AlmaLinux 8 : kernel (ALSA-2026:19666)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:19666 advisory. kernel: Fragnesia is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation LPE vulnerability in the Linux kernel...

AlmaLinux 8 : kernel-rt (ALSA-2026:19664)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:19664 advisory. kernel: Fragnesia is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation LPE vulnerability in the Linux kernel...

F5 Networks BIG-IP : BIG-IP HTTP/2 vulnerability (K000159034)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0.1. It is, therefore, affected by a vulnerability as referenced in the K000159034 advisory. When an HTTP/2 profile and an iRule containing theHTTP::redirectorHTTP::respondcommand are configured ...

Unity Linux 20.1070e Security Update: mariadb (UTSA-2026-021670)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021670 advisory. MariaDB through 10.5.9 allows an application crash in subselectpostjoinaggr for a NULL value of aggr. Tenable has extracted the preceding description block directly...

Linux Distros Unpatched Vulnerability : CVE-2026-45754

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux - Unknown description CVE-2026-45754 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenabl...

Linux Distros Unpatched Vulnerability : CVE-2026-9112

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in GPU in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTM...

Linux Distros Unpatched Vulnerability : CVE-2026-9123

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap buffer overflow in Chromecast in Google Chrome on Android, Linux, ChromeOS prior to 148.0.7778.179 allowed a local attacker to execute arbitrary code insid...

Linux Distros Unpatched Vulnerability : CVE-2026-45077

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - symfony - None Ubuntu Linux - Unknown description CVE-2026-45077 Note that Nessus relies on the presence of the package as reported by the vendor...

Linux Distros Unpatched Vulnerability : CVE-2026-45067

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - symfony - None Ubuntu Linux - Unknown description CVE-2026-45067 Note that Nessus relies on the presence of the package as reported by the vendor...

Multiple Node.js Modules compromised in self-spreading npm supply chain attack (mini-Shai-Hulud) (05/11/2026)

The remote host has a version of one or more Node.js modules installed known to be compromised in the self-spreading 'mini-Shai-Hulud' npm supply chain attack reported on 05/11/2026. This wave is tracked separately from the original Shai-Hulud campaign because of distinct compromised maintainers...

F5 Networks BIG-IP : BIG-IP SIP profile vulnerability (K000161023)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000161023 advisory. When a SIP profile is configured on a virtual server, undisclosed traffic can cause the Traffic...

F5 Networks BIG-IP : iControl REST and tmsh vulnerability (K000161018)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000161018 advisory. Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell...

Unity Linux 20.1070e Security Update: mariadb (UTSA-2026-021666)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021666 advisory. MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. Tenable has extracted the preceding...

F5 Networks BIG-IP : BIG-IP PEM iRules vulnerability (K000160875)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0.1. It is, therefore, affected by a vulnerability as referenced in the K000160875 advisory. When BIG-IP PEM iRules are configured on a virtual server iRules using commands starting...

Linux Distros Unpatched Vulnerability : CVE-2026-46635

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Twig: Sandbox property allowlist bypass via the column filter arraycolumn on objects CVE-2026-46635 Note that Nessus relies on the presence of the package as...

F5 Networks BIG-IP : BIG-IP SSL/TLS vulnerability (K000158978)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4. It is, therefore, affected by a vulnerability as referenced in the K000158978 advisory. When SSL profiles are configured on a virtual server, undisclosed traffic can cause the virtual server to stop...

F5 Networks BIG-IP : iControl REST and tmsh vulnerability (K000160981)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160981 advisory. A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker...

Linux Distros Unpatched Vulnerability : CVE-2026-9114

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in QUIC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via malicious network...

Unity Linux 20.1070e Security Update: mariadb (UTSA-2026-021663)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021663 advisory. MariaDB through 10.5.9 allows attackers to trigger a convertconsttoint use-after-free when the BIGINT data type is used. Tenable has extracted the preceding...

F5 Networks BIG-IP : BIG-IP and BIG-IQ Configuration utility vulnerability (K000156761)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0. It is, therefore, affected by a vulnerability as referenced in the K000156761 advisory. An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-IP an...

F5 Networks BIG-IP : BIG-IP APM vulnerability (K000161056)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0.1. It is, therefore, affected by a vulnerability as referenced in the K000161056 advisory. When a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause...

F5 Networks BIG-IP : BIG-IP TMM vulnerability (K000158038)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0. It is, therefore, affected by a vulnerability as referenced in the K000158038 advisory. When a classification profile is configured on a UDP virtual server, undisclosed requests can cause the...

Linux Distros Unpatched Vulnerability : CVE-2026-9122

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds read in GPU in Google Chrome on Mac prior to 148.0.7778.179 allowed a remote attacker to obtain potentially sensitive information from process...

Slackware Linux 15.0 / current rsync Multiple Vulnerabilities (SSA:2026-141-02)

The version of rsync installed on the remote host is prior to 3.4.3. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2026-141-02 advisory. New rsync packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the preceding...

Linux Distros Unpatched Vulnerability : CVE-2026-45063

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - symfony - None Ubuntu Linux - Unknown description CVE-2026-45063 Note that Nessus relies on the presence of the package as reported by the vendor...

F5 Networks BIG-IP : BIG-IP DNS tmsh vulnerability (K000157981)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0. It is, therefore, affected by a vulnerability as referenced in the K000157981 advisory. When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed TMOS Shell tmsh command that ma...

F5 Networks BIG-IP : BIG-IP tmsh vulnerability (K000161107)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000161107 advisory. A vulnerability exists in an undisclosed BIG-IP TMOS Shell tmsh command that may allow an authenticate...

F5 Networks BIG-IP : iControl SOAP vulnerability (K000159021)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0.1. It is, therefore, affected by a vulnerability as referenced in the K000159021 advisory. An authenticated iControl SOAP user may be able to obtain information of other accounts. CVE-2026-3506...

F5 Networks BIG-IP : BIG-IP httpd access control vulnerability (K000156604)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0. It is, therefore, affected by a vulnerability as referenced in the K000156604 advisory. When configured, IP-based access restrictions forhttpddo not cover all endpoints, which may allow...

F5 Networks BIG-IP : BIG-IP iControl SOAP vulnerability (K000160979)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160979 advisory. An authenticated attacker with the Resource Administrator or Administrator role can modify configurati...

Linux Distros Unpatched Vulnerability : CVE-2026-9111

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium...

F5 Networks BIG-IP : BIG-IP SSL vulnerability (K000158082)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0.1. It is, therefore, affected by a vulnerability as referenced in the K000158082 advisory. When an SSL profile is configured on a virtual server on BIG-IP Virtual Edition VE without Intel...

FreeBSD : FreeBSD -- select(2) file descriptor set overflow causes stack overflow (90fe1784-54b6-11f1-8d7a-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 90fe1784-54b6-11f1-8d7a-bc241121aa0a advisory. libcasper3 communicates with helper processes via UNIX domain sockets, and uses the select2 system call...

Linux Distros Unpatched Vulnerability : CVE-2026-45070

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - symfony - None Ubuntu Linux - Unknown description CVE-2026-45070 Note that Nessus relies on the presence of the package as reported by the vendor...

F5 Networks BIG-IP : iControl REST and tmsh vulnerability (K000156581)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000156581 advisory. Incorrect permission assignment vulnerabilities exist in iControl REST and TMOS Shell tmsh undisclosed...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : GnuTLS vulnerabilities (USN-8284-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8284-1 advisory. Joshua Rogers discovered that GnuTLS did not properly handle malformed DTLS handshake fragments in certain cases. A remot...

F5 Networks BIG-IP : iControl REST and tmsh vulnerability (K000160863)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160863 advisory. A vulnerability exists in iControl REST and the TMOS Shell tmsh where a highly privileged, authenticat...

FreeBSD : FreeBSD -- Remote code execution via installer Wi-Fi access point scans (039c0ab0-54b7-11f1-8d7a-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 039c0ab0-54b7-11f1-8d7a-bc241121aa0a advisory. When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : rsync vulnerabilities (USN-8283-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8283-1 advisory. Calum Hutton discovered that rsync contained a heap-based out-of-bounds read when handling file transfers. A remote...

Linux Distros Unpatched Vulnerability : CVE-2026-9115

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in Service Worker in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to bypass same origin policy via a craft...

Linux Distros Unpatched Vulnerability : CVE-2026-46629

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - php-twig - None Ubuntu Linux - Unknown description CVE-2026-46629 Note that Nessus relies on the presence of the package as reported by the vendo...

F5 Networks BIG-IP : Appliance mode iControl REST vulnerability (K000160876)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160876 advisory. When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able ...

MiracleLinux 9 : nginx:1.24 (AXSA:2026-704:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-704:01 advisory. nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 Tenable has extracted the preceding description block directly from the MiracleLinux...

AlmaLinux 8 : libsndfile (ALSA-2026:19559)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:19559 advisory. libsndfile: integer overflow in imareaderinit CVE-2026-37555 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory...

F5 Networks BIG-IP : iControl REST vulnerability (K000160903)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160903 advisory. An authenticated attacker's undisclosed requests to BIG-IP iControl REST can lead to an information le...

Unity Linux 20.1070e Security Update: mariadb (UTSA-2026-021672)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021672 advisory. getsortbytable in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. Tenable has extracted the preceding description block...

Linux Distros Unpatched Vulnerability : CVE-2026-46628

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - php-twig - None Ubuntu Linux - Unknown description CVE-2026-46628 Note that Nessus relies on the presence of the package as reported by the vendo...

Linux Distros Unpatched Vulnerability : CVE-2026-47730

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux - Unknown description CVE-2026-47730 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenabl...

Unity Linux 20.1070e Security Update: mariadb (UTSA-2026-021671)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021671 advisory. MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECTLEX::nestlevel is local to each VIEW. Tenable has extracted the preceding...

Photon OS 4.0: Expat PHSA-2026-4.0-1022

An update of the expat package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1022. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...