Linux Distros Unpatched Vulnerability : CVE-2026-45624

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when performing a...

Linux Distros Unpatched Vulnerability : CVE-2026-9150

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian...

Linux Distros Unpatched Vulnerability : CVE-2026-9149

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted .solv file containing negative size valu...

RockyLinux 10 : java-25-openjdk (RLSA-2026:9693)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:9693 advisory. JDK: Enhance crypto algorithm support CVE-2026-22007 JDK: Improved Arena allocations CVE-2026-22008 JDK: Improve Kerberos credentialing CVE-2026-22013...

Unity Linux 20.1060e / 20.1070e Security Update: gnome-autoar (UTSA-2026-016654)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016654 advisory. autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it...

RockyLinux 10 : openssh (RLSA-2026:13380)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:13380 advisory. OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode CVE-2026-35385 OpenSSH: OpenSSH: Security bypass via...

Linux Distros Unpatched Vulnerability : CVE-2026-45359

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-22, an invalid...

Linux Distros Unpatched Vulnerability : CVE-2026-46523

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, a crafted MSL image can...

RockyLinux 9 : openssh (RLSA-2026:13381)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:13381 advisory. OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode CVE-2026-35385 OpenSSH: OpenSSH: Security bypass via...

RockyLinux 9 : openssh (RLSA-2026:6462)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:6462 advisory. openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables CVE-2026-3497 Tenable has extracted the preceding description...

Linux Distros Unpatched Vulnerability : CVE-2026-45305

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - symfony - None Ubuntu Linux - Unknown description CVE-2026-45305 Note that Nessus relies on the presence of the package as reported by the vendor...

Linux Distros Unpatched Vulnerability : CVE-2026-8969

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. CVE-2026-8969 Note that Nessus relies on the...

Linux Distros Unpatched Vulnerability : CVE-2026-8952

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Privilege escalation in the Application Update component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. CVE-2026-8952 Note that Nessus relies...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : PostgreSQL vulnerabilities (USN-8294-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8294-1 advisory. It was discovered that PostgreSQL did not correctly enforce authorization for CREATE TYPE. An attacker could possibly use...

Linux Distros Unpatched Vulnerability : CVE-2026-8948

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. CVE-2026-8948 Note that Nessus reli...

PostgreSQL 14.x < 14.23 / 15.x < 15.18 / 16.x < 16.14 / 17.x < 17.10 / 18.x < 18.4 Multiple Vulnerabilities

The version of PostgreSQL installed on the remote host is 14 prior to 14.23, 15 prior to 15.18, 16 prior to 16.14, 17 prior to 17.10, or 18 prior to 18.4. As such, it is potentially affected by multiple vulnerabilities: - Stack buffer overflow in PostgreSQL module refint allows an unprivileged...

Linux Distros Unpatched Vulnerability : CVE-2026-8963

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spoofing issue in the Web Speech component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. CVE-2026-8963 Note that Nessus relies on the presen...

Linux Distros Unpatched Vulnerability : CVE-2026-8964

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spoofing issue in the Popup Blocker component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. CVE-2026-8964 Note that Nessus relies on the...

AlmaLinux 8 : firefox (ALSA-2026:19588)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:19588 advisory. firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1 CVE-2026-7323 firefox: thunderbird: Information disclosure due...

Linux Distros Unpatched Vulnerability : CVE-2026-41888

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2//manifests/ endpoint bypasses the...

Unity Linux 20.1060e / 20.1070e Security Update: PackageKit (UTSA-2026-016629)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016629 advisory. PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable ...

RockyLinux 8 : osbuild-composer (RLSA-2025:7967)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:7967 advisory. golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing CVE-2025-30204 Tenable has extracted the preceding description block directly from...

Linux Distros Unpatched Vulnerability : CVE-2026-8945

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sandbox escape in Firefox and Firefox Focus for Android. This vulnerability was fixed in Firefox 151. CVE-2026-8945 Note that Nessus relies on the presence of t...

Linux Distros Unpatched Vulnerability : CVE-2026-8959

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird...

Keycloak < 26.6.2 Multiple Vulnerabilities

Keycloak versions installed prior to 26.6.2 are affected by multiple vulnerabilities, including: - A flaw was found in Keycloak's redirect URI validation logic. An attacker can bypass validation to redirect users to malicious sites, potentially leading to phishing attacks and credential theft...

Debian dsa-6288 : thunderbird - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6288 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6288-1 [email protected]...

Unity Linux 20.1060e / 20.1070e Security Update: rubygem-nokogiri (UTSA-2026-016661)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016661 advisory. Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE...

Linux Distros Unpatched Vulnerability : CVE-2026-8971

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. CVE-2026-8971 Note that Nessus reli...

Linux Distros Unpatched Vulnerability : CVE-2026-8951

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spoofing issue in the Toolbar component in Firefox for Android. This vulnerability was fixed in Firefox 151. CVE-2026-8951 Note that Nessus relies on the presen...

Linux Distros Unpatched Vulnerability : CVE-2026-8973

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory safety bugs present in Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could ha...

Linux Distros Unpatched Vulnerability : CVE-2026-46627

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - php-twig - None Ubuntu Linux - Unknown description CVE-2026-46627 Note that Nessus relies on the presence of the package as reported by the vendo...

FreeBSD : FreeBSD -- Missing validation in ptrace(PT_SC_REMOTE) (6c96da5e-54b6-11f1-8d7a-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6c96da5e-54b6-11f1-8d7a-bc241121aa0a advisory. ptracePTSCREMOTE failed to properly validate parameters for the syscall2 and syscall2 meta-system calls...

Linux Distros Unpatched Vulnerability : CVE-2026-45068

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - symfony - None Ubuntu Linux - Unknown description CVE-2026-45068 Note that Nessus relies on the presence of the package as reported by the vendor...

F5 Networks BIG-IP : Appliance mode iControl REST vulnerability (K000160911)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160911 advisory. When running in Appliance mode, a directory traversal vulnerability exists in an undisclosed iControl...

Linux Distros Unpatched Vulnerability : CVE-2026-9119

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap buffer overflow in WebRTC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HT...

Linux Distros Unpatched Vulnerability : CVE-2021-47952

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSO...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : OpenVPN vulnerabilities (USN-8286-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8286-1 advisory. Guannan Wang, Zhanpeng Liu, Guancheng Li, and Emma Reuter discovered that OpenVPN incorrectly handled suitably malformed...

Linux Distros Unpatched Vulnerability : CVE-2026-9116

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in ServiceWorker in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to leak cross-origin data via a crafted...

F5 Networks BIG-IP : BIG-IP DTLS vulnerability (K000160901)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0.1. It is, therefore, affected by a vulnerability as referenced in the K000160901 advisory. When a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server,...

Ubuntu 25.10 : GStreamer Good Plugins vulnerability (USN-8285-1)

The remote Ubuntu 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8285-1 advisory. It was discovered that GStreamer Good Plugins incorrectly handled certain MOV/MP4 media files. A remote attacker could use this issue to cause GStreamer Good Plugins ...

MiracleLinux 9 : ruby:3.3 (AXSA:2026-706:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-706:01 advisory. erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 Tenable has extracted the preceding description block directly from the...

F5 Networks BIG-IP : BIG-IP SSL Orchestrator vulnerability (K000149743)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0.1. It is, therefore, affected by a vulnerability as referenced in the K000149743 advisory. A directory traversal vulnerability exists in BIG-IP SSL Orchestrator that allows an authenticated...

F5 Networks BIG-IP : BIG-IP FastL4 virtual server vulnerability (K000160862)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0.1. It is, therefore, affected by a vulnerability as referenced in the K000160862 advisory. When embedded Packet Velocity Acceleration ePVA acceleration is configured, undisclosed local ethernet...

Unity Linux 20.1070e Security Update: mariadb (UTSA-2026-021665)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021665 advisory. MariaDB before 10.6.5 has a sqllex.cc integer overflow, leading to an application crash. Tenable has extracted the preceding description block directly from the Unit...

F5 Networks BIG-IP : iControl REST vulnerability (K000160916)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160916 advisory. A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at leas...

F5 Networks BIG-IP : Appliance mode iControl REST vulnerability (K000160857)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160857 advisory. When running in Appliance mode, an authenticated remote command injection vulnerability exists in an...

TencentOS Server 4: kernel (TSSA-2026:0334)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0334 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

MiracleLinux 9 : kernel-5.14.0-611.54.6.el9_7 (AXSA:2026-692:35)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-692:35 advisory. kernel: net: skbuff: propagate shared-frag marker through frag-transfer helpers CVE-2026-46300 kernel: ptrace: require CAPSYSPTRACE when task has no ...

RHEL 8 : kernel (RHSA-2026:20051)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20051 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Fragnesia is a variant of Dir...

RHEL 9 : kernel-rt (RHSA-2026:19875)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19875 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...