Fortra GoAnywhere Managed File Transfer (MFT) < 7.10.0 Multiple Vulnerabilities

According to its self-reported version, the instance of Fortra GoAnywhere Managed File Transfer MFT running on the remote host is prior to 7.10.0. It is, therefore, affected by multiple vulnerabilities, including: - The login limit is not enforced on the SFTP service if the Web User is configured...

RHEL 9 : 389-ds-base (RHSA-2026:26452)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26452 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server a...

IBM WebSphere Application Server 8.5.x < 8.5.5.30 / 9.x < 9.0.5.29 (7276597)

The version of IBM WebSphere Application Server running on the remote host is affected by a vulnerability as referenced in the 7276597 advisory. - IBM WebSphere Application Server could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications. CWE:...

Python Library OpenEXR 3.4.x < 3.4.12 Multiple Vulnerabilities

The version of the OpenEXR Python package installed on the remote host is 3.4.x prior to 3.4.12. It is, therefore, affected by multiple vulnerabilities: - An integer overflow in htundoimpl in src/lib/OpenEXRCore/internalht.cpp leads to a heap-buffer-overflow when decoding a crafted HTJ2K-compress...

PT-2026-50537

Name of the Vulnerable Software and Affected Versions NGINX Gateway Fabric affected versions not specified Description An injection issue exists in the NGINX configuration generator component of NGINX Gateway Fabric when NGINX Plus or NGINX Open Source is used as the data plane. User-supplied...

Fedora 43 : tig (2026-28df92c223)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-28df92c223 advisory. Fix editor command injection vulnerability only affectsversion 2.6.0. 1432 https://github.com/jonas/tig/issues/1432 Tenable has extracted the preceding...

RockyLinux 8 : libpng12 (RLSA-2026:26348)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:26348 advisory. libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVE-2026-33416 Tenable has extracted the preceding description block directly from t...

Linux Distros Unpatched Vulnerability : CVE-2026-6009

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution RCE, potentially allowing code execution on the affected system...

Linux Distros Unpatched Vulnerability : CVE-2026-12447

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap buffer overflow in WebRTC in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML...

Linux Distros Unpatched Vulnerability : CVE-2026-53615

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - util-linux - None Ubuntu Linux - Integer Overflow or Wraparound in libblkid/src/partitions/dos.c CVE-2026-53615 Note that Nessus relies on the...

Linux Distros Unpatched Vulnerability : CVE-2026-12291

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and...

openSUSE 16 Security Update : neonmodem (openSUSE-SU-2026:20963-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20963-1 advisory. Changes in neonmodem: - Update golang.org/x/net dependency to v0.55.0 due to bsc1267193 - Update golang.org/x/image dependency to v0.38.0 due to...

Ubuntu 22.04 LTS : Linux kernel (Azure) vulnerabilities (USN-8440-1)

"The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8440-1 advisory. Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the...

RHEL 9 : kernel (RHSA-2026:26515)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26515 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net: use dstdevrcu in...

openSUSE 16 Security Update : python-python-dotenv (openSUSE-SU-2026:20952-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20952-1 advisory. This update for python-python-dotenv fixes the following issue: - CVE-2026-28684: Prior to version 1.2.2, setkey and unsetkey in python-dotenv follow...

Photon OS 5.0: Nginx PHSA-2026-5.0-0857

An update of the nginx package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0857. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

MiracleLinux 8 : postfix-3.5.8-8.el8_10 (AXSA:2026-789:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-789:01 advisory. postfix: buffer over-read via malformed enhanced status code CVE-2026-43964 Tenable has extracted the preceding description block directly from the MiracleLin...

RockyLinux 8 : postfix (RLSA-2026:25932)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:25932 advisory. postfix: buffer over-read via malformed enhanced status code CVE-2026-43964 Tenable has extracted the preceding description block directly from the RockyLinux...

PT-2026-50449

In JazzCore python-pdfkit 1.0.0, the from string method enables the execution of JavaScript code within the context of the server application and the exfiltration of local files...

RockyLinux 9 : postfix (RLSA-2026:26205)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:26205 advisory. postfix: buffer over-read via malformed enhanced status code CVE-2026-43964 Tenable has extracted the preceding description block directly from the RockyLinux...