337960 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-48711
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - sshfs-fuse - None Ubuntu Linux - Unknown description CVE-2026-48711 Note that Nessus relies on the presence of the package as reported by the...
RockyLinux 9 : nginx (RLSA-2026:19374)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19374 advisory. nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 Tenable has extracted the preceding description block directly from the RockyLinux security...
Fedora 43 : djvulibre (2026-bfa185dbb3)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-bfa185dbb3 advisory. Update to 3.5.30. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...
Debian dla-4609 : imagemagick - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4609 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4609-1 [email protected]...
RockyLinux 10 : libcap (RLSA-2026:19130)
The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19130 advisory. libcap: libcap: Privilege escalation via TOCTOU race condition in capsetfile CVE-2026-4878 Tenable has extracted the preceding description block directly from t...
Linux Distros Unpatched Vulnerability : CVE-2026-44837
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint...
RockyLinux 9 : cockpit (RLSA-2026:21468)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:21468 advisory. cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI CVE-2026-4802 Tenable has extracted the preceding description block directly fr...
Fedora 44 : docker-compose (2026-3316f97296)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-3316f97296 advisory. - Update to release v5.1.4 - Resolves: rhbz2480186 - Upstream fixes ---- - Update to release v5.1.3 - Resolves rhbz2458697 - Resolves CVE-2026-33747...
Linux Distros Unpatched Vulnerability : CVE-2026-41159
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default...
RockyLinux 9 : thunderbird (RLSA-2026:21381)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:21381 advisory. firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component...
Linux Distros Unpatched Vulnerability : CVE-2026-45352
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes...
Linux Distros Unpatched Vulnerability : CVE-2026-9516
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-by...
Linux Distros Unpatched Vulnerability : CVE-2026-4868
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that, under certain...
Linux Distros Unpatched Vulnerability : CVE-2026-47187
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - sshfs-fuse - None Ubuntu Linux - Unknown description CVE-2026-47187 Note that Nessus relies on the presence of the package as reported by the...
Linux Distros Unpatched Vulnerability : CVE-2026-46242
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - eventpoll: fix epremove struct eventpoll / struct file UAF epremove via epremovefile cleared file-fep under file-flock but then kept using @file inside the...
Linux Distros Unpatched Vulnerability : CVE-2026-9334
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate...
Linux Distros Unpatched Vulnerability : CVE-2026-44681
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's...
RockyLinux 9 : .NET 10.0 (RLSA-2026:21297)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:21297 advisory. dotnet: .NET: infinite loop allows an attacker to cause a denial of service CVE-2026-42899 Tenable has extracted the preceding description block directly from th...
Linux Distros Unpatched Vulnerability : CVE-2026-44462
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash variable expansion chaining $var@P, allowing arbitrary...
Fedora 43 : haveged (2026-5d9b0e2c17)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-5d9b0e2c17 advisory. Update to 1.9.22 fix systemd sandboxing: add ReadWritePaths=/dev/shm for semaphore creation ---- Backport fix for CVE-2026-41054: privilege escalation via...
Photon OS 5.0: Bindutils PHSA-2026-5.0-0860
An update of the bindutils package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0860. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Linux Distros Unpatched Vulnerability : CVE-2026-47761
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability in the media plugin. Attackers can inject...
Fedora 44 : giflib (2026-0be1222520)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-0be1222520 advisory. Apply proposed fix for CVE-2026-26740. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...
Linux Distros Unpatched Vulnerability : CVE-2026-44421
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP...
Linux Distros Unpatched Vulnerability : CVE-2026-49214
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 did not reject ASCII control characters, whitespace, or DEL in...
Linux Distros Unpatched Vulnerability : CVE-2026-41150
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-servic...
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.5.1.6)
The version of AOS installed on the remote host is prior to 7.5.1.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.5.1.6 advisory. - Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation...
Fedora 44 : perl-libwww-perl (2026-8d1333fb52)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-8d1333fb52 advisory. Changes: 6.83 2026-05-12 11:41:48Z - LWP::UserAgent now strips Authorization and Proxy-Authorization headers on cross-origin redirects a different scheme,...
FreeBSD : www/gohugo -- CWE-79: XSS vulnerabilities (20d59b47-5ba3-11f1-bf1b-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 20d59b47-5ba3-11f1-bf1b-b42e991fc52e advisory. https://go.dev/issue/78913 reports: CVE-2026-27142 fixed a vulnerability in which URLs were no...
Linux Distros Unpatched Vulnerability : CVE-2026-46527
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::settrustedproxies with a...
Fedora 44 : pdns (2026-a6e5b1263b)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-a6e5b1263b advisory. - Update to 5.0.5 - Fix for CVE-2026-42000, CVE-2026-42001, CVE-2026-42002, CVE-2026-41999, CVE-2026-42396 Security Advisory:...
Fedora 44 : xrdp (2026-9a3a98bc24)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-9a3a98bc24 advisory. Close TCP socket in default configuration, because we want just Unix domain socket connections to Xvnc. Tenable has extracted the preceding description block...
Linux Distros Unpatched Vulnerability : CVE-2026-44420
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's...
Linux Distros Unpatched Vulnerability : CVE-2026-44604
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified...
RockyLinux 9 : firefox (RLSA-2026:21378)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:21378 advisory. firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component...
Linux Distros Unpatched Vulnerability : CVE-2026-44422
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts one non-null NDR pointer ref-id for multip...
Linux Distros Unpatched Vulnerability : CVE-2026-45700
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's planar bitmap decoder has an out-of-bounds heap write when decoding...
Linux Distros Unpatched Vulnerability : CVE-2026-42500
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Decoding a paletted BMP file with an out-of-range palette index results in a panic when accessing pixels in the invalid image. CVE-2026-42500 Note that Nessus...
Linux Distros Unpatched Vulnerability : CVE-2026-45372
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, when cpp-httplib's server parses an incoming request, it...
RockyLinux 9 : glib2 (RLSA-2026:19361)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19361 advisory. glib: GLib: Buffer underflow in GVariant parser leads to heap corruption CVE-2025-14087 glib: Integer Overflow in GLib GIO Attribute Escaping Causes Hea...
RockyLinux 10 : xorg-x11-server-Xwayland (RLSA-2026:19125)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19125 advisory. xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling CVE-2026-33999 xorg: xwayland: X.Org X server...
FreeBSD : MariaDB -- Multiple vulnerabilities (2eb8a9ab-5b5d-11f1-8607-8447094a420f)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 2eb8a9ab-5b5d-11f1-8607-8447094a420f advisory. The MariaDB project reports: Multiple vulnerabilities in MariaDB Cluster Galera Tenable has...
RockyLinux 9 : fence-agents (RLSA-2026:19355)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19355 advisory. cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves CVE-2026-26007 pyjwt: PyJWT accepts unknown crit header...
RockyLinux 9 : httpd (RLSA-2026:21391)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:21391 advisory. httpd: modproxyajp: heap-based buffer over-read and memory disclosure in ajpparsedata CVE-2026-34059 httpd: modproxyajp: heap-based buffer over-read due...
Fedora 43 : docker-compose (2026-951a6725b8)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-951a6725b8 advisory. - Update to release v5.1.4 - Resolves: rhbz2480186 - Upstream fixes ---- - Update to release v5.1.3 - Resolves rhbz2458697 - Resolves CVE-2026-33747...
RockyLinux 9 : glibc (RLSA-2026:20597)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:20597 advisory. glibc: glibc: Incorrect DNS response parsing via crafted DNS server response CVE-2026-4437 glibc: glibc: Invalid DNS hostname returned via gethostbyaddr...
Linux Distros Unpatched Vulnerability : CVE-2026-46135
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nvmet-tcp: fix race between ICReq handling and queue teardown nvmettcphandleicreq updates queue-state after sending an Initialization Connection Response ICResp...
Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-39830)
The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-39830 advisory. - A malicious SSH peer could send unsolicited global request responses to fill an internal buffe...
SUSE SLES15 Security Update : yq (SUSE-SU-2026:2096-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2096-1 advisory. This update for yq fixes the following issues - CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be...
Linux Distros Unpatched Vulnerability : CVE-2023-38709
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP...