AlmaLinux 9 : libpng (ALSA-2026:18028)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:18028 advisory. libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVE-2026-33416 Tenable has extracted the preceding description block directly from th...

MiracleLinux 8 : rsync-3.1.3-25.el8_10 (AXSA:2026-627:03)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-627:03 advisory. rsync: Rsync: Use-after-free vulnerability in extended attribute handling CVE-2026-41035 Tenable has extracted the preceding description block directly from t...

Fedora 44 : pypy (2026-130f7539d3)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-130f7539d3 advisory. Security fix for CVE-2026-3219 in the bundled pip wheel Tenable has extracted the preceding description block directly from the Fedora security advisory. Not...

Amazon Linux 2023 : socat (ALAS2023-2026-1701)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1701 advisory. readline.sh in socat through 1.8.0.1 relies on the /tmp/$USER/stderr2 file. CVE-2024-54661 Tenable has extracted the preceding description block directly from the tested product security advisory. Note...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers CVE-2026-43503 In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy...

Important: kernel6.18

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers CVE-2026-43503 In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy...

GHSA-RJG2-95X7-8QMX Strapi may leak sensitive data via relational filtering due to lack of query sanitization

Summary of CVE-2026-27886 Vulnerability Details - CVE: CVE-2026-27886 - CVSS v3.1 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N 9.3 — Critical - Affected Versions: @strapi/strapi =5.37.0 Description of CVE-2026-27886 Strapi versions prior to 5.37.0 did not sufficiently...

Medium: python-tornado

Issue Overview: In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters. CVE-2026-35536 Affected Packages: python-tornado Note: This advisory is applicable to Amazon Linux...

Amazon Linux 2 : dnsmasq, --advisory ALAS2DNSMASQ-2026-003 (ALASDNSMASQ-2026-003)

The version of dnsmasq installed on the remote host is prior to 2.90-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DNSMASQ-2026-003 advisory. dnsmasqs extractname function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache...

Fedora 42 : krb5 (2026-6c99aaa6d3)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-6c99aaa6d3 advisory. - Fix NegoEx parsing vulnerabilities CVE-2026-40355, CVE-2026-40356 Tenable has extracted the preceding description block directly from the Fedora...

Fedora 44 : firefox (2026-67917a57a3)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-67917a57a3 advisory. - Updated to latest upstream 150.0.3 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

Linux Distros Unpatched Vulnerability : CVE-2026-7210

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xml.parsers.expat and xml.etree.ElementTree use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash...

Strapi: Password Reset Does Not Revoke Existing Refresh Sessions

Summary of CVE-2026-22706 Vulnerability Details - CVE: CVE-2026-22706 - CVSS v3.1 Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N 2.1 — Low - Affected Versions: @strapi/admin and @strapi/plugin-users-permissions =5.33.3 Description of CVE-2026-22706 In Strapi versions prio...

AlmaLinux 9 : openexr (ALSA-2026:15887)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:15887 advisory. OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file CVE-2026-34588 Tenable has extracted the preceding description block...

PT-2026-40025

Name of the Vulnerable Software and Affected Versions Dovecot versions prior to 2.4.4-1.1 Description An attacker positioned between Dovecot and the client connection can use a specially crafted base64 exchange to fake SCRAM TLS channel binding. This allows the attacker to act as a MITM...

Oracle Linux 10 : openexr (ELSA-2026-15888)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-15888 advisory. 3.1.10-8.2 - fix CVE-2026-34588 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has n...

PT-2026-39722

Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description The xml.parsers.expat and xml.etree.ElementTree modules use insufficient entropy for Expat hash-flooding protection. This allows a specially crafted XML document to trigger hash flooding, a...

Oracle Linux 8 : glib2 (ELSA-2026-15953)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-15953 advisory. 2.68.4-169 - Add patch for CVE-2025-14087 and CVE-2025-14512 Tenable has extracted the preceding description block directly from the Oracle Linux...

Oracle Linux 9 : glib2 (ELSA-2026-15971)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-15971 advisory. 2.68.4-18.2 - Add patch for CVE-2025-14087 and CVE-2025-14512 Tenable has extracted the preceding description block directly from the Oracle Linux...

Unity Linux 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-017432)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017432 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway...