Fedora 44 : ansible-core (2026-7f70f809f0)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-7f70f809f0 advisory. - Mitigates CVE-2026-11332 rhbz2485397 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...

Linux Distros Unpatched Vulnerability : CVE-2026-56403

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libexpat before 2.8.2 has an integer overflow in storeAtts. CVE-2026-56403 Note that Nessus relies on the presence of the package as reported by the vendor...

Fedora 44 : perl-Crypt-PBKDF2 (2026-5b12cc327e)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-5b12cc327e advisory. This update addresses a number of security issues: Change the default hash algorithm to HMAC-SHA256, and increase the default number of iterations t...

Linux Distros Unpatched Vulnerability : CVE-2026-56411

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations. CVE-2026-56411 Note that Nessus relies on the presence of th...

Fedora 43 : mingw-SDL2_image (2026-bc38ebdf4c)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-bc38ebdf4c advisory. Update to SDL2image 2.8.12, fixes CVE-2026-35444. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

Photon OS 5.0: Sqlite PHSA-2026-5.0-0889

An update of the sqlite package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0889. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 5.0: Frr PHSA-2026-5.0-0884

An update of the frr package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0884. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid32183...

Fedora 44 : perl-Config-IniFiles (2026-1c2676703e)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-1c2676703e advisory. Update to 3.001000, fixes CVE-2026-11527 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

Linux Distros Unpatched Vulnerability : CVE-2025-70102

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/dhcpcd 10.3.0 while parsing configuration options. In parseoption src/if-options.c:1886, t...

Debian dsa-6355 : ata-modules-6.12.90+deb13-armmp-di - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6355 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6355-1 [email protected] https://www.debian.org/securit...

Fedora 44 : yt-dlp (2026-bb702c613b)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-bb702c613b advisory. - Update to 2026.06.09. Fixes rhbz2487407. - Mitigates CVE-2026-50019, CVE-2026-50023, CVE-2026-50574 Tenable has extracted the preceding descriptio...

Fedora 44 : chromium (2026-650bd96540)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-650bd96540 advisory. Update to 149.0.7827.155 CVE-2026-12437: Use after free in WebShare CVE-2026-12438: Inappropriate implementation in WebView CVE-2026-12439: Use afte...

Debian dsa-6359 : gstreamer1.0-gtk3 - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6359 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6359-1 [email protected] https://www.debian.org/securit...

Fedora 44 : xdg-desktop-portal (2026-d8f8abf763)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d8f8abf763 advisory. Update to 1.22.1 It fixes CVE-2026-55888 and CVE-2026-55889. Tenable has extracted the preceding description block directly from the Fedora security...

MongoDB-backed Spring Batch jobs and more in Spring Boot 4.1

Spring Batch was introduced many years before MongoDB existed, and its design assumed the presence of a SQL database in which to store the state of Spring Batch jobs. But that was decades ago, and a common question for anyone new to Spring Batch was, "Why does this thing need to talk to a SQL...

MAL-2026-6244 Malicious code in d0rk3r-telemetry (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da4542d225ef144ecc5df2f578104ffc12659196c57b2214ecb54f60620601c6 On import d0rk3rtelemetry, the package spawns a background thread that reads installer-owned secrets and POSTs them to an attacker-controlled endpoin...

Malicious code in d0rk3r-telemetry (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da4542d225ef144ecc5df2f578104ffc12659196c57b2214ecb54f60620601c6 On import d0rk3rtelemetry, the package spawns a background thread that reads installer-owned secrets and POSTs them to an attacker-controlled endpoin...

Malicious code in free-anthropic-claude (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11bfe96b56a6615a50639b25de793e14044ea393c2029b26fa4e1b9e3dc5a22f This package impersonates the Anthropic Claude SDK name and description claim to be an 'Official Anthropic Claude SDK wrapper', author is...

MAL-2026-6260 Malicious code in free-anthropic-claude (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11bfe96b56a6615a50639b25de793e14044ea393c2029b26fa4e1b9e3dc5a22f This package impersonates the Anthropic Claude SDK name and description claim to be an 'Official Anthropic Claude SDK wrapper', author is...

explotability_analysis_ebpf

eBPF Verifier Exploit Research — s344024 Romano Simone Resear...