Photon OS 5.0: Libsolv PHSA-2026-5.0-0886

An update of the libsolv package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0886. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Linux Distros Unpatched Vulnerability : CVE-2026-48821

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a DOM-based Cross-Site Scripting XSS vulnerability in the Thumbnail Synchronizer...

Linux Distros Unpatched Vulnerability : CVE-2026-44587

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CarrierWave is a framework to upload files from Ruby applications. In versions prior to 2.2.7 and 3.1.3, the contenttypedenylist check fails to escape regex...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Graphite vulnerability (USN-8444-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8444-1 advisory. It was discovered that Graphite incorrectly handled memory when running certain actions. An attacker could use this issue to cause...

SUSE SLES15 Security Update : containerized-data-importer (SUSE-SU-2026:2407-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2407-1 advisory. This update for containerized-data-importer rebuilds the current sources against latest go security release and the images against the lates...

Photon OS 5.0: Ruby PHSA-2026-5.0-0882

An update of the ruby package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0882. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

MiracleLinux 8 : openssl-1.1.1k-16.el8_6 (AXSA:2026-792:09)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-792:09 advisory. openssl: Use After Free with SSLfreebuffers CVE-2024-4741 openssl: Heap Use-After-Free in OpenSSL PKCS7verify CVE-2026-45447 Tenable has extracted th...

RHEL 7 : firefox (RHSA-2026:26551)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:26551 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

Linux Distros Unpatched Vulnerability : CVE-2026-46869

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell: Dump and Load. Supported versions that are affected are 8.4.0-8.4.9 and 9.0.0-9.7.0...

Oracle Linux 8 : xorg-x11-server (ELSA-2026-26709)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-26709 advisory. 1.20.11-28.2 - Other security related fixes Resolves: https://redhat.atlassian.net/browse/RHEL-184289 1.20.11-28.1 - CVE fix for: CVE-2026-50256,...

Fedora 44 : perl-Net-Statsd (2026-9c71664439)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-9c71664439 advisory. Metric names and values are now validated to ensure they do not contain characters below ASCII 32 including newlines, colon : or pipe | characters that might...

SUSE SLES12 Security Update : LibVNCServer (SUSE-SU-2026:2428-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:2428-1 advisory. - CVE-2026-44988: Fixed missing validation of rectangle width in tight gradient decoding can lead to server-triggered out-of-bounds write bsc1266459...

RockyLinux 10 : hplip (RLSA-2026:26228)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26228 advisory. HPLIP: HPLIP: Privilege escalation and arbitrary code execution via operating system command injection CVE-2026-8632 HPLIP: HPLIP: Arbitrary code...

Photon OS 5.0: Util PHSA-2026-5.0-0885

An update of the util package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0885. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Linux Distros Unpatched Vulnerability : CVE-2026-46877

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: VMSVGA device. The supported version that is affected is 7.2.8. Easily...

Linux Distros Unpatched Vulnerability : CVE-2026-56131

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : kitty vulnerabilities (USN-8442-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8442-1 advisory. It was discovered that kitty incorrectly handled certain image data. An attacker able to write to the...

Linux Distros Unpatched Vulnerability : CVE-2026-48979

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PHP Standard Library PSL is set of APIs covering async, collections, networking, I/O, cryptography, terminal UI, etc. In versions 6.1.0, 6.1.1 and 6.2.0, the...

SUSE SLES15 Security Update : shim (SUSE-SU-2026:0741-2)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0741-2 advisory. shim is updated to version 16.1: - shimstartimage: fix guid/handle pairing when uninstalling protocols - Fix uncompressed ipv6 netboot - fix...

SUSE SLES15 Security Update : rootlesskit (SUSE-SU-2026:2451-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2451-1 advisory. This update for rootlesskit rebuilds it against the current go security release. Tenable has extracted the preceding description block...