Linux Distros Unpatched Vulnerability : CVE-2026-45894

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iommu/vt-d: Clear Present bit before tearing down PASID entry The Intel VT-d Scalable Mode PASID table entry consists of 512 bits 64 bytes. When tearing down an...

Linux Distros Unpatched Vulnerability : CVE-2026-45848

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - apparmor: fix NULL sock in aasockfileperm Deal with the potential that sock and sock-sk can be NULL during socket setup or teardown. This could lead to an oops...

Linux Distros Unpatched Vulnerability : CVE-2026-45856

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/uverbs: Validate wqesize before using it in ibuverbspostsend ibuverbspostsend uses cmd.wqesize from userspace without any validation before passing it to...

RHEL 10 : podman (RHSA-2026:20570)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20570 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use...

Ubuntu 24.04 LTS / 25.10 / 26.04 LTS : libssh2 vulnerability (USN-8309-1)

The remote Ubuntu 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8309-1 advisory. It was discovered that libssh2 incorrectly handled username and password length values during SSH password authentication. A remote attacker...

Linux Distros Unpatched Vulnerability : CVE-2026-46096

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tpm2-sessions: Fix missing tpmbufdestroy in tpm2readpublic tpm2readpublic calls tpmbufinit but fails to call tpmbufdestroy on two exit paths, leaking a page...

Linux Distros Unpatched Vulnerability : CVE-2026-45964

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SUNRPC: fix gssauth kref leak in gssallocmsg error path Commit 5940d1cf9f42 SUNRPC: Rebalance a kref in authgss.c added a krefget&gssauth-kref call to balance t...

FreeBSD : Grafana -- RCE on Grafana via sqlExpressions (f45ad940-58ff-11f1-b525-3c7c3fba4204)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f45ad940-58ff-11f1-b525-3c7c3fba4204 advisory. https://grafana.com/security/security-advisories/cve-2026-27876 reports: A chained attack via SQL...

Linux Distros Unpatched Vulnerability : CVE-2026-25680

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Note that Nessus relies on the presence of the...

Linux Distros Unpatched Vulnerability : CVE-2026-5223

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of...

FreeBSD : Grafana -- XSS in Grafana Explore stack trace (6cc28c49-58fe-11f1-b525-3c7c3fba4204)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6cc28c49-58fe-11f1-b525-3c7c3fba4204 advisory. https://grafana.com/security/security-advisories/cve-2025-41117 reports: Stack traces in Grafana's...

Linux Distros Unpatched Vulnerability : CVE-2026-45916

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - power: supply: sbs-battery: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registerin...

Fedora 42 : perl-Crypt-DSA (2026-ffe3625a50)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ffe3625a50 advisory. This update fixes a couple of security issues: Replace two arg open CVE-2026-8704 Replace rand with a cryptographically-secure source of random data...

Linux Distros Unpatched Vulnerability : CVE-2026-45994

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ibmasm: fix OOB reads in commandfilewrite due to missing size checks The commandfilewrite handler allocates a kernel buffer of exactly count bytes and copies us...

Amazon Linux 2 : nss, --advisory ALAS2-2026-3304 (ALAS-2026-3304)

The version of nss installed on the remote host is prior to 3.90.0-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3304 advisory. Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR...

Linux Distros Unpatched Vulnerability : CVE-2026-5222

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple...

RHCOS 4 : Red Hat build of MicroShift 4.19.32 (RHSA-2026:20322)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:20322 advisory. - google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation...

Linux Distros Unpatched Vulnerability : CVE-2020-25813

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users. CVE-2020-25813 Note that Nessus...

Fedora 43 : perl-Crypt-DSA (2026-fdc100f74f)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-fdc100f74f advisory. This update fixes a couple of security issues: Replace two arg open CVE-2026-8704 Replace rand with a cryptographically-secure source of random data...

SUSE SLED15 / SLES15 Security Update : vim (SUSE-SU-2026:2029-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2029-1 advisory. This update for vim fixes the following issue: Security fixes: - CVE-2026-39881: command injection in NetBeans interfac...

Linux Distros Unpatched Vulnerability : CVE-2026-48691

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FastNetMon Community Edition through 1.2.9 contains an integer overflow in the BGP ASPATH attribute encoder. In src/bgpprotocol.hpp, the...

Linux Distros Unpatched Vulnerability : CVE-2026-3012

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Samba's certificate auto-enrollment Group Policy handling. When certificate auto- enrollment is enabled, Samba may retrieve a CA certificate...

Ubuntu 24.04 LTS : ONNX vulnerability (USN-8307-1)

The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8307-1 advisory. It was discovered that ONNX did not properly validate paths when extracting tar archives during model downloads. An attacker could possibly use this issue to...

RHEL 9 : .NET 10.0 (RHSA-2026:21297)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:21297 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation...

Linux Distros Unpatched Vulnerability : CVE-2026-46031

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: ks8851: Reinstate disabling of BHs around IRQ handler If the driver executes ks8851irq AND a TX packet has been sent, then the driver enables TX queue via...

Fedora 43 : rust-eif_build (2026-507f965d21)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-507f965d21 advisory. Rebuild with version 0.10.79 of the openssl crate which includes fixes for the following security issues: - CVE-2026-41676 / GHSA-pqf5-4pqq-29f5 -...

Amazon Linux 2023 : python3-twisted, python3-twisted+tls (ALAS2023-2026-1734)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1734 advisory. The twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending a crafted...

Linux Distros Unpatched Vulnerability : CVE-2026-45855

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ata: libata-scsi: avoid Non-NCQ command starvation When a non-NCQ command is issued while NCQ commands are being executed, atascsiqcissue indicates to the SCSI...

Linux Distros Unpatched Vulnerability : CVE-2026-45942

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ext4: fix e4b bitmap inconsistency reports A bitmap inconsistency issue was observed during stress tests under mixed huge-page workloads. Ext4 reported multiple...

Linux Distros Unpatched Vulnerability : CVE-2026-46022

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - misc: ibmasm: fix OOB MMIO read in ibmasmhandlemouseinterrupt ibmasmhandlemouseinterrupt performs an out-of-bounds MMIO read when the queue reader or writer ind...

Linux Distros Unpatched Vulnerability : CVE-2026-48689

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamicbinarybuffert class src/dynamicbinarybuffer.hpp. Five...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2026-104 (ALASKERNEL-5.15-2026-104)

The version of kernel installed on the remote host is prior to 5.15.206-144.232. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2026-104 advisory. In the Linux kernel, the following vulnerability has been resolved: net/rds: reset opnents when zerocopy...

Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2026-059 (ALASFIREFOX-2026-059)

The version of firefox installed on the remote host is prior to 140.10.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2FIREFOX-2026-059 advisory. libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document. CVE-2026-410...

Linux Distros Unpatched Vulnerability : CVE-2025-71304

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smack: /smack/doi: accept previously used values Writing to /smack/doi a value that has ever been written there in the past disables networking for non-ambient...

Fedora 44 : perl-Crypt-DSA (2026-cdcb20089b)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-cdcb20089b advisory. This update fixes a couple of security issues: Replace two arg open CVE-2026-8704 Replace rand with a cryptographically-secure source of random data...

FreeBSD : Grafana -- Query resampling can cause unbounded memory allocations (c079e809-5900-11f1-b525-3c7c3fba4204)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c079e809-5900-11f1-b525-3c7c3fba4204 advisory. https://grafana.com/security/security-advisories/cve-2026-27879 reports: A resample query can be used t...

Amazon Linux 2023 : firefox (ALAS2023-2026-1725)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1725 advisory. In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input. CVE-2026-45186 Use-after-free in th...

Debian dsa-6300 : node-shell-quote - security update

The remote Debian 12 / 13 host has a package installed that is affected by a vulnerability as referenced in the dsa-6300 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6300-1 [email protected] https://www.debian.org/security/...

Linux Distros Unpatched Vulnerability : CVE-2026-45867

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - power: supply: act8945a: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registering t...

Linux Distros Unpatched Vulnerability : CVE-2026-4408

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the check password...

Linux Distros Unpatched Vulnerability : CVE-2026-46038

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: qrtr: ns: Free the node during ctrlcmdbye A node sends the BYE packet when it is about to go down. So the nameserver should advertise the removal of the no...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : SimpleEval vulnerability (USN-8301-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8301-1 advisory. Byambadalai Sumiya discovered that SimpleEval did not properly restrict attribute access and...

Tenable Sensor Proxy < 1.4.0 Multiple Vulnerabilities (TNS-2026-15)

According to its self-reported version, the Tenable Sensor Proxy running on the remote host is prior to 1.4.0. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2026-15 advisory. - When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed...

Linux Distros Unpatched Vulnerability : CVE-2026-41074

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RT is an open source, enterprise-grade issue and ticket tracking system. Versions 6.0.0 through 6.0.2 contain a Cross-Site Request Forgery CSRF vulnerability. A...

Linux Distros Unpatched Vulnerability : CVE-2026-45944

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iommu/vt-d: Clear Present bit before tearing down context entry When tearing down a context entry, the current implementation zeros the entire 128-bit entry usi...

Linux Distros Unpatched Vulnerability : CVE-2025-71305

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/display/dpmst: Add protection against 0 vcpi When releasing a timeslot there is a slight chance we may end up with the wrong payload mask due to overflow if...

Slackware Linux 15.0 / current mozilla-thunderbird Vulnerability (SSA:2026-146-01)

The version of mozilla-thunderbird installed on the remote host is prior to 140.11.1esr. It is, therefore, affected by a vulnerability as referenced in the SSA:2026-146-01 advisory. New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. Tenable has...

Linux Distros Unpatched Vulnerability : CVE-2026-46002

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ext2: reject inodes with zero inlink and valid mode in ext2iget ext2iget already rejects inodes with inlink == 0 when imode is zero or idtime is set, treating...

Fedora 44 : rust-eif_build (2026-32c3ca78ef)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-32c3ca78ef advisory. Rebuild with version 0.10.79 of the openssl crate which includes fixes for the following security issues: - CVE-2026-41676 / GHSA-pqf5-4pqq-29f5 -...

Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3315 (ALAS-2026-3315)

The version of thunderbird installed on the remote host is prior to 140.10.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3315 advisory. In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of servic...