Fedora 43 : rrdtool (2026-111ad9560f)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-111ad9560f advisory. This is an update backporting some safety checks from the rrdtool-1.10.0. Tenable has extracted the preceding description block directly from the Fedora...

Amazon Linux 2 : libreoffice, --advisory ALAS2LIBREOFFICE-2026-008 (ALASLIBREOFFICE-2026-008)

The version of libreoffice installed on the remote host is prior to 5.3.6.1-21. It is, therefore, affected by a vulnerability as referenced in the ALAS2LIBREOFFICE-2026-008 advisory. NOTE: https://www.libreoffice.org/security/cve-2026-4430NOTE:...

ROOT-OS-UBUNTU-2204-CVE-2026-31454 CVE-2026-31454 in rootio-linux - Patched by Root

Root has patched CVE-2026-31454 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

Fedora 44 : pie (2026-3d8d946f69)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3d8d946f69 advisory. Version 1.4.4 Dependencies - Update Composer to 2.9.8 ---- Version 1.4.3 - add output check for dnf permission denied thanks to @asgrim and @hackel - don't...

GHSA-58QX-3VCG-4XPX vulnerabilities

Vulnerabilities for packages: opensearch-dashboards, kubeflow-pipelines, argo-workflows, langfuse, vitess, code-server...

EUVD-2026-31429

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate file ownership and access control, which allows an authenticated user to access and download files belonging to other users or teams via crafted Boards API requests using valid file IDs...

Unity Linux 20.1060e / 20.1070e Security Update: grafana (UTSA-2026-016609)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016609 advisory. Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest...

Unity Linux 20.1070e Security Update: resteasy (UTSA-2026-016757)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016757 advisory. A cross-site scripting XSS flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the...

Unity Linux 20.1060e / 20.1070e Security Update: ganglia (UTSA-2026-016666)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016666 advisory. ganglia-web aka Ganglia Web Frontend through 3.7.5 allows XSS via the header.php ce parameter. Tenable has extracted the preceding description block directly from th...

Unity Linux 20.1070e Security Update: springframework (UTSA-2026-016731)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016731 advisory. In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from...

F5 Networks BIG-IP : BIG-IP HTTP/2 vulnerability (K000159034)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0.1. It is, therefore, affected by a vulnerability as referenced in the K000159034 advisory. When an HTTP/2 profile and an iRule containing theHTTP::redirectorHTTP::respondcommand are configured ...

F5 Networks BIG-IP : iControl REST and tmsh vulnerability (K000160863)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160863 advisory. A vulnerability exists in iControl REST and the TMOS Shell tmsh where a highly privileged, authenticat...

CVE-2026-45207

creationtimestamp| type| source ---|---|--- 2026-05-20 22:00:00+00:00| seen| https://jvn.jp/en/vu/JVNVU90583059 2026-05-21 15:58:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmery5elda2e 2026-05-21 17:00:54+00:00| seen|...

GHSA-8747-7F43-99GQ vulnerabilities

Vulnerabilities for packages: chromium...

RHEL 9 : git-lfs (RHSA-2026:19350)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:19350 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while...

@forwardemail/wildduck (>=4.0.1 <=4.0.3), @johnqh/haraka (>=8.0.1 <=8.0.17) +32 more potentially affected by unknown CVE via @opensearch-project/opensearch (>=3.2.0 <=3.5.1)

@opensearch-project/opensearch NPM version =3.2.0, =4.0.1, =8.0.1, =8.0.2, =5.8.38, =1.0.0, =1.0.0, =1.0.0-alpha.1, =1.1.3, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.3.0-beta.2 and more Source cves: unknown CVE Source advisory: OSV:GHSA-27F5-XJRR-Q9FF...

@antv/g-canvas (>=2.0.0 <=2.0.52), @antv/g-canvaskit (>=1.0.0 <=1.0.51) +6 more potentially affected by unknown CVE via @antv/g-plugin-canvas-picker (>=2.0.0 <=2.3.1)

@antv/g-plugin-canvas-picker NPM version =2.0.0, =2.0.0, =1.0.0, =1.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.58 - @antv/g6 =5.0.46 - @antv/s2 =2.4.12-alpha.1 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3936...

@antv/g-mobile-canvas (>=1.0.0 <=1.1.1), @antv/g-mobile-svg (>=1.0.0 <=1.1.1) +1 more potentially affected by unknown CVE via @antv/g-plugin-gesture (>=2.0.0 <=2.1.1)

@antv/g-plugin-gesture NPM version =2.0.0, =1.0.0, =1.0.0, =1.0.0, =1.1.1 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3944...

@action.sustainability/storybook-dashboard (>=0.1.1 <=0.1.5), @agentlab/ldkg-ui-charts (>=0.1.4 <=0.1.7) +254 more potentially affected by unknown CVE via @antv/l7-maps (>=2.10.0 <=2.25.4)

@antv/l7-maps NPM version =2.10.0, =0.1.1, =0.1.4, =1.1.15, =0.1.0, =1.0.17-beta.1, =0.0.1-beta.2, =1.2.0-beta.0, =0.0.2, =0.0.2, =1.0.1, =0.0.2, =0.0.1, =0.0.4 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-4045...

@antv/smart-board (>=2.0.0 <=2.1.0-alpha.0) potentially affected by unknown CVE via @antv/lite-insight (=2.1.1)

@antv/lite-insight NPM version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/lite-insight and may be impacted: - @antv/smart-board =2.0.0, =2.1.0-alpha.0 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4066...