HP LaserJet Printers Missing Authorization (CVE-2013-4807)

Unspecified vulnerability on the HP LaserJet Pro P1102w, P1606dn, M1212nf MFP, M1213nf MFP, M1214nfh MFP, M1216nfh MFP, M1217nfw MFP, M1218nfs MFP, and CP1025nw with firmware before 20130703 allows remote attackers to modify data via unknown vectors. This plugin only works with Tenable.ot. Please...

HP LaserJet Printers Path Traversal (CVE-2012-5221)

Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet 3xxx, 47xx, 5550, 9500, CM60xx, CP35xx, CP4005, and CP6015; Color LaserJet Enterprise CP4xxx; and...

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2026:2039-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2039-1 advisory. This update for MozillaFirefox fixes the following issue Update to Firefox Extended Support Release 140.11.0 ESR MFSA 2026-48 bsc1265212 -...

Slackware Linux 15.0 / current kernel-generic Multiple Vulnerabilities (SSA:2026-144-01)

The version of kernel-generic installed on the remote host is prior to 5.15.208 / 5.15.208smp / 6.12.91 / 6.18.33. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2026-144-01 advisory. New kernel packages are available for Slackware 15.0 and -current to fix a...

RHEL 8 : fence-agents (RHSA-2026:20588)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:20588 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable...

IBM WebSphere Application Server 8.5.x / 9.x RCE (7274072)

The version of IBM WebSphere Application Server running on the remote host is affected by a remote code execution vulnerability as referenced in the 7274072 advisory. - IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and...

Atlassian Confluence 8.9.0 < 9.2.20 / 9.3.1 < 10.2.11 (CONFSERVER-103707)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-103707 advisory. - This HTTP Request/Response Smuggling vulnerability allows an unauthenticated attacker to manipulate HTTP requests in a way that causes the server...

HP LaserJet Printers Insecure Default Initialization of Resource (CVE-2011-4161)

The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables...

SUSE SLES15 Security Update : container-suseconnect (SUSE-SU-2026:2042-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2042-1 advisory. This update for container-suseconnect rebuilds it against the current go security release. Tenable has extracted the preceding description...

TencentOS Server 3: gdk-pixbuf2 (TSSA-2025:1014)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:1014 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Linux Distros Unpatched Vulnerability : CVE-2026-27136

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications...

SUSE SLES15 Security Update : rootlesskit (SUSE-SU-2026:2045-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2045-1 advisory. This update for rootlesskit rebuilds it against the current go security release. Tenable has extracted the preceding description block...

Linux Distros Unpatched Vulnerability : CVE-2026-45836

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: L2CAP: Fix null-ptr-deref in l2capsockgetsndtimeocb Add the same NULL guard already present in l2capsockresumecb and l2capsockreadycb. CVE-2026-45836...

Amazon Linux 2023 : perl-Net-CIDR-Lite (ALAS2023-2026-1732)

"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1732 advisory. Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. Inputs containing a trailing newline or non-ASCII digi...

RHEL 10 : python-tornado (RHSA-2026:20577)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:20577 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

Linux Distros Unpatched Vulnerability : CVE-2026-9538

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header. readtar reads each entry's payload wi...

FreeBSD : gstreamer1 -- multiple vulnerabilities (05aadfcc-55f5-11f1-915c-8974b59277b5)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 05aadfcc-55f5-11f1-915c-8974b59277b5 advisory. The GStreamer project reports multiple security vulnerabilities fixed in the 1.28.2 release:...

HP LaserJet Printers Denial of Service (CVE-2012-5215)

Unspecified vulnerability on the HP LaserJet Pro M1212nf, M1213nf, M1214nfh, M1216nfh, M1217nfw, and M1219nf, and HotSpot LaserJet Pro M1218nfs, with firmware before 20130211; LaserJet Pro CP1025nw with firmware before 20130212; and LaserJet Pro P1102w and P1606dn with firmware before 20130213...

Linux Distros Unpatched Vulnerability : CVE-2017-1000252

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service assertion failure, and hypervisor hang or crash via an...

Debian dla-4600 : python3-django-postorius - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4600 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4600-1 [email protected] https://www.debian.org/lts/security/...

FreeBSD : Roundcube Webmail -- Multiple vulnerabilities (b8777bc2-5758-11f1-8607-8447094a420f)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b8777bc2-5758-11f1-8607-8447094a420f advisory. The Roundcube Webmail project reports: See link for details. No CVE numbers available at the moment...

SUSE SLES15 Security Update : buildah (SUSE-SU-2026:2030-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2030-1 advisory. This update for buildah rebuilds it against the current go security release. Tenable has extracted the preceding description block directly...

Debian dsa-6296 : spip - security update

The remote Debian 13 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-6296 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6296-1 [email protected] https://www.debian.org/securit...

Linux Distros Unpatched Vulnerability : CVE-2026-48849

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, an unsanitized subject field in the draft restored value could lead to stored XSS/HTML/CSS...

SUSE SLES15 Security Update : nginx (SUSE-SU-2026:2050-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2050-1 advisory. This update for nginx fixes the following issues - CVE-2026-27651: denial of service via undisclosed requests when the...

Linux Distros Unpatched Vulnerability : CVE-2026-48715

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - radvd is a router advertisement daemon for IPv6. Prior to version 2.21, the radvdump utility shipped with radvd contains a stack buffer overflow in the Route...

Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2026-1738)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1738 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport...

TencentOS Server 3: krb5 (TSSA-2026:0386)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0386 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

SUSE SLED15 / SLES15 Security Update : ImageMagick (SUSE-SU-2026:2023-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2023-1 advisory. This update for ImageMagick fixes the following issues - CVE-2026-31853: heap buffer overflow leads to crash i...

RHEL 9 : libpng (RHSA-2026:20548)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:20548 advisory. The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics PNG image format files. Security Fixes:...

Linux Distros Unpatched Vulnerability : CVE-2026-48589

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Shiro's Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login. In affected versions, insufficient validati...

Linux Distros Unpatched Vulnerability : CVE-2026-5091

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison...

TencentOS Server 3: fontforge (TSSA-2026:0357)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0357 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 3: tigervnc (TSSA-2025:1016)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:1016 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Atlassian Confluence 9.1.0 < 9.2.20 / 9.3.1 < 10.2.11 (CONFSERVER-103647)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-103647 advisory. - This Information Disclosure vulnerability allows an unauthenticated attacker to view sensitive information via an Information Disclosure...

Linux Distros Unpatched Vulnerability : CVE-2026-48842

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape...

SUSE SLED15 / SLES15 Security Update : runc (SUSE-SU-2026:2031-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2031-1 advisory. This update for runc rebuilds it against the current go security release. Tenable has extracted the preceding descripti...

openSUSE 16 Security Update : perl-HTTP-Tiny (openSUSE-SU-2026:20792-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20792-1 advisory. Changes in perl-HTTP-Tiny: - updated to 0.094 0.094 - No changes from 0.093-TRIAL 0.093 - fix to prevent invalid characters in all headers, and prevent...

RHEL 8 : glibc (RHSA-2026:20587)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:20587 advisory. The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cach...

Linux Distros Unpatched Vulnerability : CVE-2026-48851

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and...

FreeBSD : jellyfin -- multiple vulnerabilities (87ff1d7e-6b24-4a5b-9825-90dcda5ee119)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 87ff1d7e-6b24-4a5b-9825-90dcda5ee119 advisory. The Jellyfin project reports: Jellyfin Server 10.11.10 fixes three security vulnerabilities: Tenable ha...

SUSE SLES15 Security Update : ImageMagick (SUSE-SU-2026:2022-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2022-1 advisory. This update for ImageMagick fixes the following issues - CVE-2026-31853: heap buffer overflow leads to crash in the SFW decoder of...

RHEL 9 : tigervnc (RHSA-2026:20576)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20576 advisory. Virtual Network Computing VNC is a remote display system which allows users to view a computing desktop environment not only on the machine...

RHEL 10 : mysql8.4 (RHSA-2026:20693)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20693 advisory. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld an...

nginx 0.6.27 < 1.30.1 ngx_http_rewrite_module Heap Buffer Overflow

According to its Server response header, the installed version of nginx is 0.6.27 prior to 1.30.1. It is, therefore, affected by the following issue : - NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when the rewrite directive i...

HP LaserJet Printers Cross-site Scripting (CVE-2012-3272)

Cross-site scripting XSS vulnerability on the HP Color LaserJet CM3530 with firmware before 53.190.9, Color LaserJet CM60xx with firmware before 52.210.9, Color LaserJet CP3525 with firmware before 06.140.3.18, Color LaserJet CP4xxx with firmware before 07.120.6, Color LaserJet CP6015 with firmwa...

RHEL 10 : glibc (RHSA-2026:20594)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:20594 advisory. The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cac...

Joomla 3.0.x < 5.4.6 / 6.0.x < 6.1.1 Joomla 6.1.1 & 5.4.6 Security & Bugfix Release (5954-joomla-6-1-1-5-4-6-security-bugfix-release)

According to its self-reported version, the instance of Joomla! running on the remote web server is 3.0.x prior to 5.4.6 or 6.0.x prior to 6.1.1. It is, therefore, affected by a vulnerability. - Lack of input filtering leads to an XSS vector in the HTML filter code. CVE-2026-48905 Note that Nessu...

Atlassian Confluence 8.9.0 < 9.2.20 / 9.3.1 < 10.2.11 (CONFSERVER-103708)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-103708 advisory. - This Improper Encoding or Escaping of Output vulnerability allows an unauthenticated attacker to potentially disclose sensitive information via t...

Linux Distros Unpatched Vulnerability : CVE-2026-42506

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications...