337359 matches found
RHEL 9 : vim (RHSA-2026:28133)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28133 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: arbitrary command execution via modeline sandbox...
RHEL 7 : samba (RHSA-2026:28132)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28132 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...
Oracle Linux 9 : python3.9 (ELSA-2026-19216)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19216 advisory. - Security fixes for CVE-2026-4786 and CVE-2026-6100 Resolves: RHEL-167919, RHEL-168161 - Security fix for CVE-2026-4519 Resolves: RHEL-158117 Tenable...
RHEL 9 : samba (RHSA-2026:28053)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28053 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...
RHEL 9 : python-urllib3 (RHSA-2026:28158)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:28158 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...
Oracle Linux 9 : compat-openssl11 (ELSA-2026-19187)
The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-19187 advisory. 1:1.1.1k-5.2 - Fixes CVE-2025-69419 OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS12 processing Resolves: RHEL-142723 Tenable has extract...
RHEL 8 : samba (RHSA-2026:28057)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28057 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...
RHEL 8 : webkit2gtk3 (RHSA-2026:28114)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28114 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously...
Oracle Linux 9 : python3.11 (ELSA-2026-19175)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19175 advisory. - Security fixes for CVE-2026-4786, CVE-2026-6100 Resolves: RHEL-168158, RHEL-167916 - Security fix for CVE-2026-4519 Resolves: RHEL-158053 Tenable ha...
RHEL 9 : webkit2gtk3 (RHSA-2026:28148)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28148 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously...
RHEL 9 : samba (RHSA-2026:28054)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28054 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...
Linux Distros Unpatched Vulnerability : CVE-2026-54911
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps or ujson.dump or ujson.encode have a...
Linux Distros Unpatched Vulnerability : CVE-2026-55599
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - phpseclib is a PHP secure communications library. From 0.1.1 until 1.0.30, 2.0.55, and 3.0.54, when an application validates an untrusted X.509 certificate with...
Linux Distros Unpatched Vulnerability : CVE-2026-54267
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, an...
Linux Distros Unpatched Vulnerability : CVE-2026-54266
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, an...
JetBrains YouTrack < 2024.2.148429 / < 2024.3.148430 / < 2025.1.148120 / < 2025.2.148048 / < 2025.3.148033 / < 2026.1.13757 Authentication Bypass (CVE-2026-50242)
The version of JetBrains YouTrack installed on the remote host is prior to 2024.2.148429, 2024.3.x prior to 2024.3.148430, 2025.1.x prior to 2025.1.148120, 2025.2.x prior to 2025.2.148048, 2025.3.x prior to 2025.3.148033, or 2026.1.x prior to 2026.1.13757. It is, therefore, affected by an...
Linux Distros Unpatched Vulnerability : CVE-2026-55654
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI Generic Security Service Application Programming...
Automated Logic WebCTRL Premium Server Improper Neutralization of Input During Web Page Generation (CVE-2024-8528)
CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. User input is not properly sanitized, allowing injection of malicious scripts into web pages viewed by...
Oracle Linux 9 : golang (ELSA-2026-19181)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19181 advisory. 1.26.2-1.0.1 - EXPERIMENTAL: Introduce fipsnoenforceems GODEBUG var 1.26.2-1 - Update to Go 1.26.2 fips-2 - Resolves: RHEL-169929 1.26.1-1 - Update to...
Automated Logic WebCTRL Premium Server URL Redirection to Untrusted Site (CVE-2024-8527)
CWE-601 URL Redirection to Untrusted Site 'Open Redirect' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The application accepts a user-supplied URL and redirects without proper validation, allowing attackers to exploit user sessions through ...
Oracle Linux 9 : grafana (ELSA-2026-19185)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19185 advisory. 10.2.6-21 - Resolves RHEL-158767: CVE-2026-25679 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...
Carrier Corporation i-VU Cross-site Scripting (CVE-2024-5540)
CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products in versions older than 8.0. Untrusted data is included in web pages without proper validation, allowing...
Oracle WebLogic Server Multiple Vulnerabilities (June 2026 CSPU)
The 12.2.1.4.0 and 14.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the June 2026 CSPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Console. Supported versions th...
Oracle WebLogic Server Remote Takeover (June 2026 CSPU)
The 12.2.1.4.0 and 14.1.2.0.0 versions of WebLogic Server installed on the remote host are affected by a vulnerability as referenced in the June 2026 CSPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are...
Carrier Corporation i-VU Incorrect Authorization (CVE-2024-5539)
CWE-863 Incorrect Authorization vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The system fails to perform adequate authorization checks, allowing an actor to perform actions or access resources without proper entitlement, leading to...
Automated Logic WebCTRL Premium Server Improper Neutralization of Input During Web Page Generation (CVE-2024-8528)
CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. User input is not properly sanitized, allowing injection of malicious scripts into web pages viewed by...
Vertiv Liebert SiteScan Incorrect Authorization (CVE-2024-5539)
CWE-863 Incorrect Authorization vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The system fails to perform adequate authorization checks, allowing an actor to perform actions or access resources without proper entitlement, leading to...
Oracle Linux 9 : grafana-pcp (ELSA-2026-19184)
The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-19184 advisory. 5.1.1-14 - Resolves RHEL-158769: CVE-2026-25679 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note th...
Vertiv Liebert SiteScan Cross-site Scripting (CVE-2024-5540)
CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products in versions older than 8.0. Untrusted data is included in web pages without proper validation, allowing...
Ubuntu 20.04 LTS : Linux kernel (Oracle) vulnerabilities (USN-8462-1)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8462-1 advisory. It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A...
Linux Distros Unpatched Vulnerability : CVE-2026-50168
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.1...
Ubuntu 26.04 LTS : Linux kernel (Azure) vulnerabilities (USN-8461-1)
The remote Ubuntu 26.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8461-1 advisory. It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. ...
Linux Distros Unpatched Vulnerability : CVE-2026-55653
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie- Hellman Group Exchange DH-GEX client path. This occur...
RHEL 9 : skopeo (RHSA-2026:28074)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28074 advisory. The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and...
RHEL 9 : gvisor-tap-vsock (RHSA-2026:28038)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28038 advisory. A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor. Compared to libslirp, gvisor-tap-vso...
Ubuntu 25.10 / 26.04 LTS : libxml2 vulnerabilities (USN-8460-1)
The remote Ubuntu 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8460-1 advisory. It was discovered that libxml2 did not properly release memory allocated in the xmllint utility. An attacker could possibly use this issue to cau...
Linux Distros Unpatched Vulnerability : CVE-2026-54264
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, an...
Automated Logic WebCTRL Incorrect Authorization (CVE-2024-5539)
CWE-863 Incorrect Authorization vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The system fails to perform adequate authorization checks, allowing an actor to perform actions or access resources without proper entitlement, leading to...
Linux Distros Unpatched Vulnerability : CVE-2026-50184
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.1...
Schneider Electric Modicon M241, M251, and M262 Improper Resource Shutdown or Release (CVE-2025-13901)
CWE-404 Improper Resource Shutdown or Release vulnerability exists that could cause partial Denial of Service on Machine Expert protocol when an unauthenticated attacker sends malicious payload to occupy active communication channels. This plugin only works with Tenable.ot. Please visit...
Linux Distros Unpatched Vulnerability : CVE-2026-49461
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to large memory...
Automated Logic WebCTRL Cross-site Scripting (CVE-2024-5540)
CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products in versions older than 8.0. Untrusted data is included in web pages without proper validation, allowing...
Vertiv Liebert SiteScan Improper Validation of Array Index (CVE-2025-0657)
CWE-129 Improper Validation of Array Index vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. Software uses an array index that has not been properly validated to ensure it falls within valid array bounds. This can result in out-of-bounds access,...
Oracle Linux 9 : firefox (ELSA-2026-19201)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19201 advisory. 140.10.0-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079773 - Add firefox-oracle-default-prefs.js and remove the corresponding R...
Oracle Linux 9 : libssh (ELSA-2026-18683)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-18683 advisory. - Resolves: CVE-2025-4877 - Resolves: CVE-2025-4878 - Resolves: CVE-2025-5351 - Resolves: CVE-2025-8114 - Resolves: CVE-2025-8277 - Resolves:...
Oracle WebLogic Server Multiple Vulnerabilities (June 2026 CSPU) (14.1.2.0.0 / 15.1.1.0.0)
The 14.1.2.0.0 and 15.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the June 2026 CSPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Console. Supported versions th...
Oracle Linux 9 : openssh (ELSA-2026-19219)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19219 advisory. - CVE-2026-3497: Fix information disclosure or denial of service due to uninitialized variables in gssapi-keyex Resolves: RHEL-155825 - CVE-2025-61984...
Oracle Linux 9 : bind (ELSA-2026-18786)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-18786 advisory. - Prevent Denial of Service via maliciously crafted DNSSEC-validated zone CVE-2026-1519 - Prevent cache poisoning due to weak PRNG CVE-2025-40780 Tenable has...
Linux Distros Unpatched Vulnerability : CVE-2026-12479
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A path traversal vulnerability exists in keras-team/keras version 3.14.0, specifically in the DiskIOStore.make method within the Keras 3 model saving and loadin...
RHEL 10 : samba (RHSA-2026:28055)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28055 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...