SUSE CVE-2026-12050

SQL injection in pgAdmin 4's named restore point endpoint POST /browser/server/restorepoint/gid/sid. The user-supplied 'value' field was interpolated directly into the SQL string with str.format instead of being passed as a bound parameter, allowing an authenticated pgAdmin user with a connected...

kernel: Buffer overflow in drivers/xen/sys-hypervisor.c

A flaw was found in the Linux kernel. A buffer overflow vulnerability exists in the Xen hypervisor driver drivers/xen/sys-hypervisor.c. This flaw occurs because the HYPERVISORxenversionXENVERbuildid function returns a build ID that is not properly null-terminated. When the buildidshow function...

Linux Distros Unpatched Vulnerability : CVE-2026-43994

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decodeoauthtokengcm. A uint16t...

Linux Distros Unpatched Vulnerability : CVE-2026-48818

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as...

Linux Distros Unpatched Vulnerability : CVE-2026-48988

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - markdown-it is a Markdown parser. Versions 14.1.1 and below contain a denial-of-service vulnerability when typographer: true is enabled, due to quadratic On^2...

Linux Distros Unpatched Vulnerability : CVE-2026-12199

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in nltk.app.wordnetapp up to version 3.9.3 allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when started in its...

Linux Distros Unpatched Vulnerability : CVE-2026-53488

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - containerd - None Ubuntu Linux - Unknown description CVE-2026-53488 Note that Nessus relies on the presence of the package as reported by the...

RHEL 7 : libexif (RHSA-2026:26567)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26567 advisory. The libexif packages provide a library for extracting extra information from image files. Security Fixes: libexif: libexif: Information...

Linux Distros Unpatched Vulnerability : CVE-2026-47262

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - containerd image-triggered runtime DoS via unbounded group parsing CVE-2026-47262 Note that Nessus relies on the presence of the package as reported by the...

Fedora 43 : vorbis-tools (2026-cbf4cd18d1)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-cbf4cd18d1 advisory. CVE-2026-34253 - fix arbitrary code execution via buffer underflow Tenable has extracted the preceding description block directly from the Fedora security...

Fedora 43 : perl-HTTP-Daemon (2026-f276b2154e)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-f276b2154e advisory. Changes: 6.17 2026-05-19 23:11:06Z - Fix CVE-2026-8450 affects 6.15 and earlier: 2-arg open in sendfile enabled RCE / arbitrary file write / response-body...

RockyLinux 8 : dracut (RLSA-2026:26534)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:26534 advisory. dracut: dracut: Root code execution via DHCP options command injection CVE-2026-6893 Tenable has extracted the preceding description block directly from the...

SUSE SLES16 Security Update : editorconfig-core-c (SUSE-SU-2026:22125-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:22125-1 advisory. This update for editorconfig-core-c fixes the following issue: - CVE-2026-40489: lpattern buffer overflow bsc1262131. Tenable has extracted...

SUSE SLES15 Security Update : container-suseconnect (SUSE-SU-2026:2420-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2420-1 advisory. This update for container-suseconnect rebuilds it against the current go security release. Tenable has extracted the preceding description...

RHEL 8 : dracut (RHSA-2026:26534)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26534 advisory. The dracut packages contain an event-driven initial RAM file system initramfs generator infrastructure based on the udev device manager. The virtual...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Config-IniFiles vulnerability (USN-8445-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8445-1 advisory. It was discovered that Config-IniFiles incorrectly handled the -file argument in certain situations. An attacker could possibly us...

Linux Distros Unpatched Vulnerability : CVE-2026-46825

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: VMSVGA device. The supported version that is affected is 7.2.8. Easily...

SUSE SLES15 Security Update : ffmpeg-4 (SUSE-SU-2026:2444-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2444-1 advisory. This update for ffmpeg-4 fixes the following issues Update to version 4.4.7: - CVE-2023-6601: HLS Unsafe File Extension Bypass...

Linux Distros Unpatched Vulnerability : CVE-2026-46863

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server, MySQL Cluster product of Oracle MySQL component: Server: Connection Handling. Supported versions that are affected are MySQL...

Linux Distros Unpatched Vulnerability : CVE-2026-55766

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - php-guzzlehttp-psr7 - None CVE-2026-55766 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C...