RHEL 9 : ruby (RHSA-2026:20670)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:20670 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management task...

Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2026-1747)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1747 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Samba vulnerabilities (USN-8306-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8306-1 advisory. Asim Viladi Oglu Manizada discovered that Samba incorrectly handled access checks on reparse point operations. An attacke...

Linux Distros Unpatched Vulnerability : CVE-2026-46059

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN For guests with NRIPS disabled, L1 does not provide NextRIP when running an L2 with an...

Linux Distros Unpatched Vulnerability : CVE-2026-46065

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fbdev: defio: Disconnect deferred I/O from the lifetime of struct fbinfo Hold state of deferred I/O in struct fbdeferrediostate. Allocate an instance as part of...

Linux Distros Unpatched Vulnerability : CVE-2026-46003

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: qrtr: ns: Limit the total number of nodes Currently, the nameserver doesn't limit the number of nodes it handles. This can be an attack vector if a malicio...

Linux Distros Unpatched Vulnerability : CVE-2026-46062

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ntfs3: fix integer overflow in rununpack volume boundary check The volume boundary check lcn + len sbi-used.bitmap.nbits uses raw addition which can wrap around...

Linux Distros Unpatched Vulnerability : CVE-2025-0186

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have...

Linux Distros Unpatched Vulnerability : CVE-2026-45988

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rxrpc: Fix re-decryption of RESPONSE packets If a RESPONSE packet gets a temporary failure during processing, it may end up in a partially decrypted state - and...

Linux Distros Unpatched Vulnerability : CVE-2026-39824

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString a 16-bit number o...

Linux Distros Unpatched Vulnerability : CVE-2026-45930

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: mctp: ensure our nlmsg responses are initialised Syed Faraz Abrar @farazsth98 from Zellic, and Pumpkin @u1f383 from DEVCORE Research Team working with Tren...

RHEL 9 : jmc (RHSA-2026:20568)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:20568 advisory. JDK Mission Control is a powerful profiler for HotSpot JVMs and has an advanced set of tools that enables efficient and detailed analysis o...

Amazon Linux 2 : golang, --advisory ALAS2-2026-3313 (ALAS-2026-3313)

The version of golang installed on the remote host is prior to 1.25.10-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3313 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a...

Linux Distros Unpatched Vulnerability : CVE-2026-46049

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: ctxfi: Add fallback to default RSR for S/PDIF spdifpassthruplaybackgetresources uses atc-pllrate as the RSR for the MSR calculation loop. However, pllrate...

RHEL 9 : .NET 8.0 (RHSA-2026:21293)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:21293 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

Linux Distros Unpatched Vulnerability : CVE-2026-45957

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rcu: Fix rcureadunlock deadloop due to softirq Commit 5f5fa7ea89dc rcu: Don't use negative nesting depth in rcureadunlock removes the recursion-protection code...

Linux Distros Unpatched Vulnerability : CVE-2026-48959

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. fastForward compares length $offset the digit...

Amazon Linux 2 : containerd, --advisory ALAS2ECS-2026-116 (ALASECS-2026-116)

The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-116 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory an...

Linux Distros Unpatched Vulnerability : CVE-2026-25680

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Note that Nessus relies on the presence of the...

Fedora 43 : chromium (2026-b17799ac62)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-b17799ac62 advisory. Update to 148.0.7778.178 CVE-2026-9111: Use after free in WebRTC CVE-2026-9110: Inappropriate implementation in UI CVE-2026-9112: Use after free in...

RHEL 9 : .NET 10.0 (RHSA-2026:21297)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:21297 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation...

AlmaLinux 10 : mysql8.4 (ALSA-2026:20693)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:20693 advisory. mysql: InnoDB unspecified vulnerability CPU Apr 2026 CVE-2026-22004 mysql: Information Schema unspecified vulnerability CPU Apr 2026 CVE-2026-22001 mysq...

Linux Distros Unpatched Vulnerability : CVE-2026-48961

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-by...

Linux Distros Unpatched Vulnerability : CVE-2026-45997

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: sd: fix missing putdisk when deviceadd&diskdev fails If deviceadd&sdkp-diskdev fails, putdevice runs scsidiskrelease, which frees the scsidisk but leaves...

FreeBSD : Grafana -- RCE on Grafana via sqlExpressions (f45ad940-58ff-11f1-b525-3c7c3fba4204)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f45ad940-58ff-11f1-b525-3c7c3fba4204 advisory. https://grafana.com/security/security-advisories/cve-2026-27876 reports: A chained attack via SQL...

Linux Distros Unpatched Vulnerability : CVE-2026-25681

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications...

Linux Distros Unpatched Vulnerability : CVE-2026-46078

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - erofs: fix the out-of-bounds nameoff handling for trailing dirents Currently we already have boundary- checks for nameoffs, but the trailing dirents are special...

Ubuntu 24.04 LTS / 25.10 / 26.04 LTS : libssh2 vulnerability (USN-8309-1)

The remote Ubuntu 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8309-1 advisory. It was discovered that libssh2 incorrectly handled username and password length values during SSH password authentication. A remote attacker...

Linux Distros Unpatched Vulnerability : CVE-2026-45940

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: stmmac: fix oops when split header is enabled For GMAC4, when split header is enabled, in some rare cases, the hardware does not fill buf2 of the first...

AlmaLinux 8 : compat-libtiff3 (ALSA-2026:20585)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2026:20585 advisory. libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing CVE-2026-4775 Tenable has extracted the...

Linux Distros Unpatched Vulnerability : CVE-2026-45860

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nfconncount: increase the connection clean up limit to 64 After the optimization to only perform one GC per jiffy, a new problem was introduced. If...

AlmaLinux 8 : libexif (ALSA-2026:20929)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:20929 advisory. libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling CVE-2026-40385 libexif: libexif: Denial of Service...

Amazon Linux 2 : docker, --advisory ALAS2ECS-2026-115 (ALASECS-2026-115)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-115 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and ...

Linux Distros Unpatched Vulnerability : CVE-2026-9572

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security vulnerability has been detected in GPAC up to 2.4.0. Affected by this issue is the function MediaGetSample of the file src/isomedia/media.c of the...

Amazon Linux 2023 : credentials-fetcher (ALAS2023-2026-1744)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1744 advisory. crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a...

Linux Distros Unpatched Vulnerability : CVE-2026-46043

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/rxe: Validate pad and ICRC before payloadsize in rxercv rxercv currently checks only that the incoming packet is at least headersizepkt bytes long before...

Linux Distros Unpatched Vulnerability : CVE-2026-45873

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nftsetrbtree: check for partial overlaps in anonymous sets Userspace provides an optimized representation in case intervals are adjacent, where the e...

Linux Distros Unpatched Vulnerability : CVE-2026-45912

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ext4: don't cache extent during splitting extent Caching extents during the splitting process is risky, as it may result in stale extents remaining in the statu...

Amazon Linux 2 : containerd, --advisory ALAS2DOCKER-2026-120 (ALASDOCKER-2026-120)

The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-120 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory...

Linux Distros Unpatched Vulnerability : CVE-2024-0744

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In some circumstances, JIT compiled code could have dereferenced a wild pointer value. This could have led to an exploitable crash. This vulnerability affects...

Atlassian Jira Service Management Data Center and Server 5.15.2 < 10.3.18 / 10.4.0 < 11.3.5 (JSDSERVER-16575)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16575 advisory. - This File Inclusion vulnerability allows an unauthenticated attacker to get the application to displ...

AlmaLinux 8 : ruby:3.3 (ALSA-2026:20614)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:20614 advisory. erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 Tenable has extracted the preceding description block directly from the AlmaLinux...

Linux Distros Unpatched Vulnerability : CVE-2026-45965

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - apparmor: fix invalid deref of rawdata when exportbinary is unset If the exportbinary parameter is disabled on runtime, profiles that were loaded before that wi...

openSUSE 16 Security Update : mcphost (openSUSE-SU-2026:20788-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20788-1 advisory. This update for mcphost fixes the following issues - CVE-2025-30153: github.com/getkin/kin-openapi/openapi3filter: Improper Handling of Highly...

Fedora 43 : rust-coreos-installer (2026-b242a3b068)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-b242a3b068 advisory. Rebuild with version 0.10.79 of the openssl crate which includes fixes for the following security issues: - CVE-2026-41676 / GHSA-pqf5-4pqq-29f5 -...

Linux Distros Unpatched Vulnerability : CVE-2026-45961

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gfs2: fix memory leaks in gfs2fillsuper error path Fix two memory leaks in the gfs2fillsuper error handling path when transitioning a filesystem to read-write...

Linux Distros Unpatched Vulnerability : CVE-2026-45956

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/exynos: vidi: use priv-vididev for ctx lookup in vidiconnectionioctl vidiconnectionioctl retrieves the driverdata from drmdev-dev to obtain a struct...

Amazon Linux 2023 : python3-unbound, unbound, unbound-anchor (ALAS2023-2026-1756)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1756 advisory. NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep...

Linux Distros Unpatched Vulnerability : CVE-2026-45936

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - power: supply: goldfish: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registering t...

Linux Distros Unpatched Vulnerability : CVE-2026-45877

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HID: intel-ish-hid: fix NULL-ptr-deref in ishtpbusremoveallclients During a warm reset flow, the cl-device pointer may be NULL if the reset occurs while clients...