Linux Distros Unpatched Vulnerability : CVE-2026-50269

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.0, attacker- controlled input included into multipart/payload...

Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2026-1893)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1893 advisory. A denial-of-service vulnerability was found in Envoy's HTTP/2 HPACK header compression implementation. A remote attacker could send a specially crafted HTTP/2 request that triggers disproportionately...

Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2026-1880)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1880 advisory. Use After Free vulnerability in Apache HTTP Server with modldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrad...

RHEL 10 : .NET 9.0 (RHSA-2026:28009)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28009 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

Linux Distros Unpatched Vulnerability : CVE-2026-54278

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, during cleanup it is possible for a compressed request body to ...

Linux Distros Unpatched Vulnerability : CVE-2026-12804

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of...

Amazon Linux 2023 : mariadb-connector-c, mariadb-connector-c-config, mariadb-connector-c-devel (ALAS2023-2026-1873)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1873 advisory. An application that was taking non-validated user input, escaping it with mysqlrealescapestring and sending it to the database using text protocol and big5 character set was vulnerable to SQL injection...

Linux Distros Unpatched Vulnerability : CVE-2026-12725

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing...

RHEL 10 : .NET 8.0 (RHSA-2026:28007)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28007 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

Debian dla-4640 : mediawiki - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4640 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4640-1 [email protected]...

Amazon Linux 2023 : perl-IO-Compress, perl-IO-Compress-tests (ALAS2023-2026-1825)

"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1825 advisory. IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. fastForward compares length $offset the digit count of the offset, 1 to 19...

Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2026-1897)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1897 advisory. Fixed CVE-2026-50195, CVE-2026-53488, CVE-2026-53492, CVE-2026-53489, CVE-2026-47262 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that...

RHEL 9 : osbuild-composer (RHSA-2026:27712)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27712 advisory. A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for...

Amazon Linux 2023 : python3-jwt, python3-jwt+crypto (ALAS2023-2026-1842)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1842 advisory. PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate u...

Amazon Linux 2 : python-urllib3, --advisory ALAS2-2026-3377 (ALAS-2026-3377)

The version of python-urllib3 installed on the remote host is prior to 1.25.9-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3377 advisory. urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level...

Amazon Linux 2023 : runfinch-finch (ALAS2023-2026-1886)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1886 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an...

Amazon Linux 2023 : soci-snapshotter (ALAS2023-2026-1884)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1884 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an...

Amazon Linux 2 : containerd, --advisory ALAS2DOCKER-2026-133 (ALASDOCKER-2026-133)

The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2026-133 advisory. Fixed CVE-2026-50195, CVE-2026-53488, CVE-2026-53492, CVE-2026-53489, CVE-2026-47262 Tenable has extracted the preceding...

Amazon Linux 2 : containerd, --advisory ALAS2DOCKER-2026-130 (ALASDOCKER-2026-130)

The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-130 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsi...

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2026-1882)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1882 advisory. In the Linux kernel, the following vulnerability has been resolved: arm64: mm: fix VA-range sanity check CVE-2023-53989 In the Linux kernel, the following vulnerability has been resolved:...

Amazon Linux 2 : python3-urllib3, --advisory ALAS2-2026-3376 (ALAS-2026-3376)

The version of python3-urllib3 installed on the remote host is prior to 1.25.6-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3376 advisory. urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-leve...

SUSE SLED15 / SLES15 Security Update : python313 (SUSE-SU-2026:2464-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2464-1 advisory. This update for python313 fixes the following issues Security issues: - CVE-2026-1502: HTTP client proxy tunne...

Amazon Linux 2023 : aspnetcore-runtime-10.0, aspnetcore-runtime-dbg-10.0, aspnetcore-targeting-pack-10.0 (ALAS2023-2026-1867)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1867 advisory. Improper authorization in .NET allows an authorized attacker to elevate privileges locally. CVE-2026-45490 Improper link resolution before file access 'link following' in .NET allows an...

Linux Distros Unpatched Vulnerability : CVE-2026-6653

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use After Free in libxml2's xmlParseInternalSubset from GNOME libxml2 version 2.9.11 to 2.11.0 allows a remote attacker to cause a denial-of-service via...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2026-122 (ALASKERNEL-5.10-2026-122)

The version of kernel installed on the remote host is prior to 5.10.255-253.1013. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.10-2026-122 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego...

Linux Distros Unpatched Vulnerability : CVE-2026-54283

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Starlette is a lightweight ASGI framework/toolkit. From 0.4.1 until 1.3.1, request.form accepts maxfields and maxpartsize to bound resource consumption while...

Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1863)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1863 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions CVE-2026-46243 In the Linux kernel, the following vulnerability has...

RHEL 8 : firefox (RHSA-2026:27717)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:27717 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

Amazon Linux 2023 : perl-Unicode-LineBreak (ALAS2023-2026-1831)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1831 advisory. Text::LineFold versions through 2019.001 for Perl duplicate the output based on the number of special break characters. Text::LineFold splits the input string by specific line break characters such as...

Autodesk Revit 2024 < 2024.3.5 / 2025 < 2025.4.5 / 2026 < 2026.4.1 / 2027 < 2027.1 DoS (adsk-sa-2026-0007)

The version of Autodesk Revit installed on the remote host is 2024 prior to 2024.3.5, 2025 prior to 2025.4.5, 2026 prior to 2026.4.1, or 2027 prior to 2027.1. It is, therefore, affected by a denial of service vulnerability: - A maliciously crafted RFA file, when converted to FormIt via 'Convert R...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2026-106 (ALASKERNEL-5.15-2026-106)

The version of kernel installed on the remote host is prior to 5.15.208-145.238. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.15-2026-106 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Prevent improper isolation of...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2026-125 (ALASKERNEL-5.4-2026-125)

The version of kernel installed on the remote host is prior to 5.4.302-224.474. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.4-2026-125 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego...

Amazon Linux 2023 : perl-GD (ALAS2023-2026-1890)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1890 advisory. command injection via 2-arg open in makefilehandle CVE-2026-11526 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus has not test...

Amazon Linux 2023 : ImageMagick, ImageMagick-c++, ImageMagick-c++-devel (ALAS2023-2026-1826)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1826 advisory. When writing an IPTC output file a malicious input file could cause an out of bounds read of a single byte. as per:...

RHEL 8 : poppler (RHSA-2026:27727)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27727 advisory. Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: Integer overflow in Poppl...

Fedora 44 : vips (2026-b9f00ad1b7)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-b9f00ad1b7 advisory. - update to v8.18.3 - enable uhdr - fix several security issues Tenable has extracted the preceding description block directly from the Fedora...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2026-123 (ALASKERNEL-5.10-2026-123)

The version of kernel installed on the remote host is prior to 5.10.258-257.1041. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2026-123 advisory. In the Linux kernel, the following vulnerability has been resolved: mm: fix zswap writeback race...

Amazon Linux 2 : kernel, --advisory ALAS2-2026-3380 (ALAS-2026-3380)

The version of kernel installed on the remote host is prior to 4.14.355-284.735. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3380 advisory. In the Linux kernel, the following vulnerability has been resolved: rtnetlink: add missing netlinknscapable check for peer...

Amazon Linux 2 : ecs-service-connect-agent, --advisory ALAS2ECS-2026-126 (ALASECS-2026-126)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.34.13.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2026-126 advisory. A denial-of-service vulnerability was found in Envoy's HTTP/2 HPACK header compression implementation. A...

Amazon Linux 2023 : amazon-ssm-agent (ALAS2023-2026-1879)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1879 advisory. go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during...

Amazon Linux 2023 : bpftool6.18, kernel6.18, kernel6.18-devel (ALAS2023-2026-1866)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1866 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf: fix end-of-list detection in cgroupstoragegetnextkey CVE-2026-45838 In the Linux kernel, the following vulnerability ha...

Amazon Linux 2 : cri-tools, --advisory ALAS2-2026-3385 (ALAS-2026-3385)

The version of cri-tools installed on the remote host is prior to 1.32.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3385 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Tenable has extract...

Linux Distros Unpatched Vulnerability : CVE-2026-54282

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Starlette is a lightweight ASGI framework/toolkit. Prior to 1.3.0, the HTTP request path is not validated before being used to reconstruct request.url. Because...

RHEL 8 : webkit2gtk3 (RHSA-2026:27785)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27785 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously...

Fedora 43 : python-scrapy (2026-9a7f59fa7c)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-9a7f59fa7c advisory. updated to latest version for F43 and F44 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

Amazon Linux 2023 : python3.12-pip, python3.12-pip-wheel (ALAS2023-2026-1840)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1840 advisory. A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially...

Amazon Linux 2023 : jxl-pixbuf-loader, libjxl, libjxl-devel (ALAS2023-2026-1828)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1828 advisory. Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to the jxl::extras::DecodeImagePNM function in file lib/extras/dec/pnm.cc. CVE-2025-70103 Tenable has extracted the preceding...

Amazon Linux 2 : perl-DBI, --advisory ALAS2-2026-3361 (ALAS-2026-3361)

The version of perl-DBI installed on the remote host is prior to 1.627-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3361 advisory. DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The...

SUSE SLES15 Security Update : ldns (SUSE-SU-2026:2461-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2461-1 advisory. This update for ldns fixes the following issue - CVE-2026-10846: When ldns is used by applications for stub resolving, it does not...

Linux Distros Unpatched Vulnerability : CVE-2026-54274

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, if an attacker sends large incomplete websocket frame payloads,...