Linux Distros Unpatched Vulnerability : CVE-2026-53539

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, when parsing application/x-www-form-urlencoded bodies, QuerystringParser located t...

Linux Distros Unpatched Vulnerability : CVE-2026-49356

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Babel is a compiler for writing next generation JavaScript. Prior to 8.0.0-rc.6 and 7.29.6, @babel/core affected by an arbitrary file read via a sourceMappingUR...

Photon OS 5.0: Linux PHSA-2026-5.0-0890

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0890. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Oracle WebLogic Server Multiple Vulnerabilities (June 2026 CSPU)

The 12.2.1.4.0 and 14.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the June 2026 CSPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Console. Supported versions th...

Linux Distros Unpatched Vulnerability : CVE-2026-54911

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps or ujson.dump or ujson.encode have a...

Oracle Linux 9 : libssh (ELSA-2026-18683)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-18683 advisory. - Resolves: CVE-2025-4877 - Resolves: CVE-2025-4878 - Resolves: CVE-2025-5351 - Resolves: CVE-2025-8114 - Resolves: CVE-2025-8277 - Resolves:...

Automated Logic WebCTRL Incorrect Authorization (CVE-2024-5539)

CWE-863 Incorrect Authorization vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The system fails to perform adequate authorization checks, allowing an actor to perform actions or access resources without proper entitlement, leading to...

Linux Distros Unpatched Vulnerability : CVE-2026-50169

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.1...

RHEL 9 : python3.12-urllib3 (RHSA-2026:28159)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:28159 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

Oracle Linux 9 : openssl (ELSA-2026-19218)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19218 advisory. - Fix CVE-2026-31790 Resolves: RHEL-161586 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

Automated Logic WebCTRL Improper Validation of Array Index (CVE-2025-0657)

CWE-129 Improper Validation of Array Index vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. Software uses an array index that has not been properly validated to ensure it falls within valid array bounds. This can result in out-of-bounds access,...

Oracle Linux 9 : firefox (ELSA-2026-19201)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19201 advisory. 140.10.0-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079773 - Add firefox-oracle-default-prefs.js and remove the corresponding R...

Linux Distros Unpatched Vulnerability : CVE-2026-54264

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, an...

Ubuntu 26.04 LTS : Linux kernel (Azure) vulnerabilities (USN-8461-1)

The remote Ubuntu 26.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8461-1 advisory. It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. ...

RHEL 9 : redis (RHSA-2026:28139)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28139 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and...

Amazon Linux 2023 : bpftool6.18, kernel6.18, kernel6.18-devel (ALAS2023-2026-1881)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1881 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: validate the whole DACL before rewriting it in cifsacl CVE-2026-31709 Tenable has extracted the preceding description...

Linux Distros Unpatched Vulnerability : CVE-2026-50269

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.0, attacker- controlled input included into multipart/payload...

SUSE SLES15 Security Update : kubernetes-old (SUSE-SU-2026:2460-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2460-1 advisory. - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265747. -...

Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2026-1893)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1893 advisory. A denial-of-service vulnerability was found in Envoy's HTTP/2 HPACK header compression implementation. A remote attacker could send a specially crafted HTTP/2 request that triggers disproportionately...

Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2026-1880)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1880 advisory. Use After Free vulnerability in Apache HTTP Server with modldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrad...

Debian dla-4640 : mediawiki - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4640 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4640-1 [email protected]...

RHEL 7 : webkitgtk4 (RHSA-2026:27728)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27728 advisory. WebKitGTK+ is port of the WebKit portable web rendering engine to the GTK+ platform. These packages provide WebKitGTK+ for GTK+ 3. Security...

Amazon Linux 2023 : python3-mako (ALAS2023-2026-1846)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1846 advisory. Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an...

RHEL 10 : openssl-fips-provider (RHSA-2026:27745)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27745 advisory. This package provides a custom build of the OpenSSL FIPS module that has been submitted to NIST for certification. Security Fixes: openssl: openssl...

RHEL 8 : kernel (RHSA-2026:27704)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27704 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net/sched: actpedit: extend the writab...

Oracle Linux 8 : hplip (ELSA-2026-26335)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-26335 advisory. - OSH fixes after CVE-2026-8631 - CVE-2026-8631 hplip: Arbitrary code execution and privilege escalation via integer overflow in hpcups Tenable has...

Amazon Linux 2023 : python3.11-pip, python3.11-pip-wheel (ALAS2023-2026-1839)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1839 advisory. A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially...

RHEL 9 : memcached (RHSA-2026:27862)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27862 advisory. memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web...

Amazon Linux 2023 : libssh, libssh-config, libssh-devel (ALAS2023-2026-1824)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1824 advisory. libssh Possible Denial of Service when parsing unexpected configuration files CVE-2026-0965 Tenable has extracted the preceding description block directly from the tested product security advisory. Not...

Amazon Linux 2 : perl-HTML-Parser, --advisory ALAS2-2026-3357 (ALAS-2026-3357)

The version of perl-HTML-Parser installed on the remote host is prior to 3.71-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3357 advisory. HTML::Entities versions before 3.84 for Perl read freed heap memory in decodeentities. The XS routine backing...

RHEL 9 : postgresql (RHSA-2026:27741)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27741 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL: Operating system accou...

Fedora 43 : thorvg (2026-2641c0a950)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-2641c0a950 advisory. Update to 1.0.6 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

RHEL 10 : .NET 8.0 (RHSA-2026:28007)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28007 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

Fedora 43 : erlang (2026-e692d95607)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-e692d95607 advisory. Fix for CVE-2026-48855 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

RHEL 9 : kernel (RHSA-2026:27705)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27705 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net/sched: actpedit: extend the writab...

RHEL 10 : memcached (RHSA-2026:27842)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27842 advisory. memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web...

Linux Distros Unpatched Vulnerability : CVE-2026-12549

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sen...

AlmaLinux 8 : 389-ds:1.4 (ALSA-2026:26459)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:26459 advisory. 389-ds-base: 389-ds-base: unbounded LDAP controls count in getldapmessagecontrolsext causes CPU and heap amplification remote DoS CVE-2026-9064 Tenable has...

RockyLinux 10 : kernel (RLSA-2026:27288)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:27288 advisory. kernel: can: isotp: fix tx.buf use-after-free in isotpsendmsg CVE-2026-31474 kernel: mptcp: fix slab-use-after-free in inetlookupestablished...

Amazon Linux 2 : openssl11, --advisory ALAS2-2026-3364 (ALAS-2026-3364)

The version of openssl11 installed on the remote host is prior to 1.1.1zh-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3364 advisory. Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitiveelement whose content exceeds 2 gigabytes...

Amazon Linux 2 : rust, --advisory ALAS2-2026-3375 (ALAS-2026-3375)

The version of rust installed on the remote host is prior to 1.96.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3375 advisory. gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked ou...

RHEL 9 : firefox (RHSA-2026:27734)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27734 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

Amazon Linux 2023 : mariadb-connector-c, mariadb-connector-c-config, mariadb-connector-c-devel (ALAS2023-2026-1873)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1873 advisory. An application that was taking non-validated user input, escaping it with mysqlrealescapestring and sending it to the database using text protocol and big5 character set was vulnerable to SQL injection...

Linux Distros Unpatched Vulnerability : CVE-2026-12725

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing...

RHEL 10 : .NET 9.0 (RHSA-2026:28009)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28009 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

Amazon Linux 2 : amazon-ssm-agent, --advisory ALAS2-2026-3378 (ALAS-2026-3378)

The version of amazon-ssm-agent installed on the remote host is prior to 3.3.4624.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3378 advisory. go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2,...

Amazon Linux 2023 : ansible-core, ansible-test (ALAS2023-2026-1849)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1849 advisory. A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument...

Linux Distros Unpatched Vulnerability : CVE-2026-54278

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, during cleanup it is possible for a compressed request body to ...

Linux Distros Unpatched Vulnerability : CVE-2026-12804

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of...

Amazon Linux 2023 : python3-click (ALAS2023-2026-1854)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1854 advisory. Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands from an unprivileged account. CVE-2026-72...