Tenable Sensor Proxy < 1.4.0 Multiple Vulnerabilities (TNS-2026-15)

According to its self-reported version, the Tenable Sensor Proxy running on the remote host is prior to 1.4.0. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2026-15 advisory. - When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed...

Microsoft Visual Studio Products (April 2026)

The Microsoft Visual Studio Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network. CVE-2026-32203 - Improper neutralization of special...

Roblox gives predators &#8220;powerful tools&#8221; to target children, says LA County

Los Angeles County has sued online gaming company Roblox, adding to a series of suits that accuse the virtual worlds platform of misleading parents into thinking it's safe while leaving children exposed to predators and sexually explicit content. The February 19 filing makes LA County the first...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38173)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38173 advisory. - In the Linux kernel, the following vulnerability has been resolved: crypto: marvell/cesa - Handle zero- leng...

Fedora 43 : mariadb10.11 (2026-39e035a84c)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-39e035a84c advisory. MariaDB 10.11.15 Release notes: https://mariadb.com/docs/release-notes/community-server/10.11/10.11.15 Tenable has extracted the preceding description block...

PHP 8.2.x < 8.2.30 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.2.30. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.2.30 advisory. - Debian Linux - php7.4 - None php8.2 - None php8.4 - None Ubuntu Linux - Unknown description CVE-2025-14177, CVE-2025-14178,...

Atlassian Jira 11.x < 11.2.0 XML External Entity Injection

According to its self-reported version number, the Atlassian Jira application running on the remote host is 10.3.x prior to 10.3.13 or 11.x prior to 11.2.0. It is, therefore, affected by a XML External Entity Injection XXE vulnerability. Note that the scanner has not tested for these issues but h...

Tenable Nessus 10.8.0 <= 10.8.6 / 10.9.0 < 10.9.6 / 10.10.0 <= 10.10.1 / 10.11.0 < 10.11.1 Multiple Vulnerabilities (TNS-2025-24)

According to its self-reported version, the Tenable Nessus application running on the remote host is 10.8.0 prior or equal to 10.8.6, 10.9.0 prior to 10.9.6, 10.10.0 prior or equal to 10.10.1 and 10.11.0 prior to 10.11.1. It is, therefore, affected by multiple vulnerabilities as referenced in the...

Security Updates for Microsoft Word Products (December 2025)

The Microsoft Word Products are missing a security update. They are, therefore, affected by multiple remote code execution vulnerabilities. An attacker can exploit these to bypass authentication and execute unauthorized arbitrary commands. Note that Nessus has not tested for these issues but has...

Fedora 43 : gnutls (2025-45b1844342)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-45b1844342 advisory. Update to the 3.8.11 release with a fix for CVE-2025-9820 and several enhancements. Tenable has extracted the preceding description block directly from the...

FreeBSD : chromium -- multiple security fixes (ca5d4e87-c465-11f0-b3f7-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ca5d4e87-c465-11f0-b3f7-a8a1599412c6 advisory. Chrome Releases reports: This update includes 2 security fixes: Tenable has extracted the...

Lucee 5.4.x < 5.4.3.2 Remote Code Execution

According to its self-reported version number, Lodash is prior to 5.3.12.1 or 5.4.x prior to 5.4.3.2. It is, therefore, affected by a Remote Code Execution via an XML XXE attack in the Lucee REST endpoint. Note that the scanner has not tested for these issues but has instead relied only on the...

Telerik UI for ASP.NET AJAX Unsafe Reflection

According to its self-reported version number, the version of Telerik UI for ASP.NET AJAX is affected by an unsafe reflection vulnerability resulting in denial of service and advanced attacks scenarios. Note that the scanner has not tested for these issues but has instead relied only on the...

Google Chrome < 142.0.7444.162 Vulnerability

The version of Google Chrome installed on the remote Windows host is prior to 142.0.7444.162. It is, therefore, affected by a vulnerability as referenced in the 202511stable-channel-update-for-desktop11 advisory. - Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.166 allowe...

Fedora 41 : moodle (2025-d50e995e7d)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-d50e995e7d advisory. 4.4.11 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for these...

Atlassian Jira 9.12.x < 9.12.28 Path Traversal

According to its self-reported version number, the Atlassian Jira application running on the remote host is 9.12.x prior to 9.12.28, 10.3.x prior to 10.3.12 or 11.x prior to 11.1.0. It is, therefore, affected by a path traversal vulnerability. Note that the scanner has not tested for these issues...

Atlassian Jira 10.3.x < 10.3.12 Path Traversal

According to its self-reported version number, the Atlassian Jira application running on the remote host is 9.12.x prior to 9.12.28, 10.3.x prior to 10.3.12 or 11.x prior to 11.1.0. It is, therefore, affected by a path traversal vulnerability. Note that the scanner has not tested for these issues...

Atlassian Confluence 9.2.x < 9.2.7 Denial of Service

According to its self-reported version number, the Atlassian Confluence application running on the remote host is 2.x prior to 8.5.25, 9.2.x prior to 9.2.7 or 10.x prior to 10.0.2. It is, therefore, affected by a denial of service vulnerability. Note that the scanner has not tested for these issu...

Security Updates for Microsoft Visio Products C2R (October 2025)

The Microsoft Visio Products are missing a security update. It is, therefore, affected by a remote code execution vulnerability that attackers can exploit to bypass authentication and execute unauthorized arbitrary commands. Note that Nessus has not tested for this issue but has instead relied on...

AlmaLinux 9 : .NET 8.0 (ALSA-2025:18149)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:18149 advisory. dotnet: .NET Information Disclosure Vulnerability CVE-2025-55248 dotnet: .NET Security Feature Bypass Vulnerability CVE-2025-55315 dotnet: .NET Denial of...