338622 matches found
Zabbix 6.0.x < 6.0.45 / 7.0.x < 7.0.24 / 7.4.x < 7.4.8 XSS (ZBX-27760)
The version of Zabbix Server installed on the remote host is prior to 6.0.45, 7.0.24, 7.4.8. It is, therefore, affected by a stored cross-site scripting XSS vulnerability. The Item history widget in Zabbix 7.0+ or the Plain text widget in Zabbix 6.0 can execute injected JavaScript when HTML displ...
RHEL 9 : nginx:1.26 (RHSA-2026:17753)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17753 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...
Linux Distros Unpatched Vulnerability : CVE-2026-43904
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0...
Fedora 44 : dnsmasq (2026-ac5cceec13)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ac5cceec13 advisory. Update to 2.92rel2 2.92 point release incorporating fixes for: - CVE-2026-2291 - CVE-2026-4890 - CVE-2026-4891 - CVE-2026-4892 - CVE-2026-4893 -...
Linux Distros Unpatched Vulnerability : CVE-2026-8669
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Imager versions through 1.030 for Perl allow a heap out of bounds OOB write on crafted multi-frame GIF files. Imager::File::GIF's ireadgifmultilow allocates a...
FreeBSD : mail/mailpit -- multiple vulnerabilities (6e701ad2-4f61-11f1-af6d-10ffe07f9334)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 6e701ad2-4f61-11f1-af6d-10ffe07f9334 advisory. Mailpit author reports: Set a default 50MB per message limit to prevent DoS via unlimited SMTP...
FreeBSD : py-setuptools -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (690144e9-4f88-11f1-982e-00a098b42aeb)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 690144e9-4f88-11f1-982e-00a098b42aeb advisory. https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf reports: setuptools is a...
Linux Distros Unpatched Vulnerability : CVE-2026-43906
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0...
Linux Distros Unpatched Vulnerability : CVE-2026-44637
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a signed integer overflow in the SIXEL parser's image-buffer...
RHEL 9 : nginx (RHSA-2026:17792)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17792 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...
Fedora 42 : firefox (2026-c62259888c)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-c62259888c advisory. - New upstream release 150.0.3 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus ha...
Linux Distros Unpatched Vulnerability : CVE-2026-44662
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipherupdate,...
RHEL 9 : nginx (RHSA-2026:17794)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17794 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...
Amazon Linux 2023 : cuda-toolkit (ALAS2023NVIDIA-2026-278)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2026-278 advisory. NVIDIA CUDA Toolkit contains a vulnerability in command cuobjdump where a user may cause an out-of-bound write by passing in a malformed ELF file. A successful exploit of this vulnerability may le...
Microsoft 365 Copilot < 19.2604.43111.0 Spoofing (CVE-2026-41614)
The Windows 'Microsoft 365 Copilot' app formerly known as 'Microsoft 365 Office' installed on the remote host is prior to 19.2604.43111.0. It is, therefore, affected by a spoofing vulnerability: - Improper access control in Microsoft 365 Copilot for Desktop allows an unauthorized attacker to...
Fedora 44 : perl-Net-CIDR-Lite (2026-6f3d2d0d82)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-6f3d2d0d82 advisory. This update addresses some input validation issues: Reject Unicode digits and trailing newlines in parser inputs CVE-2026-45190 Reject zero-padded...
RHEL 9 : nginx:1.24 (RHSA-2026:17752)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17752 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...
SAP NetWeaver AS ABAP Code Injection (3735359)
The version of SAP NetWeaver AS ABAP detected on the remote host is affected by a code injection vulnerability as referenced in SAP Security Note 3735359: - A code injection vulnerability exists in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform. An authenticated attacker with low...
Oracle Linux 8 : gimp:2.8 (ELSA-2026-17533)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-17533 advisory. - fix CVE-2026-4150 - fix CVE-2026-4153 - fix CVE-2026-4154 - fix CVE-2026-4887 - fix CVE-2026-0797 - fix CVE-2026-2044 - fix CVE-2026-2045 - fix...
Siemens Solid Edge Multiple File Parsing Vulnerabilities (SSA-921111)
The version of Siemens Solid Edge installed on the remote Windows host is SE2026 prior to V226.0 Update 5. It is, therefore, affected by multiple file parsing vulnerabilities: - The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An...
Oracle Linux 7 : vim (ELSA-2026-6617)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-6617 advisory. - Security update CVE-2026-25749 CVE-2026-28417 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...
Debian dsa-6277 : libopenjp2-7 - security update
The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6277 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6277-1 [email protected] https://www.debian.org/security/...
Linux Distros Unpatched Vulnerability : CVE-2026-43903
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0...
Linux Distros Unpatched Vulnerability : CVE-2026-44638
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a wrong NULL check after an allocation call in sixeldecoderaw a...
RHEL 9 : nginx:1.24 (RHSA-2026:17793)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17793 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2026-103 (ALASKERNEL-5.15-2026-103)
The version of kernel installed on the remote host is prior to 5.15.204-143.231. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2026-103 advisory. In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag...
SAP NetWeaver AS ABAP OS Command Injection (3730019)
The version of SAP NetWeaver AS ABAP detected on the remote host is affected by an OS command injection vulnerability as referenced in SAP Security Note 3730019: - An OS command injection vulnerability exists in SAP NetWeaver Application Server for ABAP and ABAP Platform. An authenticated attacke...
Next.js Framework 13.x < 15.5.16 / 16.x < 16.2.5 XSS
The Next.js Framework on the remote host is affected by a cross-site scripting vulnerability: - Applications that use beforeInteractive scripts together with untrusted content can be vulnerable to cross-site scripting. In affected versions, serialized script content was not escaped safely before...
Linux Distros Unpatched Vulnerability : CVE-2026-43907
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0...
Fedora 42 : nginx / nginx-mod-brotli / nginx-mod-fancyindex / etc (2026-38623b4fed)
The remote Fedora 42 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-38623b4fed advisory. nginx-mod-vts: - Rebuild for 1.30.1 nginx-mod-fancyindex: - Rebuild for 1.30.1 nginx-mod-naxsi: - Rebuild for 1.30.1 nginx-mod-headers-more: - Rebui...
Linux Distros Unpatched Vulnerability : CVE-2026-43490
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: validate inherited ACE SID length smbinheritdacl walks the parent directory DACL loaded from the security descriptor xattr. It verifies that each ACE...
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2026-119 (ALASKERNEL-5.10-2026-119)
The version of kernel installed on the remote host is prior to 5.10.253-252.1016. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2026-119 advisory. In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag...
Linux Distros Unpatched Vulnerability : CVE-2026-44673
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libyang is a YANG data modeling language library. Prior to SO 5.2.15, lybreadstring in src/parserlyb.c contains an integer overflow that results in a heap buffe...
RockyLinux 8 : rsync (RLSA-2026:17481)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:17481 advisory. rsync: Rsync: Use-after-free vulnerability in extended attribute handling CVE-2026-41035 Tenable has extracted the preceding description block directly from the...
Next.js Framework 15.4.x < 15.5.16 / 16.x < 16.2.5 Authorization Bypass
The Next.js Framework on the remote host is affected by an authorization bypass vulnerability: - Applications that rely on middleware to protect dynamic routes can be vulnerable to authorization bypass. Specially crafted query parameters can alter the dynamic route value seen by the page while...
Debian dsa-6276 : ffmpeg - security update
The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-6276 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6276-1 [email protected] https://www.debian.org/security/ Moritz...
RHEL 10 : nginx (RHSA-2026:17790)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17790 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...
Amazon Linux 2 : kernel, --advisory ALAS2-2026-3307 (ALAS-2026-3307)
The version of kernel installed on the remote host is prior to 4.14.355-282.729. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3307 advisory. In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker...
Nessus Network Monitor < 6.5.4 Multiple Vulnerabilities (TNS-2026-14)
According to its self-reported version, the Nessus Network Monitor running on the remote host is prior to 6.5.4. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2026-14 advisory. - An integer overflow can be triggered in SQLite's concatws function. The resulting,...
Fedora 43 : kernel (2026-03be3dc34b)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-03be3dc34b advisory. The 7.0.8 stable kernel update contains a fix for the keysign-pwn vulnerability CVE-2026-46333 as well as a mitigation for one more code path of fragnesia...
Debian dsa-6274 : ata-modules-6.12.74+deb13+1-armmp-di - security update
The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6274 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6274-1 [email protected] https://www.debian.org/securit...
Fedora 42 : kernel (2026-8b4a8d18d2)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-8b4a8d18d2 advisory. The 6.19.14-104 kernel update contains a fix for the keysign-pwn vulnerability CVE-2026-46333 as well as a mitigation for one more code path of fragnesia. --...
Linux Distros Unpatched Vulnerability : CVE-2026-46333
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'getdumpable' logic The 'dumpability' of a task is fundamentally abou...
Debian dsa-6275 : affs-modules-6.1.0-44-4kc-malta-di - security update
The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-6275 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6275-1 [email protected] https://www.debian.org/security/...
Fedora 44 : kernel (2026-2aeb7d033a)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-2aeb7d033a advisory. The 7.0.8 stable kernel update contains a fix for the keysign-pwn vulnerability CVE-2026-46333 as well as a mitigation for one more code path of fragnesia...
Fedora 44 : rsync (2026-75599531db)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-75599531db advisory. Fixing various bugs from Upstream. I did not do a rebase since the Upstream stopped supporting the rsync-patches repo. I accepted this change in Rawhide but ...
Linux Distros Unpatched Vulnerability : CVE-2026-43905
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0...
Fedora 42 : chromium (2026-67a2a7275d)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-67a2a7275d advisory. Update to 148.0.7778.96 CVE-2026-7896: Integer overflow in Blink CVE-2026-7897: Use after free in Mobile CVE-2026-7898: Use after free in Chromoting...
Next.js Framework 13.4.x < 15.5.16 / 16.x < 16.2.5 Stored XSS
The Next.js Framework on the remote host is affected by a stored cross-site scripting vulnerability: - App Router applications that rely on CSP nonces can be vulnerable to stored cross-site scripting when deployed behind shared caches. In affected versions, malformed nonce values derived from...
Debian dsa-6273 : chromium - security update
The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6273 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6273-1 [email protected]...