424 matches found
CVE-2026-33636 vulnerabilities
Vulnerabilities for packages: libpng...
CVE-2026-8970 vulnerabilities
Vulnerabilities for packages: firefox...
ROOT-OS-UBUNTU-2404-CVE-2026-53157 CVE-2026-53157 in rootio-linux - Patched by Root
Root has patched CVE-2026-53157 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2204-CVE-2026-45956 CVE-2026-45956 in rootio-linux - Patched by Root
Root has patched CVE-2026-45956 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...
ROOT-OS-DEBIAN-13-CVE-2026-43309 CVE-2026-43309 in rootio-linux - Patched by Root
Root has patched CVE-2026-43309 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...
TinaCMS - Path Traversal
TinaCMS CLI 2.1.8 contains a file system read vulnerability caused by disabled Vite server.fs.strict setting, letting unauthenticated attackers read arbitrary files on the host system, exploit requires access to the dev server. id: CVE-2026-29066 info: name: TinaCMS - Path Traversal author:...
RHSA-2026:25245 Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Bulletin has no description...
DEBIAN-CVE-2026-48618
A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under...
Oracle Linux 9 : python3.14-urllib3 (ELSA-2026-28157)
The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-28157 advisory. - Security fix for CVE-2026-44431 and CVE-2026-44432 Tenable has extracted the preceding description block directly from the Oracle Linux security...
Oracle Linux 9 : openssl (ELSA-2026-25239)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-25239 advisory. - Fix CVE-2026-7383, CVE-2026-9076, CVE-2026-34180, CVE-2026-34181, CVE-2026-34183, CVE-2026-42764, CVE-2026-42766, CVE-2026-42767, CVE-2026-42768,...
DEBIAN-CVE-2026-53236
In the Linux kernel, the following vulnerability has been resolved: tcp: restrict SOATTACHFILTER to priv users This patch restricts the use of SOATTACHFILTER cBPF on TCP sockets to users with CAPNETADMIN capability. This blocks potential side-channel attack where an unprivileged application...
DEBIAN-CVE-2026-53185
In the Linux kernel, the following vulnerability has been resolved: zram: fix use-after-free in zrambvecwritepartial zramreadpage picks the sync or async backing device read path based on whether the parent bio is NULL. zrambvecwritepartial passes its parent bio down, so for ZRAMWB slots the read...
Oracle Linux 9 : hplip (ELSA-2026-26297)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-26297 advisory. - OSH fixes after CVE-2026-8631 - CVE-2026-8631 hplip: HPLIP: Arbitrary code execution and privilege escalation via integer overflow in hpcups Tenable...
RHEL 9 : nginx:1.24 (RHSA-2026:28212)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28212 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...
RockyLinux 9 : nginx:1.24 (RLSA-2026:28212)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:28212 advisory. nginx: ngxhttprewritemodule: code execution and denial of service CVE-2026-9256 Tenable has extracted the preceding description block directly from the RockyLinu...
Oracle Linux 9 : libsndfile (ELSA-2026-19610)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19610 advisory. 1.0.32-9.1 - apply patch for CVE-2026-37555 Resolves: ?RHEL-174543 Tenable has extracted the preceding description block directly from the Oracle Linux securit...
EUVD-2026-38248
Mattermost versions 11.7.x = 11.7.0, 10.11.x = 10.11.17 fail to enforce bot-specific permission checks on the user active status endpoint, which allows a User Manager with user management write access but no Integrations access to deactivate bot accounts via the PUT /api/v4/users/id/active API...
RHEL 9 : postgresql (RHSA-2026:27741)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27741 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL: Operating system accou...
RHCOS 4 : OpenShift Container Platform 4.16.64 (RHSA-2026:25043)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:25043 advisory. - net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 Note that Nessus has not tested for this issue but has instead...
AlmaLinux 9 : dracut (ALSA-2026:26533)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:26533 advisory. dracut: dracut: Root code execution via DHCP options command injection CVE-2026-6893 Tenable has extracted the preceding description block directly from the...