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted...

📄 dedoc/scramble 0.13.2 Remote Code Execution

This is a Metasploit exploit module for CVE-2026-44262, an unauthenticated remote code execution vulnerability in the Laravel-based tool dedoc/scramble. ================================================================================================================================== | Title :...