Oracle Linux 8 : nginx:1.24 (ELSA-2026-28921)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-28921 advisory. - Resolves: RHEL-178676 - nginx:1.24/nginx: code execution and denial of service CVE-2026-9256 - Resolves: RHEL-176224 - nginx:1.24/nginx: NGINX: Arbitrary Cod...

AlmaLinux 9 : firefox (ALSA-2026:27734)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:27734 advisory. firefox: thunderbird: Sandbox escape in the DOM: Workers component CVE-2026-12294 firefox: thunderbird: Information disclosure, sandbox escape in the...

RHEL 9 : libpng15 (RHSA-2026:28244)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:28244 advisory. The libpng15 package provides libpng 1.5, an older version of the libpng. library for manipulating PNG Portable Network Graphics image format files...

RHEL 9 : libpng (RHSA-2026:28255)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28255 advisory. The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics PNG image format files. Security...

RHEL 9 : libpng15 (RHSA-2026:28458)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:28458 advisory. The libpng15 package provides libpng 1.5, an older version of the libpng. library for manipulating PNG Portable Network Graphics image format files...

RockyLinux 9 : libpng (RLSA-2026:28255)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:28255 advisory. libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVE-2026-33416 libpng: libpng: Information disclosure and denial of service...

RHEL 9 : python3.14 (RHSA-2026:28247)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28247 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

Oracle Linux 9 : python3.9 (ELSA-2026-18693)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-18693 advisory. - Security fixes for CVE-2026-4786 and CVE-2026-6100 Resolves: RHEL-167919, RHEL-168161 - Security fix for CVE-2026-4519 Resolves: RHEL-158117 Tenable has...

RHEL 10 : python3.14 (RHSA-2026:28581)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28581 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

RHEL 8 : nginx:1.24 (RHSA-2026:28921)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28921 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...

Linux Distros Unpatched Vulnerability : CVE-2026-41423

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.21,...

Linux Distros Unpatched Vulnerability : CVE-2025-61024

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in the sqlotryinloop component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

Linux Distros Unpatched Vulnerability : CVE-2026-11856

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

Tenable Identity Exposure < 3.93.5 Multiple Vulnerabilities (TNS-2026-16)

The version of Tenable Identity Exposure running on the remote host is prior to 3.93.5. It is, therefore, affected by multiple vulnerabilities according to advisory TNS-2026-16: - Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/ that expose sensitive...

Google Chrome < 149.0.7827.196 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 149.0.7827.196. It is, therefore, affected by multiple vulnerabilities as referenced in the 202606stable-channel-update-for-desktop0482630350 advisory. - Use after free in Autofill. CVE-2026-13038 - Use after free in WebG...

RHCOS 4 : OpenShift Container Platform 4.19.35 (RHSA-2026:26999)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:26999 advisory. - google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation...

AlmaLinux 8 : firefox (ALSA-2026:27717)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:27717 advisory. firefox: thunderbird: Sandbox escape in the DOM: Workers component CVE-2026-12294 firefox: thunderbird: Information disclosure, sandbox escape in the...

RHEL 8 : postgresql:12 (RHSA-2026:28999)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28999 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL: Credential recovery vi...

AlmaLinux 10 : firefox (ALSA-2026:27733)

The remote AlmaLinux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:27733 advisory. firefox: thunderbird: Sandbox escape in the DOM: Workers component CVE-2026-12294 firefox: thunderbird: Information disclosure, sandbox escape in the...

Containerd 1.7.x < 1.7.33 / 2.0.x < 2.0.10 / 2.1.x < 2.1.9 / 2.2.x < 2.2.5 / 2.3.x < 2.3.2 Multiple Vulnerabilities

The version of Containerd on the remote host is 1.7.x prior to 1.7.33, 2.0.x prior to 2.0.10, 2.1.x prior to 2.1.9, 2.2.x prior to 2.2.5, or 2.3.x prior to 2.3.2. It is, therefore, affected by multiple vulnerabilities: - A vulnerability in containerd allows a maliciously crafted image to cause a...

RockyLinux 10 : xorg-x11-server-Xwayland (RLSA-2026:26566)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26566 advisory. xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch...

Debian dla-4644 : libmatio-dev - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4644 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4644-1 [email protected]...

AlmaLinux 10 : python3.14 (ALSA-2026:28581)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:28581 advisory. python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open API CVE-2026-4786 python: Python: Cross-Site Scripting XSS...

Google Chrome < 149.0.7827.196 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 149.0.7827.196. It is, therefore, affected by multiple vulnerabilities as referenced in the 202606stable-channel-update-for-desktop0482630350 advisory. - Use after free in Autofill. CVE-2026-13038 - Use after free in...

Oracle Linux 9 : redis:7 (ELSA-2026-25219)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-25219 advisory. 7.2.14-1.0.1 - Build with 64k pages to support redis on UEK on aarch64 7.2.14-1 - rebase to 7.2.14 for CVE-2026-23479 CVE-2026-25243 CVE-2026-23631...

RockyLinux 8 : postgresql:12 (RLSA-2026:28999)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:28999 advisory. postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison CVE-2026-6478 postgresql: integer overflow can cause an...

RockyLinux 9 : firefox (RLSA-2026:27734)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:27734 advisory. firefox: thunderbird: Sandbox escape in the DOM: Workers component CVE-2026-12294 firefox: thunderbird: Information disclosure, sandbox escape in the...

RockyLinux 10 : firefox (RLSA-2026:27733)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:27733 advisory. firefox: thunderbird: Sandbox escape in the DOM: Workers component CVE-2026-12294 firefox: thunderbird: Information disclosure, sandbox escape in the...

Linux Distros Unpatched Vulnerability : CVE-2026-53655

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next head...

Oracle Linux 9 : luksmeta (ELSA-2026-18824)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-18824 advisory. 10-1 - New upstream release v10 Resolves: RHEL-122139 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...

Automated Logic WebCTRL Premium Server URL Redirection to Untrusted Site (CVE-2024-8527)

CWE-601 URL Redirection to Untrusted Site 'Open Redirect' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The application accepts a user-supplied URL and redirects without proper validation, allowing attackers to exploit user sessions through ...

Oracle Linux 9 : python-tornado (ELSA-2026-19189)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-19189 advisory. 6.5.5-1 - Update to 6.5.5 Resolves: RHEL-160942 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...

Oracle Linux 9 : python-jwcrypto (ELSA-2026-19197)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-19197 advisory. 1.5.6-3 - Limit max plaintext size for JWE decompression Resolves: RHEL-166029 Tenable has extracted the preceding description block directly from the Oracle...

Oracle Solaris Critical Patch Update : jun2026_SRU11_4_93_221_2

The version of Solaris installed on the remote host is prior to 11.4.93.221.2. It is, therefore, affected by multiple vulnerabilities as referenced in the solaris11jun2026SRU114932212 advisory. - Vulnerability in the Oracle Solaris product of Oracle Systems component: Remote Administration Daemon...

Linux Distros Unpatched Vulnerability : CVE-2026-52725

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.1...

Linux Distros Unpatched Vulnerability : CVE-2026-50170

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.1...

Oracle Linux 9 : unbound (ELSA-2026-18931)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-18931 advisory. 1.24.2-2 - Switch TLS configuration to follow TLS sockets by crypto-policy again RHEL-147860 - Change the default of tls-use-system-policy-versions at...

Linux Distros Unpatched Vulnerability : CVE-2026-53550

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing b...

Linux Distros Unpatched Vulnerability : CVE-2026-46417

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.12,...

Linux Distros Unpatched Vulnerability : CVE-2026-50556

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.1...

Linux Distros Unpatched Vulnerability : CVE-2026-54531

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loo...

Linux Distros Unpatched Vulnerability : CVE-2026-42127

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The public dashboard query endpoint does not limit request body size before processing, allowing unauthenticated attackers to trigger excessive memory allocatio...

RHEL 9 : Red Hat OpenStack Platform 17.1 (openstack-keystone) (RHSA-2026:28044)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28044 advisory. Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. Security Fixes: OpenStack Keystone:...

Oracle Linux 9 : buildah (ELSA-2026-19186)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19186 advisory. - fixes CVE-2026-34986 - Rebuild for new golang to address CVE-2025-61726 Tenable has extracted the preceding description block directly from the Oracle Linux...

Oracle Linux 9 : systemd (ELSA-2026-19213)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19213 advisory. - coredump: use %d in kernel core pattern - CVE-2025-4598 Tenable has extracted the preceding description block directly from the Oracle Linux security advisor...

Oracle Linux 9 : crun (ELSA-2026-19178)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-19178 advisory. - fixes CVE-2026-30892 crun: crun: Privilege escalation due to incorrect parsing of the --user option rhel-9.8 Tenable has extracted the preceding description...

Debian dsa-6362 : gir1.2-gst-plugins-bad-1.0 - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6362 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6362-1 [email protected] https://www.debian.org/securit...

Oracle Linux 9 : openssh (ELSA-2026-19219)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19219 advisory. - CVE-2026-3497: Fix information disclosure or denial of service due to uninitialized variables in gssapi-keyex Resolves: RHEL-155825 - CVE-2025-61984...

Linux Distros Unpatched Vulnerability : CVE-2026-53537

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, parseoptionsheader parsed Content-Disposition and Content-Type headers with...

Linux Distros Unpatched Vulnerability : CVE-2026-53540

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.31, parseform did not validate the Content-Length header before using it to bound its...