Unity Linux 20.1060e / 20.1070e Security Update: logback (UTSA-2026-016687)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016687 advisory. In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to...

Unity Linux 20.1070e Security Update: mybatis (UTSA-2026-016735)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016735 advisory. Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a...

Linux Distros Unpatched Vulnerability : CVE-2026-8967

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Information disclosure in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. CVE-2026-8967 Note that Nessus relies...

Unity Linux 20.1060e / 20.1070e Security Update: qt5-qtsvg (UTSA-2026-016645)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016645 advisory. Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps::growAppend called from QPainterPath::addPath and...

Linux Distros Unpatched Vulnerability : CVE-2026-45073

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - symfony - None Ubuntu Linux - Unknown description CVE-2026-45073 Note that Nessus relies on the presence of the package as reported by the vendor...

Unity Linux 20.1070e Security Update: gradle (UTSA-2026-016763)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016763 advisory. The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the sam...

RockyLinux 9 : grub2 (RLSA-2026:4760)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:4760 advisory. grub2: Missing unregister call for gettext command may lead to use-after-free CVE-2025-61662 Tenable has extracted the preceding description block directly from t...

Linux Distros Unpatched Vulnerability : CVE-2026-28380

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Any Editor could delete any snapshot, even if they have no access to read or write them. CVE-2026-28380 Note that Nessus relies on the presence of the package a...

Mattermost Server 10.11.x <= 10.11.13 / 11.5.x <= 11.5.1 Multiple Vulnerabilities (MMSA-2026-00570 / MMSA-2026-00575 / MMSA-2026-00582 / MMSA-2026-00622)

The version of Mattermost Server installed on the remote host is affected by multiple vulnerabilities: - Mattermost fails to validate the Host header when constructing response URLs for custom slash commands which allows an authenticated attacker to redirect slash command responses to an...

Linux Distros Unpatched Vulnerability : CVE-2026-8952

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Privilege escalation in the Application Update component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. CVE-2026-8952 Note that Nessus relies...

Linux Distros Unpatched Vulnerability : CVE-2026-8964

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spoofing issue in the Popup Blocker component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. CVE-2026-8964 Note that Nessus relies on the...

Linux Distros Unpatched Vulnerability : CVE-2026-47732

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - php-twig - None Ubuntu Linux - Unknown description CVE-2026-47732 Note that Nessus relies on the presence of the package as reported by the vendo...

Unity Linux 20.1070e Security Update: log4j (UTSA-2026-016696)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016696 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...

Linux Distros Unpatched Vulnerability : CVE-2025-13874

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have...

Unity Linux 20.1060e / 20.1070e Security Update: jboss-logging (UTSA-2026-016641)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016641 advisory. Apache Log4j2 2.0-beta9 through 2.15.0 excluding security releases 2.12.2, 2.12.3, and 2.3.1 JNDI features used in configuration, log messages, and parameters do not...

Linux Distros Unpatched Vulnerability : CVE-2026-8971

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. CVE-2026-8971 Note that Nessus reli...

Linux Distros Unpatched Vulnerability : CVE-2026-8966

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. CVE-2026-8966 Note that Nessus relies on...

Linux Distros Unpatched Vulnerability : CVE-2026-45064

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux - Unknown description CVE-2026-45064 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenabl...

Unity Linux 20.1070e Security Update: mod_fcgid (UTSA-2026-016767)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016767 advisory. A security Bypass vulnerability exists in the FcgidPassHeader Proxy in modfcgid through 2016-07-07. Tenable has extracted the preceding description block directly fr...

Linux Distros Unpatched Vulnerability : CVE-2026-28374

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Editors could delete any annotation, even those they do not have read access to. The editor user cannot create or read the annotations. CVE-2026-28374 Note that...

Unity Linux 20.1070e Security Update: festival (UTSA-2026-016710)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016710 advisory. festivalserver in Centre for Speech Technology Research CSTR Festival, probably 2.0.95-beta and earlier, places a zero-length directory name in the LDLIBRARYPATH,...

Linux Distros Unpatched Vulnerability : CVE-2026-33378

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Using the $timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL datasource. If the server is set up to auto-restart, the impac...

Linux Distros Unpatched Vulnerability : CVE-2026-8695

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - radare2 6.1.5 contains a use-after-free vulnerability in the gdbrthreadslist function that allows remote attackers to trigger memory corruption by sending a val...

Unity Linux 20.1050e / 20.1070e Security Update: sox (UTSA-2026-016770)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016770 advisory. An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h startread function, there is an integer overflow on the result of integer addition wraparound to 0 fe...

Linux Distros Unpatched Vulnerability : CVE-2025-12669

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have...

Linux Distros Unpatched Vulnerability : CVE-2026-8706

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive...

RockyLinux 8 : libreswan (RLSA-2023:7052)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:7052 advisory. libreswan: Invalid IKEv2 REKEY proposal causes restart CVE-2023-38710 libreswan: Invalid IKEv1 Quick Mode ID causes restart CVE-2023-38711 libreswan:...

Unity Linux 20.1060e / 20.1070e Security Update: python-flask-restx (UTSA-2026-016606)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016606 advisory. Flask-RESTX pypi package flask-restx is a community driven fork of Flask-RESTPlus. Flask-RESTX before version 0.5.1 is vulnerable to ReDoS Regular Expression Denial ...

Unity Linux 20.1060e / 20.1070e Security Update: mybatis (UTSA-2026-016669)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016669 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...

RockyLinux 9 : openssh (RLSA-2025:23480)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:23480 advisory. openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand CVE-2025-61984 openssh: OpenSSH: Null character in ssh://...

Linux Distros Unpatched Vulnerability : CVE-2026-45074

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Symfony's Cas2Handler Derives CAS service URL from Client Host Header Cross-Service Ticket Replay CVE-2026-45074 Note that Nessus relies on the presence of the...

Ubuntu 24.04 LTS / 25.10 : XDG Desktop Portal vulnerability (USN-8287-1)

The remote Ubuntu 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8287-1 advisory. It was discovered that XDG Desktop Portal incorrectly handled trashing files. A local attacker could possibly use this issue to delete arbitrary files on...

Unity Linux 20.1060e / 20.1070e Security Update: spice-vdagent (UTSA-2026-016625)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016625 advisory. A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to...

Linux Distros Unpatched Vulnerability : CVE-2026-6335

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.3 that under certain conditions could have allowed an authenticate...

Linux Distros Unpatched Vulnerability : CVE-2026-8843

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Creating a 2dspherebucket index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that...

Unity Linux 20.1070e Security Update: wildfly-core (UTSA-2026-016706)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016706 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...

Linux Distros Unpatched Vulnerability : CVE-2026-8965

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Information disclosure in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. CVE-2026-8965 Note that Nessus relies on...

Unity Linux 20.1060e / 20.1070e Security Update: rubygem-rails (UTSA-2026-016644)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016644 advisory. A client side enforcement of server side security vulnerability exists in rails 5.2.4.2 and rails 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length o...

Unity Linux 20.1070e Security Update: wildfly-core (UTSA-2026-016736)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016736 advisory. Apache Log4j2 2.0-beta9 through 2.15.0 excluding security releases 2.12.2, 2.12.3, and 2.3.1 JNDI features used in configuration, log messages, and parameters do not...

RockyLinux 9 : image-builder (RLSA-2026:1377)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:1377 advisory. golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 Tenable has extracted the preceding description block directly from the...

Linux Distros Unpatched Vulnerability : CVE-2026-8972

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Privilege escalation in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. CVE-2026-8972 Note that Nessus relie...

Unity Linux 20.1060e / 20.1070e Security Update: PackageKit (UTSA-2026-016629)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016629 advisory. PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable ...

RockyLinux 9 : systemd (RLSA-2025:22660)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:22660 advisory. systemd-coredump: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump CVE-2025-4598 Tenable has...

Unity Linux 20.1070e Security Update: HikariCP (UTSA-2026-016695)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016695 advisory. Apache Log4j2 2.0-beta9 through 2.15.0 excluding security releases 2.12.2, 2.12.3, and 2.3.1 JNDI features used in configuration, log messages, and parameters do not...

Unity Linux 20.1070e Security Update: wildfly-build-tools (UTSA-2026-016748)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016748 advisory. Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a...

RockyLinux 8 : abrt (RLSA-2025:22760)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:22760 advisory. abrt: Command-injection in ABRT leading to local privilege escalation CVE-2025-12744 Tenable has extracted the preceding description block directly from the...

Linux Distros Unpatched Vulnerability : CVE-2026-33376

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses specifying a mask explicitly are not affected; to mitigate...

Linux Distros Unpatched Vulnerability : CVE-2025-14575

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network qtbase in Qt Qt Framework Unix allows a local attacker to load a rogu...

Unity Linux 20.1060e / 20.1070e Security Update: nodejs-fstream (UTSA-2026-016675)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016675 advisory. fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file th...

Unity Linux 20.1070e Security Update: keepalived (UTSA-2026-016728)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016728 advisory. In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This...