FreeBSD : Routinator -- CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (e7be3859-6a58-11f1-bf61-3c7c3fba4204)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e7be3859-6a58-11f1-bf61-3c7c3fba4204 advisory. https://www.nlnetlabs.nl/downloads/routinator/CVE-2026-49233.txt reports: Routinator does not properly...

Linux Distros Unpatched Vulnerability : CVE-2026-48979

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PHP Standard Library PSL is set of APIs covering async, collections, networking, I/O, cryptography, terminal UI, etc. In versions 6.1.0, 6.1.1 and 6.2.0, the...

RHEL 7 : firefox (RHSA-2026:26551)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:26551 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

MiracleLinux 8 : openssl-1.1.1k-16.el8_6 (AXSA:2026-792:09)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-792:09 advisory. openssl: Use After Free with SSLfreebuffers CVE-2024-4741 openssl: Heap Use-After-Free in OpenSSL PKCS7verify CVE-2026-45447 Tenable has extracted th...

Linux Distros Unpatched Vulnerability : CVE-2026-46869

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell: Dump and Load. Supported versions that are affected are 8.4.0-8.4.9 and 9.0.0-9.7.0...

Linux Distros Unpatched Vulnerability : CVE-2026-56132

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there i...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : kitty vulnerabilities (USN-8442-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8442-1 advisory. It was discovered that kitty incorrectly handled certain image data. An attacker able to write to the...

Fedora 45 : python-mistune (2026-182b5d52c9)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-182b5d52c9 advisory. Automatic update for python-mistune-3.2.1-1.fc45. Changelog Thu Jun 18 2026 Miro Hronok - 3.2.1-1 - Update to 3.2.1 - Security fix for CVE-2026-44898 - Fixes...

Ubuntu 26.04 LTS : GStreamer Bad Plugins vulnerabilities (USN-8446-1)

The remote Ubuntu 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8446-1 advisory. It was discovered that GStreamer Bad Plugins incorrectly handled parsing H.266/VVC picture partition data. An attacker could use this issue to cause...

MiracleLinux 8 : webkit2gtk3-2.52.4-1.el8_10.ML.1 (AXSA:2026-799:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-799:03 advisory. webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash CVE-2026-28946 webkitgtk: Processing maliciously crafted...

MiracleLinux 8 : dracut-049-244.git20260529.el8_10 (AXSA:2026-806:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-806:01 advisory. dracut: dracut: Root code execution via DHCP options command injection CVE-2026-6893 Tenable has extracted the preceding description block directly from the...

SUSE SLES15 Security Update : distribution (SUSE-SU-2026:2413-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2413-1 advisory. This update for distribution rebuilds it against the current go security release. Tenable has extracted the preceding description block...

Photon OS 5.0: Libpng PHSA-2026-5.0-0883

An update of the libpng package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0883. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Linux Distros Unpatched Vulnerability : CVE-2026-56210

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding...

Linux Distros Unpatched Vulnerability : CVE-2026-40181

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open...

Fedora 44 : perl-GD (2026-263adf0222)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-263adf0222 advisory. This update fixes a command injection issue resulting from the use of the 2-argument form of open CVE-2026-11526. Tenable has extracted the preceding...

Linux Distros Unpatched Vulnerability : CVE-2026-46815

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: VMSVGA device. The supported version that is affected is 7.2.8. Easily...

Linux Distros Unpatched Vulnerability : CVE-2026-46877

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: VMSVGA device. The supported version that is affected is 7.2.8. Easily...

SUSE SLES12 Security Update : LibVNCServer (SUSE-SU-2026:2428-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:2428-1 advisory. - CVE-2026-44988: Fixed missing validation of rectangle width in tight gradient decoding can lead to server-triggered out-of-bounds write bsc1266459...

RockyLinux 10 : hplip (RLSA-2026:26228)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26228 advisory. HPLIP: HPLIP: Privilege escalation and arbitrary code execution via operating system command injection CVE-2026-8632 HPLIP: HPLIP: Arbitrary code...