Unity Linux 20.1060e / 20.1070e Security Update: nodejs-fstream (UTSA-2026-016675)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016675 advisory. fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file th...

Unity Linux 20.1070e Security Update: keepalived (UTSA-2026-016728)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016728 advisory. In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This...

Unity Linux 20.1070e Security Update: datanucleus-rdbms (UTSA-2026-016721)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016721 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...

Unity Linux 20.1070e Security Update: libEMF (UTSA-2026-016698)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016698 advisory. libEMF aka ECMA-234 Metafile Library through 1.0.11 allows a use-after-free. Tenable has extracted the preceding description block directly from the Unity Linux...

Linux Distros Unpatched Vulnerability : CVE-2026-1659

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have...

Unity Linux 20.1060e / 20.1070e Security Update: rubygem-kramdown (UTSA-2026-016633)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016633 advisory. Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated. Tenable has extracted th...

Unity Linux 20.1060e / 20.1070e Security Update: lighttpd (UTSA-2026-016637)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016637 advisory. In lighttpd 1.4.46 through 1.4.63, the modextforwardForwarded function of the modextforward plugin has a stack-based buffer overflow 4 bytes representing -1, as...

Unity Linux 20.1060e / 20.1070e Security Update: avalon-logkit (UTSA-2026-016681)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016681 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...

Unity Linux 20.1070e Security Update: xstream (UTSA-2026-016761)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016761 advisory. XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on...

RockyLinux 8 : abrt (RLSA-2025:22760)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:22760 advisory. abrt: Command-injection in ABRT leading to local privilege escalation CVE-2025-12744 Tenable has extracted the preceding description block directly from the...

Linux Distros Unpatched Vulnerability : CVE-2026-8973

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory safety bugs present in Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could ha...

Debian dla-4593 : libopenjp2-7 - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4593 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4593-1 [email protected] https://www.debian.org/lts/security/...

Unity Linux 20.1070e Security Update: springframework (UTSA-2026-016711)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016711 advisory. Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests ...

Linux Distros Unpatched Vulnerability : CVE-2026-41073

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RT is an open source, enterprise-grade issue and ticket tracking system. Versions prior to 5.0.10 and 6.0.0 through 6.0.2 contain a spreadsheet CSV/formula...

Linux Distros Unpatched Vulnerability : CVE-2026-43495

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: wwan: t7xx: validate portcount against message length in t7xxportenummsghandler t7xxportenummsghandler uses the modem-supplied portcount field as a loop...

Unity Linux 20.1060e / 20.1070e Security Update: nettle (UTSA-2026-016652)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016652 advisory. A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated cipherte...

Unity Linux 20.1070e Security Update: netty (UTSA-2026-016730)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016730 advisory. Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to...

Unity Linux 20.1060e / 20.1070e Security Update: ant (UTSA-2026-016647)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016647 advisory. As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them...

Unity Linux 20.1070e Security Update: wildfly-build-tools (UTSA-2026-016748)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016748 advisory. Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a...

Unity Linux 20.1060e / 20.1070e Security Update: apr (UTSA-2026-016610)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016610 advisory. When aprtimeexp or aprosexptime functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be...

RockyLinux 8 : libreswan (RLSA-2023:7052)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:7052 advisory. libreswan: Invalid IKEv2 REKEY proposal causes restart CVE-2023-38710 libreswan: Invalid IKEv1 Quick Mode ID causes restart CVE-2023-38711 libreswan:...

Unity Linux 20.1060e / 20.1070e Security Update: libupnp (UTSA-2026-016655)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016655 advisory. Portable UPnP SDK aka libupnp 1.12.1 and earlier allows remote attackers to cause a denial of service crash via a crafted SSDP message due to a NULL pointer...

Linux Distros Unpatched Vulnerability : CVE-2026-8843

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Creating a 2dspherebucket index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that...

RockyLinux 8 : osbuild-composer (RLSA-2025:7967)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:7967 advisory. golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing CVE-2025-30204 Tenable has extracted the preceding description block directly from...

PostgreSQL 14.x < 14.23 / 15.x < 15.18 / 16.x < 16.14 / 17.x < 17.10 / 18.x < 18.4 Multiple Vulnerabilities

The version of PostgreSQL installed on the remote host is 14 prior to 14.23, 15 prior to 15.18, 16 prior to 16.14, 17 prior to 17.10, or 18 prior to 18.4. As such, it is potentially affected by multiple vulnerabilities: - Stack buffer overflow in PostgreSQL module refint allows an unprivileged...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : PostgreSQL vulnerabilities (USN-8294-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8294-1 advisory. It was discovered that PostgreSQL did not correctly enforce authorization for CREATE TYPE. An attacker could possibly use...

Oracle Linux 10 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50279)

The remote Oracle Linux 10 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-50279 advisory. 6.12.0-202.76.4.3 - ptrace: slightly saner 'getdumpable' logic Linus Torvalds Orabug: 39391434 CVE-2026-46333 Tenable has extracted the preceding...

RHEL 9 : kernel (RHSA-2026:20129)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20129 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Fragnesia is a variant of Dir...

RockyLinux 9 : python-tornado (RLSA-2026:19189)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19189 advisory. tornado-python: Tornado: Denial of Service via large multipart bodies CVE-2026-31958 tornado: Tornado: Cookie attribute injection due to improper handli...

Linux Distros Unpatched Vulnerability : CVE-2026-7481

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allow...

Windows Defender < 4.18.26040.7 DoS (CVE-2026-45498)

The Antimalware Platform version of Microsoft Windows Defender installed on the remote Windows host is prior to 4.18.26040.7. It is, therefore, affected by a denial of service vulnerability: - Microsoft Defender Denial of Service Vulnerability. CVE-2026-45498 Note that Nessus has not tested for...

Debian dsa-6289 : openvpn - security update

The remote Debian 12 / 13 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-6289 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6289-1 [email protected]...

Security Update for Windows Defender (May 2026) (CVE-2026-41091)

The Malware Protection Engine version of Microsoft Windows Defender installed on the remote Windows host is prior to 1.1.26040.8. It is, therefore, affected by a privilege escalation vulnerability: - Improper link resolution before file access 'link following' in Microsoft Defender allows an...

Linux Distros Unpatched Vulnerability : CVE-2026-6073

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allow...

Grafana Labs < 11.6.14+security-04 / 12.2.0 < 12.2.8+security-04 / 12.3.0 < 12.3.6+security-04 / 12.4.0 < 12.4.3+security-02 / 13.0.0 < 13.0.1+security-01 Multiple Vulnerabilities

The version of Grafana Labs installed on the remote host is affected by multiple vulnerabilities, including: - A broken access control flaw in the Snapshot API allows any Editor to delete dashboard snapshots, even those they have no read or write access to. CVE-2026-28380 - When using an IPv6...

Linux Distros Unpatched Vulnerability : CVE-2026-33380

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the...

Linux Distros Unpatched Vulnerability : CVE-2026-28376

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to...

Linux Distros Unpatched Vulnerability : CVE-2026-28383

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A request to the Grafana plugin resources endpoint can cause unbounded memory allocation by reading the entire request body into memory. An authenticated user c...

Linux Distros Unpatched Vulnerability : CVE-2026-33377

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate...

Linux Distros Unpatched Vulnerability : CVE-2026-33378

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Using the $timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL datasource. If the server is set up to auto-restart, the impac...

Linux Distros Unpatched Vulnerability : CVE-2026-28374

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Editors could delete any annotation, even those they do not have read access to. The editor user cannot create or read the annotations. CVE-2026-28374 Note that...

Linux Distros Unpatched Vulnerability : CVE-2026-28379

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A race condition in Grafana Live allows authenticated users with Viewer role to trigger a server crash by sending concurrent requests that cause a fatal map...

Linux Distros Unpatched Vulnerability : CVE-2026-28380

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Any Editor could delete any snapshot, even if they have no access to read or write them. CVE-2026-28380 Note that Nessus relies on the presence of the package a...

Linux Distros Unpatched Vulnerability : CVE-2026-33376

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses specifying a mask explicitly are not affected; to mitigate...

Linux Distros Unpatched Vulnerability : CVE-2026-33381

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When a user's access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will...

Linux Distros Unpatched Vulnerability : CVE-2026-4527

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have...

Linux Distros Unpatched Vulnerability : CVE-2026-6335

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.3 that under certain conditions could have allowed an authenticate...

Linux Distros Unpatched Vulnerability : CVE-2026-8280

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have...

RHEL 9 : kernel (RHSA-2026:20054)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20054 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Fragnesia is a variant of Dir...

RHEL 8 : kernel (RHSA-2026:20130)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20130 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: can: raw: fix ro-uniq...