Linux Distros Unpatched Vulnerability : CVE-2026-49271

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offse...

Linux Distros Unpatched Vulnerability : CVE-2026-46862

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Router product of Oracle MySQL component: Router: General. Supported versions that are affected are 8.4.0-8.4.9 and 9.0.0-9.7.0. Easi...

Linux Distros Unpatched Vulnerability : CVE-2026-56367

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 contains an integer overflow in the PSB PSD v2 RLE decoding path ReadPSDChannelRLE in coders/psd.c that...

Fedora 44 : kubernetes1.35 (2026-b56d6f4b79)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-b56d6f4b79 advisory. - Update to release v1.35.6 - Resolves: rhbz2467606 - Upstream fixes Tenable has extracted the preceding description block directly from the Fedora security...

Linux Distros Unpatched Vulnerability : CVE-2026-52911

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: scope conn-binding slowpath to bound sessions only When the binding SESSIONSETUP sets conn-binding = true, the flag stays set after the call so that the...

Fedora 43 : alertmanager (2026-1ad4561f49)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-1ad4561f49 advisory. Update to 0.33.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

Fedora 44 : ansible-core (2026-7f70f809f0)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-7f70f809f0 advisory. - Mitigates CVE-2026-11332 rhbz2485397 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...

Fedora 43 : mingw-SDL2_image (2026-bc38ebdf4c)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-bc38ebdf4c advisory. Update to SDL2image 2.8.12, fixes CVE-2026-35444. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

MongoDB-backed Spring Batch jobs and more in Spring Boot 4.1

Spring Batch was introduced many years before MongoDB existed, and its design assumed the presence of a SQL database in which to store the state of Spring Batch jobs. But that was decades ago, and a common question for anyone new to Spring Batch was, "Why does this thing need to talk to a SQL...

Linux Distros Unpatched Vulnerability : CVE-2026-56406

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libexpat before 2.8.2 has an integer overflow in XMLParseBuffer because it lacked a check that was present in XMLParse. CVE-2026-56406 Note that Nessus relies o...

Linux Distros Unpatched Vulnerability : CVE-2026-56408

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libexpat before 2.8.2 has an integer overflow in copyString. CVE-2026-56408 Note that Nessus relies on the presence of the package as reported by the vendor...

Linux Distros Unpatched Vulnerability : CVE-2026-56411

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations. CVE-2026-56411 Note that Nessus relies on the presence of th...

Linux Distros Unpatched Vulnerability : CVE-2026-56412

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libexpat before 2.8.2 does not consider XMLTOKDATACHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in...

Linux Distros Unpatched Vulnerability : CVE-2026-56410

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId. CVE-2026-56410 Note that Nessus relies on the presence of the package as reported by...

Linux Distros Unpatched Vulnerability : CVE-2026-56403

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libexpat before 2.8.2 has an integer overflow in storeAtts. CVE-2026-56403 Note that Nessus relies on the presence of the package as reported by the vendor...

Linux Distros Unpatched Vulnerability : CVE-2026-56409

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used. CVE-2026-56409 Note that Nessus relies on the presence...

Linux Distros Unpatched Vulnerability : CVE-2026-56407

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen. CVE-2026-56407 Note that Nessus relies on the...

Linux Distros Unpatched Vulnerability : CVE-2026-56404

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libexpat before 2.8.2 has an integer overflow in addBinding. CVE-2026-56404 Note that Nessus relies on the presence of the package as reported by the vendor...

MiracleLinux 8 : [security - high] postgresql:15, postgresql-15.18-1.module+el8+1991+27afe6d7 (AXSA:2026-811:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-811:01 advisory. postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison CVE-2026-6478 postgresql: integer overflow can cause...

RHEL 8 : kernel (RHSA-2026:27353)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27353 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Use-after-free ...