RHEL 9 : fence-agents (RHSA-2026:21431)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:21431 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...

Photon OS 5.0: Kafka PHSA-2026-5.0-0855

An update of the kafka package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0855. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

IBM HTTP Server 8.5.0.0 < 8.5.5.30 / 9.0.0.0 < 9.0.5.29 Multiple Vulnerabilities (7274065)

The version of IBM HTTP Server running on the remote host is affected by multiple vulnerabilities: - IBM HTTP Server is vulnerable to denial of service and a potential remote code execution due to improper input validation. CVE-2026-9170 - IBM HTTP Server is vulnerable to remote code execution an...

Linux Distros Unpatched Vulnerability : CVE-2026-24196

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NVIDIA Display Driver for Linux contains a vulnerability where a user could cause an out-of-bounds read. A successful exploit of this vulnerability might lead t...

Fedora 44 : perl-Imager (2026-63ab4e8283)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-63ab4e8283 advisory. Imager 1.031 - GIF: fix a heap buffer overflow with attacker controlled data CVE-2026-8454 Imager 1.030 - addtag: store non-int numbers as strings - addtag:...

Linux Distros Unpatched Vulnerability : CVE-2026-48808

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux - Unknown description CVE-2026-48808 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenabl...

Linux Distros Unpatched Vulnerability : CVE-2026-48747

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux - Unknown description CVE-2026-48747 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenabl...

GitLab 12.7 < 18.10.7 / 18.11 < 18.11.4 / 19.0 < 19.0.1 (CVE-2026-8716)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Use of Incorrectly-Resolved Name or Reference in GitLab CVE-2026-8716 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

GitLab 18.7 < 18.10.7 / 18.11 < 18.11.4 / 19.0 < 19.0.1 (CVE-2026-5296)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Missing Authorization in GitLab CVE-2026-5296 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenabl...

Linux Distros Unpatched Vulnerability : CVE-2026-48760

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux - Unknown description CVE-2026-48760 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenabl...

FreeBSD : Erlang/OTP -- OCSP responder certificate accepted after expiry in public_key (9357d6fb-5a54-11f1-b886-4c526214c986)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9357d6fb-5a54-11f1-b886-4c526214c986 advisory. https://github.com/erlang/otp/security/advisories/GHSA-cjxj-wj6x-3fff reports: Erlang/OTP's publickey...

Mattermost Server 10.11.x < 10.11.15 / 11.4.x < 11.4.5 / 11.5.x < 11.5.4 / 11.6.x < 11.6.1 Path Traversal (MMSA-2026-00640)

The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2026-00640 advisory. - Mattermost Server fails to check the integration URL for path traversal which allows a malicious authenticated user to call an arbitrary API via a system...

Linux Distros Unpatched Vulnerability : CVE-2026-24198

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NVIDIA GPU Display Driver for Linux contains a vulnerability where an advanced attacker could use a race condition to leak sensitive memory, which might cause...

Debian dla-4602 : lemonldap-ng - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4602 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4602-1 [email protected]...

Linux Distros Unpatched Vulnerability : CVE-2026-24192

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause an incorrect conversion between numeric types, leading to a heap buffer...

RockyLinux 9 : libssh (RLSA-2026:18683)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:18683 advisory. libssh: Double Free Vulnerability in libssh Key Export Functions CVE-2025-5351 libssh: Use of uninitialized variable in privatekeyfromfile CVE-2025-4878...

RHEL 10 : cockpit (RHSA-2026:21676)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:21676 advisory. Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports,...

Atlassian Jira Service Management Data Center and Server 10.0.1 < 10.3.20 / 10.4.0 < 11.3.5 (JSDSERVER-16587)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16587 advisory. - This Improper Encoding, or Escaping of Output vulnerability, allows an unauthenticated attacker to...

RockyLinux 9 : grafana (RLSA-2026:19352)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19352 advisory. grafana: Grafana: Information disclosure of data-source passwords via public dashboards CVE-2026-27877 golang: internal/syscall/unix: Root.Chmod can...

Linux Distros Unpatched Vulnerability : CVE-2026-24199

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NVIDIA Display Driver for Linux contains a vulnerability in a kernel module, where a user could cause a race condition by reordering compiler or processor memor...

RockyLinux 9 : compat-openssl11 (RLSA-2026:19187)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19187 advisory. openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS12 processing CVE-2025-69419 Tenable has extracted the preceding description block...

Mattermost Desktop < 5.13.5 / < 6.0.2 / < 6.1.1 Multiple Vulnerabilities (MMSA-2026-00618 / MMSA-2026-00633)

"The version of Mattermost Desktop installed on the remote host is affected by multiple vulnerabilities as referenced in the MMSA-2026-00618 and MMSA-2026-00633 advisories. - Mattermost Desktop App fails to prevent an invalid URL from loading in a pop-up window which allows a malicious server own...

Oracle Linux 8 : .NET / 8.0 (ELSA-2026-21291)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-21291 advisory. 8.0.127-1.0.1 - Add support for Oracle Linux 8.0.127-1 - Update to .NET SDK 8.0.127 and Runtime 8.0.27 - Resolves: RHEL-173920 Tenable has extracted t...

Fedora 44 : kernel (2026-bc20b091a8)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-bc20b091a8 advisory. The 7.0.10-101/201 stable kernel updates contain a number of important fixes across the tree. Tenable has extracted the preceding description block directly...

Langflow < 1.7.0 CORS Misconfiguration Account Takeover and RCE (CVE-2025-34291)

The version of Langflow installed on the remote host is prior to 1.7.0. It is, therefore, affected by a remote code execution vulnerability: - An overly permissive CORS configuration combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origi...

Linux Distros Unpatched Vulnerability : CVE-2026-46636

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - php-twig - None Ubuntu Linux - Unknown description CVE-2026-46636 Note that Nessus relies on the presence of the package as reported by the vendo...

Linux Distros Unpatched Vulnerability : CVE-2026-45953

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix IO hang with degraded array with llbitmap When llbitmap bit state is still...

Fedora 45 : dolphin-emu (2026-4a6b728056)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-4a6b728056 advisory. Automatic update for dolphin-emu-2503a-16.fc45. Changelog Wed May 27 2026 Jeremy Newton - 2503a-16 - Fix RHBZ2454084 Tenable has extracted the preceding...

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50275)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50275 advisory. - xfrm: esp: ipv4: fix up flags setting Greg Kroah-Hartman Orabug: 39368252 CVE-2026-43284 - xfrm: esp: avoid in-place decrypt on shared skb frags...

FreeBSD : Erlang/OTP -- TLS hostname verification bypass via Subject CommonName fallback and name constraints (93576148-5a54-11f1-b886-4c526214c986)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 93576148-5a54-11f1-b886-4c526214c986 advisory. https://github.com/erlang/otp/security/advisories/GHSA-22cw-4ph4-6447 reports: Erlang/OTP's TLS hostnam...

Linux Distros Unpatched Vulnerability : CVE-2026-45971

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bpf: Limit bpf program signature size Practical BPF signatures are significantly smaller tha...

Linux Distros Unpatched Vulnerability : CVE-2026-46045

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - md/md-llbitmap: skip reading rdevs that are not insync When reading bitmap pages from member disks, the code iterates through all rdevs and attempts to read fro...

Fedora 44 : rrdtool (2026-87a8048005)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-87a8048005 advisory. This is an update backporting some safety checks from the rrdtool-1.10.0. Tenable has extracted the preceding description block directly from the Fedora...

Linux Distros Unpatched Vulnerability : CVE-2026-45022

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed Git objects in a way that...

Linux Distros Unpatched Vulnerability : CVE-2026-24194

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NVIDIA Display Driver for Linux contains a vulnerability in a kernel mode layer handler, where a user could cause improper permission handling. A successful...

Linux Distros Unpatched Vulnerability : CVE-2026-45982

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ACPICA: Fix NULL pointer dereference in acpievaddressspacedispatch Cover a missed execution path with a new check. CVE-2026-45982 Note that Nessus relies on the...

Oracle Linux 8 : cockpit (ELSA-2026-21700)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-21700 advisory. - pkg/systemd: robustify argument quoting CVE-2026-4802 RHEL-161386 Tenable has extracted the preceding description block directly from the Oracle Linux securi...

Linux Distros Unpatched Vulnerability : CVE-2026-45973

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/mlx5: Fix UMR hang in LAG error state unload During firmware reset in LAG mode, a race condition causes the driver to hang indefinitely while waiting for U...

RockyLinux 9 : openssl (RLSA-2026:19218)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19218 advisory. openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key CVE-2026-31790 Tenable has extracted the preceding description bloc...

RHEL 9 : cockpit (RHSA-2026:21395)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:21395 advisory. Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports,...

Atlassian Jira Service Management Data Center and Server 10.0.0 < 10.3.7 / 10.4.0 < 11.3.5 (JSDSERVER-16588)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16588 advisory. - This Security Headers Omission vulnerability allows an unauthenticated attacker to receive responses...

Linux Distros Unpatched Vulnerability : CVE-2026-45959

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: ccp - Fix a crash due to incorrect cleanup usage of kfree Annotating a local pointer variable, which will be assigned with the kmalloc-family functions,...

Linux Distros Unpatched Vulnerability : CVE-2026-47770

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jq is a command-line JSON processor. Prior to 1.8.2, comparing two sufficiently deeply nested arrays with the == operator exhausts the C stack on jq's ordinary...

Apache CXF < 3.6.11 / 4.0.x < 4.1.6 / 4.2.x < 4.2.1 Multiple Vulnerabilities

The version of Apache CXF installed on the remote host is affected by multiple vulnerabilities: - The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted use...

Fedora 43 : python-uv-build / rust-astral-tokio-tar / etc (2026-f8487121bd)

The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-f8487121bd advisory. Update uv and python-uv-build to 0.11.5, fixing GHSA-3cv2-h65g-fgmm and GHSA-4gg8-gxpx-9rph. Tenable has extracted the preceding description block directly...

RHEL 8 : openssh (RHSA-2026:21398)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:21398 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files...

RHEL 8 : cockpit (RHSA-2026:21516)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:21516 advisory. Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports,...

Linux Distros Unpatched Vulnerability : CVE-2026-24193

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could cause an out- of-bounds write. A successful exploit of this...

RHEL 9 : firefox (RHSA-2026:21378)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:21378 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

Linux Distros Unpatched Vulnerability : CVE-2026-46039

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rxgk: Fix potential integer overflow in length check Fix potential integer overflow in rxgkextracttoken when checking the length of the ticket. Rather than...