MiracleLinux 8 : gnutls-3.6.16-8.el8_10.6.ML.1 (AXSA:2026-729:16)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-729:16 advisory. gnutls: Add more checks to DTLS reassembly CVE-2026-33846 gnutls: Fix qsort comparator in DTLS reassembly CVE-2026-42009 gnutls: Fix crashing on an...

SUSE SLES15 Security Update : apache2 (SUSE-SU-2026:2103-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2103-1 advisory. This update for apache2 fixes the following issues - CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957....

Linux Distros Unpatched Vulnerability : CVE-2026-9916

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform ...

Debian dsa-6301 : roundcube - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6301 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6301-1 [email protected]...

Debian dla-4604 : roundcube - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4604 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4604-1 [email protected]...

RockyLinux 9 : buildah (RLSA-2026:19186)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19186 advisory. github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption JWE object CVE-2026-34986 Tenable has...

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50275)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50275 advisory. - xfrm: esp: ipv4: fix up flags setting Greg Kroah-Hartman Orabug: 39368252 CVE-2026-43284 - xfrm: esp: avoid in-place decrypt on shared skb frags...

Debian dsa-6305 : ata-modules-6.12.90+deb13-armmp-di - security update

The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6305 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6305-1 [email protected] https://www.debian.org/security/...

RockyLinux 9 : libvirt (RLSA-2026:18748)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:18748 advisory. libvirt: Denial of service in XML parsing CVE-2025-12748 Tenable has extracted the preceding description block directly from the RockyLinux security advisory. No...

Atlassian Jira Service Management Data Center and Server 10.0.1 < 10.3.20 / 10.4.0 < 11.3.5 (JSDSERVER-16587)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16587 advisory. - This Improper Encoding, or Escaping of Output vulnerability, allows an unauthenticated attacker to...

RockyLinux 9 : pcs (RLSA-2026:19167)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19167 advisory. lodash: lodash: Arbitrary code execution via untrusted input in template imports CVE-2026-4800 Tenable has extracted the preceding description block directly fro...

RHEL 10 : cockpit (RHSA-2026:21676)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:21676 advisory. Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports,...

Linux Distros Unpatched Vulnerability : CVE-2026-46010

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rxrpc: Fix error handling in rxgkextracttoken Fix a missing bit of error handling in rxgkextracttoken: in the event that rxgkdecryptskb returns -ENOMEM, it shou...

AlmaLinux 9 : cockpit (ALSA-2026:21468)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:21468 advisory. cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI CVE-2026-4802 Tenable has extracted the preceding description block directly fro...

Oracle Linux 8 : libexif (ELSA-2026-20929)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-20929 advisory. - Fix integer underflow in MakerNote decoding CVE-2026-40386 Tenable has extracted the preceding description block directly from the Oracle Linux...

Atlassian Jira Service Management Data Center and Server 10.0.0 < 10.3.20 / 10.4.0 < 11.3.5 (JSDSERVER-16577)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16577 advisory. - This DOM-based XSS vulnerability allows an unauthenticated attacker to execute arbitrary HTML or...

Linux Distros Unpatched Vulnerability : CVE-2026-44896

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and earlier, in src/mistune/directives/image.py, the renderfigure function concatenates...

RockyLinux 9 : git-lfs (RLSA-2026:19350)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19350 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root...

Linux Distros Unpatched Vulnerability : CVE-2026-24193

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could cause an out- of-bounds write. A successful exploit of this...

RHEL 8 : cockpit (RHSA-2026:21515)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:21515 advisory. Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports,...

Linux Distros Unpatched Vulnerability : CVE-2026-45972

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb: client: fix potential UAF and double free in smb2openfile Zero out @erriov and @errbuftype before retrying SMB2open to prevent an UAF bug if @data != NULL,...

RockyLinux 9 : p11-kit (RLSA-2026:18599)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:18599 advisory. p11-kit: p11-kit: NULL dereference via CDeriveKey with specific NULL parameters CVE-2026-2100 Tenable has extracted the preceding description block directly from...

Linux Distros Unpatched Vulnerability : CVE-2026-41401

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libyang before 5.2.6 contains a heap use-after-free write vulnerability in lydparsersetdataflags that incorrectly updates metadata list pointers when freeing...

GitLab 18.2 < 18.10.7 / 18.11 < 18.11.4 / 19.0 < 19.0.1 (CVE-2026-6713)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Incorrect Authorization in GitLab CVE-2026-6713 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C...

Linux Distros Unpatched Vulnerability : CVE-2026-45975

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ublk: use READONCE to read struct ublksrvctrlcmd struct ublksrvctrlcmd is part of the...

Linux Distros Unpatched Vulnerability : CVE-2026-24195

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NVIDIA Display Driver for Linux contains a vulnerability in UVM, where a user could cause improper input validation. A successful exploit of this vulnerability...

RHEL 9 : fence-agents (RHSA-2026:21517)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:21517 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...

Linux Distros Unpatched Vulnerability : CVE-2026-24190

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user could cause improper access to GPU resources. A...

RockyLinux 9 : python3.9 (RLSA-2026:19216)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19216 advisory. python: Python: Command-line option injection in webbrowser.open via crafted URLs CVE-2026-4519 python: Python: Arbitrary code execution or information...

Debian dsa-6302 : python3-starlette - security update

The remote Debian 12 / 13 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-6302 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6302-1 [email protected]...

RHEL 8 : cockpit (RHSA-2026:21516)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:21516 advisory. Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports,...

Debian dsa-6307 : kitty - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6307 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6307-1 [email protected] https://www.debian.org/securit...

Linux Distros Unpatched Vulnerability : CVE-2026-40034

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gix-submodule before 0.29.0 gitoxide before 0.5.21, gix before 0.84.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the...

Linux Distros Unpatched Vulnerability : CVE-2026-44897

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading builds the opening tag by string-concatenating the id...

MiracleLinux 8 : libsndfile-1.0.28-17.el8_10 (AXSA:2026-727:03)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-727:03 advisory. libsndfile: integer overflow in imareaderinit CVE-2026-37555 Tenable has extracted the preceding description block directly from the MiracleLinux security...

Fedora 44 : nginx / nginx-mod-brotli / nginx-mod-fancyindex / etc (2026-da68d7bf53)

The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-da68d7bf53 advisory. nginx-mod-headers-more: - Rebuild for 1.30.2 nginx-mod-vts: - Rebuild for 1.30.2 nginx-mod-fancyindex: - Rebuild for 1.30.2 nginx-mod-brotli: - Rebuild for...

Linux Distros Unpatched Vulnerability : CVE-2026-44899

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a reg...

Linux Distros Unpatched Vulnerability : CVE-2026-45962

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ublk: Validate SQE128 flag before accessing the cmd ublkctrlcmddump accesses header sqe-cmd before IOURINGFSQE128 flag check. This could cause out of boundary...

Fedora 44 : xen (2026-8b2957222f)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-8b2957222f advisory. x86: CPU Opcode Cache corruption XSA-490,CVE-2025-54518 Tenable has extracted the preceding description block directly from the Fedora security advisory. Not...

RHEL 9 : httpd (RHSA-2026:21391)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:21391 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxyajp:...

Debian dsa-6304 : libunbound-dev - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6304 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6304-1 [email protected] https://www.debian.org/securit...

RockyLinux 9 : mariadb:11.8 (RLSA-2026:19182)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19182 advisory. MariaDB: MariaDB: Remote Code Execution or Denial of Service via JSONSCHEMAVALID function vulnerability CVE-2026-32710 Tenable has extracted the preceding...

Linux Distros Unpatched Vulnerability : CVE-2026-44898

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuple...

Oracle Linux 8 : .NET / 10.0 (ELSA-2026-21295)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-21295 advisory. 10.0.108-1.0.1 - Add support for Oracle Linux 10.0.108-1 - Update to .NET SDK 10.0.108 and Runtime 10.0.8 - Resolves: RHEL-173906 Tenable has extracted the...

RockyLinux 9 : sudo (RLSA-2026:19220)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19220 advisory. sudo: Sudo: Privilege escalation due to failure in privilege drop calls CVE-2026-35535 Tenable has extracted the preceding description block directly from the...

Debian dla-4605 : python-flask-httpauth-doc - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4605 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4605-1 [email protected] https://www.debian.org/lts/security/...

Linux Distros Unpatched Vulnerability : CVE-2026-46039

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rxgk: Fix potential integer overflow in length check Fix potential integer overflow in rxgkextracttoken when checking the length of the ticket. Rather than...

Linux Distros Unpatched Vulnerability : CVE-2026-44988

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LibVNCClient is a library for easy implementation of a VNC client. In 0.9.15 and earlier, LibVNCClient's Tight encoding decoder uses fixed-size 2048-pixel scrat...

Linux Distros Unpatched Vulnerability : CVE-2026-48761

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux - Unknown description CVE-2026-48761 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenabl...

RockyLinux 9 : luksmeta (RLSA-2026:18824)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:18824 advisory. luksmeta: Data corruption when handling LUKS1 partitions with luksmeta CVE-2025-11568 Tenable has extracted the preceding description block directly from the...