338622 matches found
RHEL 9 : PackageKit (RHSA-2026:18024)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18024 advisory. PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distribution, cross-architectu...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: glib2 (UTSA-2026-021477)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021477 advisory. A flaw was found in GLib, which is vulnerable to an integer overflow in the gstringinsertunichar function. When the position at which to insert the character is larg...
MantisBT 2.26.1 < 2.28.2 Private Issue Monitoring Authorization Bypass (GHSA-ggw7-9675-6v4v)
The version of MantisBT installed on the remote host is 2.26.1 or later but prior to 2.28.2. It is, therefore, affected by a vulnerability: - MantisBT has an authorization bypass in private issue monitoring. CVE-2026-34579 Note that Nessus has not tested for this issue but has instead relied only...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: glib2 (UTSA-2026-021481)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021481 advisory. A flaw was found in glib. Missing validation of offset and count parameters in the gbufferedinputstreampeek function can lead to an integer overflow during length...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: glib2 (UTSA-2026-021480)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021480 advisory. A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the...
AlmaLinux 9 : libpng (ALSA-2026:18028)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:18028 advisory. libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVE-2026-33416 Tenable has extracted the preceding description block directly from th...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: bind (UTSA-2026-021471)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021471 advisory. If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: bwa (UTSA-2026-021486)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021486 advisory. BWA aka Burrow-Wheeler Aligner before 2019-01-23 has a stack-based buffer overflow in the bnsrestore function in bntseq.c via a long sequence name in a .alt file...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: glib2 (UTSA-2026-021478)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021478 advisory. A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer,...
MantisBT 2.23.0 < 2.28.2 Private Bugnote Attachment Content Leak (GHSA-pw5x-2mf9-3xc8)
The version of MantisBT installed on the remote host is 2.23.0 or later but prior to 2.28.2. It is, therefore, affected by a vulnerability: - MantisBT has a Private Bugnote Attachment Content Leak via REST API. CVE-2026-42071 Note that Nessus has not tested for this issue but has instead relied...
MiracleLinux 8 : libtiff-4.0.9-37.el8_10 (AXSA:2026-631:04)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-631:04 advisory. libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing CVE-2026-4775 Tenable has extracted the...
TencentOS Server 3: perl:5.32 (TSSA-2026:0325)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0325 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
MantisBT 1.3.0 < 2.28.2 Move Attachments Admin Page Stored XSS (GHSA-7mqj-8gj2-cg59)
The version of MantisBT installed on the remote host is 1.3.0 or later but prior to 2.28.2. It is, therefore, affected by a vulnerability: - MantisBT has Stored XSS on Move Attachments Admin Page. CVE-2026-44655 Note that Nessus has not tested for this issue but has instead relied only on the...
RHEL 10 : nginx (RHSA-2026:18063)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18063 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...
RockyLinux 9 : ruby:3.3 (RLSA-2026:18030)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:18030 advisory. erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 Tenable has extracted the preceding description block directly from the RockyLinux...
Linux Distros Unpatched Vulnerability : CVE-2026-6402
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - webpack-dev-server versions up to and including 5.2.3 are vulnerable to cross-origin source code exposure when serving over a non-potentially trustworthy origin...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: google-oauth-java-client (UTSA-2026-021484)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021484 advisory. The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: xnio (UTSA-2026-021490)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021490 advisory. A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows...
Apache Airflow < 3.2.0 Multiple Vulnerabilities
The version of Apache Airflow installed on the remote host is prior to 3.2.0. It is, therefore, affected by multiple vulnerabilities, including: - DAG authors who normally should not be able to execute code in the webserver context can craft an XCom payload causing the webserver to execute...
Alibaba Cloud Linux 3 : 0110: java-1.8.0-openjdk (ALINUX3-SA-2026:0110)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0110 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-22007: No description is availabl...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-tornado (UTSA-2026-021475)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021475 advisory. Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers wher...
RHEL 9 : jq (RHSA-2026:18043)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:18043 advisory. jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-tornado (UTSA-2026-021470)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021470 advisory. Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libarchive (UTSA-2026-021482)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021482 advisory. A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can explo...
Debian dla-4589 : libnginx-mod-http-auth-pam - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4589 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4589-1 [email protected]...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-cryptography (UTSA-2026-021489)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021489 advisory. A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges,...
Linux Distros Unpatched Vulnerability : CVE-2026-23926
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authenticated non-super administrator can create a maintenance period with a JavaScript payload that is executed by any user that opens tooltip for that...
Ivanti Virtual Traffic Manager (vTM) < 22.9R4 OS Command Injection (CVE-2026-8051)
The version of Ivanti Virtual Traffic Manager vTM running on the remote host is prior to 22.9R4. It is, therefore, affected by an OS command injection vulnerability: - OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-021467)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021467 advisory. In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads toa...
MantisBT < 2.28.2 Multiple Vulnerabilities
The version of MantisBT installed on the remote host is prior to 2.28.2. It is, therefore, affected by multiple vulnerabilities: - MantisBT is vulnerable to Privilege Escalation from Manager to Administrator. CVE-2026-34390 - MantisBT is vulnerable to Authorization Bypass in Bugnote Editing via...
RHEL 8 : jq (RHSA-2026:18048)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:18048 advisory. jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or...
MantisBT 2.11.0 < 2.28.2 Font Family Preference XSS (GHSA-j3v9-553h-x28j)
The version of MantisBT installed on the remote host is 2.11.0 or later but prior to 2.28.2. It is, therefore, affected by a vulnerability: - MantisBT is Vulnerable to XSS leading to account takeover via updating a user's font family preference. CVE-2026-40596 Note that Nessus has not tested for...
Alibaba Cloud Linux 3 : 0102: openssh (ALINUX3-SA-2026:0102)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0102 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-35385: In OpenSSH before 10.3, a...
RHEL 8 : Red Hat JBoss Enterprise Application Platform 8.1.6 (RHSA-2026:18054)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:18054 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release ...
TencentOS Server 3: nodejs:20 (TSSA-2026:0327)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0327 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: jtidy (UTSA-2026-021487)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021487 advisory. An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies...
RHEL 10 : grafana-pcp (RHSA-2026:18027)
The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:18027 advisory. The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and...
Alibaba Cloud Linux 3 : 0105: xorg-x11-server-Xwayland (ALINUX3-SA-2026:0105)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0105 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-33999: A flaw was found in the...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: vim (UTSA-2026-021495)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021495 advisory. Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens ...
Alibaba Cloud Linux 3 : 0111: golang (ALINUX3-SA-2026:0111)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0111 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-27140: SWIG file names containing...
Alibaba Cloud Linux 3 : 0107: vim (ALINUX3-SA-2026:0107)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0107 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-34982: Vim is an open source, command line...
Alibaba Cloud Linux 3 : 0103: sudo (ALINUX3-SA-2026:0103)
The remote Alibaba Cloud Linux 3 host has a package installed that is affected by a vulnerability as referenced in the ALINUX3-SA-2026:0103 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-35535: In Sudo through 1.9.17p2 before...
MiracleLinux 9 : freerdp-2.11.7-1.el9_7.7 (AXSA:2026-628:18)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-628:18 advisory. freerdp: FreeRDP: Denial of service due to use-after-free vulnerability CVE-2026-25952 freerdp: FreeRDP: Denial of Service via double free...
RHEL 8 : jq (RHSA-2026:18047)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:18047 advisory. jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: glib2 (UTSA-2026-021476)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021476 advisory. gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4CONNMSGLEN is not sufficient for a trailing '\0'...
RHEL 10 : ruby (RHSA-2026:18065)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18065 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management...
MantisBT 1.0.0 < 2.28.2 Dynamic Custom Textarea Field Reflected XSS (GHSA-j7v9-f46r-2rp4)
The version of MantisBT installed on the remote host is 1.0.0 or later but prior to 2.28.2. It is, therefore, affected by a vulnerability: - MantisBT is Vulnerable to Reflected XSS in Rendering Dynamic Custom Textarea Field. CVE-2026-41897 Note that Nessus has not tested for this issue but has...
RHEL 9 : jq (RHSA-2026:18042)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:18042 advisory. jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or...
Alibaba Cloud Linux 3 : 0109: xorg-x11-server (ALINUX3-SA-2026:0109)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0109 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-33999: A flaw was found in the...
RHEL 9 : PackageKit (RHSA-2026:18031)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18031 advisory. PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distribution, cross-architectu...