Linux Distros Unpatched Vulnerability : CVE-2026-46874

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.2.8. Easily exploitable...

RockyLinux 8 : xorg-x11-server (RLSA-2026:26709)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26709 advisory. xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch...

Ubuntu 26.04 LTS : GStreamer Bad Plugins vulnerabilities (USN-8446-1)

The remote Ubuntu 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8446-1 advisory. It was discovered that GStreamer Bad Plugins incorrectly handled parsing H.266/VVC picture partition data. An attacker could use this issue to cause...

SUSE SLES15 Security Update : distribution (SUSE-SU-2026:2413-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2413-1 advisory. This update for distribution rebuilds it against the current go security release. Tenable has extracted the preceding description block...

Linux Distros Unpatched Vulnerability : CVE-2026-48931

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request. This vulnerability affects al...

FreeBSD : Routinator -- CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (e7be3859-6a58-11f1-bf61-3c7c3fba4204)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e7be3859-6a58-11f1-bf61-3c7c3fba4204 advisory. https://www.nlnetlabs.nl/downloads/routinator/CVE-2026-49233.txt reports: Routinator does not properly...

Linux Distros Unpatched Vulnerability : CVE-2026-48990

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions 1.3.4 through 1.6.5, joser...

SUSE SLES15 Security Update : buildah (SUSE-SU-2026:2415-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2415-1 advisory. This update for buildah rebuilds it against the current go security release. Tenable has extracted the preceding description block directly...

Linux Distros Unpatched Vulnerability : CVE-2026-46815

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: VMSVGA device. The supported version that is affected is 7.2.8. Easily...

Linux Distros Unpatched Vulnerability : CVE-2026-11525

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: When undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring, rather than the...

Linux Distros Unpatched Vulnerability : CVE-2026-44663

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11...

Linux Distros Unpatched Vulnerability : CVE-2026-43915

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.11.0 contain a stored cross-site scripting XSS vulnerability in the...

Linux Distros Unpatched Vulnerability : CVE-2026-40181

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open...

Linux Distros Unpatched Vulnerability : CVE-2026-12151

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of...

FreeBSD : Routinator -- CWE-755 Improper Handling of Exceptional Conditions (ab152ccb-6a59-11f1-bf61-3c7c3fba4204)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ab152ccb-6a59-11f1-bf61-3c7c3fba4204 advisory. https://www.nlnetlabs.nl/downloads/routinator/CVE-2026-49235.txt reports: When Routinator encounters a...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Config-IniFiles vulnerability (USN-8445-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8445-1 advisory. It was discovered that Config-IniFiles incorrectly handled the -file argument in certain situations. An attacker could possibly us...

Linux Distros Unpatched Vulnerability : CVE-2026-50195

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux - Unknown description CVE-2026-50195 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenabl...

Linux Distros Unpatched Vulnerability : CVE-2026-9675

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: The undici WebSocket client enforces maxPayloadSize per-frame but does not enforce the cumulative size of fragmented uncompressed messages. A malicious...

FreeBSD : Routinator -- CWE-20 Improper Input Validation (40edfb37-6a59-11f1-bf61-3c7c3fba4204)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 40edfb37-6a59-11f1-bf61-3c7c3fba4204 advisory. https://www.nlnetlabs.nl/downloads/routinator/CVE-2026-49234.txt reports: When sending a specifically...

Linux Distros Unpatched Vulnerability : CVE-2026-56132

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there i...