Unity Linux 20.1060e / 20.1070e Security Update: openblas (UTSA-2026-016623)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016623 advisory. An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version...

Linux Distros Unpatched Vulnerability : CVE-2026-47732

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - php-twig - None Ubuntu Linux - Unknown description CVE-2026-47732 Note that Nessus relies on the presence of the package as reported by the vendo...

Linux Distros Unpatched Vulnerability : CVE-2026-8706

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive...

Unity Linux 20.1070e Security Update: infinispan (UTSA-2026-016719)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016719 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...

Windows Cloud Files Mini Filter Driver EoP (MiniPlasma) (Direct Check) (CVE-2020-17103)

Binary data windowsminiplasmaCVE-2020-17103.nbin...

Unity Linux 20.1060e / 20.1070e Security Update: ceph (UTSA-2026-016657)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016657 advisory. A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers vi...

Linux Distros Unpatched Vulnerability : CVE-2026-43501

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipv6: rpl: reserve maclen headroom when recompressed SRH grows ipv6rplsrhrcv decompresses an RFC 6554 Source Routing Header, swaps the next segment into...

Unity Linux 20.1070e Security Update: netty (UTSA-2026-016700)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016700 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...

Linux Distros Unpatched Vulnerability : CVE-2026-45756

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Symfony's JsonPath Evaluates Attacker-Controlled Regular Expressions in match/search Without Limits ReDoS CVE-2026-45756 Note that Nessus relies on the presence...

Linux Distros Unpatched Vulnerability : CVE-2026-45753

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux - Unknown description CVE-2026-45753 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenabl...

Progress MOVEit Automation 2025.0.x < 2025.0.11 / 2025.1.x < 2025.1.7 Multiple Vulnerabilities

The version of Progress MOVEit Automation installed on the remote host is 2025.0.x prior to 2025.0.11 or 2025.1.x prior to 2025.1.7. It is, therefore, affected by multiple vulnerabilities: - Uncontrolled Memory Allocation vulnerability allows excessive allocation. CVE-2026-8485 - Allocation of...

Unity Linux 20.1070e Security Update: HikariCP (UTSA-2026-016726)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016726 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...

Unity Linux 20.1070e Security Update: cfitsio (UTSA-2026-016766)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016766 advisory. In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An...

Unity Linux 20.1070e Security Update: xmlgraphics-commons (UTSA-2026-016739)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016739 advisory. Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a...

Unity Linux 20.1070e Security Update: libEMF (UTSA-2026-016703)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016703 advisory. libEMF aka ECMA-234 Metafile Library through 1.0.11 allows out-of-bounds memory access. Tenable has extracted the preceding description block directly from the Unity...

Unity Linux 20.1060e / 20.1070e Security Update: nodejs-minimist (UTSA-2026-016649)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016649 advisory. minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a constructor or proto payload. Tenable has extracted the...

Linux Distros Unpatched Vulnerability : CVE-2026-7471

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allow...

Unity Linux 20.1060e / 20.1070e Security Update: grafana (UTSA-2026-016609)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016609 advisory. Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest...

Security Update for Windows Defender (May 2026) (CVE-2026-41091)

The Malware Protection Engine version of Microsoft Windows Defender installed on the remote Windows host is prior to 1.1.26040.8. It is, therefore, affected by a privilege escalation vulnerability: - Improper link resolution before file access 'link following' in Microsoft Defender allows an...

Fedora 43 : kernel (2026-94731f4ace)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-94731f4ace advisory. The 7.0.9-105/205 stable kernel updates contain a couple if important security fixes. Tenable has extracted the preceding description block directly from the...

Linux Distros Unpatched Vulnerability : CVE-2026-47212

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux - Unknown description CVE-2026-47212 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenabl...

Linux Distros Unpatched Vulnerability : CVE-2026-32312

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, an authenticated user with forms READ permission can export the...

Mattermost Server 10.11.x <= 10.11.13 / 11.4.x <= 11.4.3 / 11.5.x <= 11.5.1 Multiple Vulnerabilities (MMSA-2026-00573 / MMSA-2026-00576 / MMSA-2026-00591 / MMSA-2026-00605 / MMSA-2026-00607 / MMSA-2026-00608 / MMSA-2026-00614 / MMSA-2026-00627)

The version of Mattermost Server installed on the remote host is affected by multiple vulnerabilities: - Mattermost fails to sanitize sensitive configuration fields before including them in support packet generation, which allows a Mattermost System Admin or any party with access to a support...

Unity Linux 20.1070e Security Update: libEMF (UTSA-2026-016697)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016697 advisory. ScaleViewPortExtEx in libemf.cpp in libEMF aka ECMA-234 Metafile Library 1.0.12 allows an integer overflow and denial of service via a crafted EMF file. Tenable has...

Unity Linux 20.1060e / 20.1070e Security Update: derby (UTSA-2026-016640)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016640 advisory. In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and...

Unity Linux 20.1070e Security Update: hibernate3 (UTSA-2026-016759)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016759 advisory. A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit...

Unity Linux 20.1070e Security Update: undertow (UTSA-2026-016715)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016715 advisory. A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the Expect: 100-continue header may cause an out of memory error...

Unity Linux 20.1070e Security Update: jersey (UTSA-2026-016750)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016750 advisory. Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFil...

Linux Distros Unpatched Vulnerability : CVE-2026-45793

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux - Github Actions issued GITHUBTOKEN disclosure in GitHub Actions logs CVE-2026-45793 Note that Nessus relies on the presence of the package as...

Unity Linux 20.1060e / 20.1070e Security Update: rubygem-excon (UTSA-2026-016618)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016618 advisory. In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted such as by a timeout would leave da...

Unity Linux 20.1070e Security Update: springframework (UTSA-2026-016734)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016734 advisory. Apache Log4j2 2.0-beta9 through 2.15.0 excluding security releases 2.12.2, 2.12.3, and 2.3.1 JNDI features used in configuration, log messages, and parameters do not...

Unity Linux 20.1060e / 20.1070e Security Update: maven-shared-utils (UTSA-2026-016689)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016689 advisory. In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection...

Unity Linux 20.1060e / 20.1070e Security Update: spice-vdagent (UTSA-2026-016611)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016611 advisory. A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with acce...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: eclipse-ecf (UTSA-2026-016602)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016602 advisory. The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate...

Unity Linux 20.1070e Security Update: aspell (UTSA-2026-016693)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016693 advisory. objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::duptop called from acommon::StringMap::add and acommon::Config::lookuplist...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: numpy (UTSA-2026-016631)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016631 advisory. An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific...

Linux Distros Unpatched Vulnerability : CVE-2026-8971

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. CVE-2026-8971 Note that Nessus reli...

Unity Linux 20.1050e / 20.1070e Security Update: sox (UTSA-2026-016768)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016768 advisory. An issue was discovered in SoX 14.4.2. lsxmakelpf in effectidsp.c allows a NULL pointer dereference. Tenable has extracted the preceding description block directly...

Linux Distros Unpatched Vulnerability : CVE-2026-45065

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - symfony - None Ubuntu Linux - Unknown description CVE-2026-45065 Note that Nessus relies on the presence of the package as reported by the vendor...

Linux Distros Unpatched Vulnerability : CVE-2026-33380

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the...

Unity Linux 20.1070e Security Update: springframework (UTSA-2026-016742)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016742 advisory. Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-paramiko (UTSA-2026-016596)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016596 advisory. In Paramiko before 2.10.1, a race condition between creation and chmod in the writeprivatekeyfile function could allow unauthorized information disclosure. Tenable h...

Linux Distros Unpatched Vulnerability : CVE-2026-33378

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Using the $timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL datasource. If the server is set up to auto-restart, the impac...

Linux Distros Unpatched Vulnerability : CVE-2026-32739

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in...

Linux Distros Unpatched Vulnerability : CVE-2026-47373

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing cou...

Unity Linux 20.1060e / 20.1070e Security Update: ant (UTSA-2026-016612)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016612 advisory. When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memor...

Linux Distros Unpatched Vulnerability : CVE-2026-41075

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.0 through 5.0.9 and 6.0.0 through 6.0.2 contain an SQL injection...

Linux Distros Unpatched Vulnerability : CVE-2026-28380

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Any Editor could delete any snapshot, even if they have no access to read or write them. CVE-2026-28380 Note that Nessus relies on the presence of the package a...

Linux Distros Unpatched Vulnerability : CVE-2026-28376

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to...

Linux Distros Unpatched Vulnerability : CVE-2026-8466

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart...