338622 matches found
Palo Alto Prisma Access Agent 25.x / 26.x < 26.2.1 Authentication Bypass (CVE-2026-0247)
The version of Palo Alto Networks Prisma Access Agent installed on the remote host is 25.x or 26.x prior to 26.2.1. It is, therefore, affected by an authentication bypass vulnerability: - Multiple authorization bypass vulnerabilities in the Endpoint DLP component allow a local attacker to bypass...
Debian dla-4585 : firewall-applet - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4585 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4585-1 [email protected] https://www.debian.org/lts/security/...
Linux Distros Unpatched Vulnerability : CVE-2026-43909
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0...
Next.js Framework 15.2.x < 15.5.16 / 16.x < 16.2.5 Authorization Bypass
The Next.js Framework on the remote host is affected by an authorization bypass vulnerability: - App Router applications that rely on middleware or proxy-based checks for authorization can allow unauthorized access through transport-specific route variants used for segment prefetching. In affecte...
Linux Distros Unpatched Vulnerability : CVE-2026-43908
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0...
Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-33814)
The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-33814 advisory. - When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing...
Next.js Framework 12.2.x < 15.5.16 / 16.x < 16.2.5 Information Disclosure
The Next.js Framework on the remote host is affected by an information disclosure vulnerability: - Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through locale-less /next/data//.json requests...
Microsoft Visual Studio Code < 1.119.1 Multiple Vulnerabilities
The version of Microsoft Visual Studio Code installed on the remote host is prior to 1.119.1. It is, therefore, affected by multiple vulnerabilities, including: - Improper neutralization of special elements in output used by a downstream component 'injection' in GitHub Copilot and Visual Studio...
Fedora 43 : nginx / nginx-mod-brotli / nginx-mod-fancyindex / etc (2026-fb53cb4d67)
The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-fb53cb4d67 advisory. nginx-mod-brotli: - Rebuild for 1.30.1 nginx-mod-vts: - Rebuild for 1.30.1 nginx-mod-modsecurity: - Rebuild for 1.30.1 nginx-mod-fancyindex: - Rebui...
Security Updates for Azure Connected Machine Agent < 1.64 (May 2026)
The Microsoft Azure Connected Machine Agent installation on the remote host is missing security updates. It is, therefore, affected by an elevation of privilege vulnerability: - Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally...
SAP NetWeaver AS ABAP SQL Injection (3724838)
The version of SAP NetWeaver AS ABAP detected on the remote host is affected by a SQL injection vulnerability as referenced in SAP Security Note 3724838: - A SQL injection vulnerability exists in SAP S/4HANA SAP Enterprise Search for ABAP. An authenticated attacker with low privileges could explo...
Photon OS 5.0: Protobuf PHSA-2026-5.0-0849
An update of the protobuf package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0849. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Ivanti Endpoint Manager < 2024 SU6 Multiple Vulnerabilities
The version of Ivanti Endpoint Manager running on the remote host is prior to 2024 SU6. It is, therefore, affected by multiple vulnerabilities: - An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access...
MiracleLinux 9 : kernel-5.14.0-611.54.1.el9_7 (AXSA:2026-615:34)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-615:34 advisory. kernel: Linux kernel: Denial of Service in libceph OSD client due to unreset sparse-read state CVE-2026-23136 kernel: Linux kernel: Use-after-free in...
Traefik 2.x < 2.11.46 / 3.x < 3.6.17 / 3.7.x < 3.7.1 Authentication Bypass (CVE-2026-44774)
The version of Traefik installed on the remote macOS host is 2.x prior to 2.11.46, 3.x prior to 3.6.17, or 3.7.x prior to 3.7.1. It is, therefore, affected by an authentication bypass vulnerability: - The Kubernetes Gateway API provider accepts any TraefikService backend reference whose name ends...
Microsoft Dynamics 365 (on-premises) < 9.1.45.11 Multiple RCE (May 2026)
The Microsoft Dynamics 365 on-premises is missing security updates. It is, therefore, affected by multiple remote code execution vulnerabilities: - Improper control of generation of code 'code injection' in Microsoft Dynamics 365 on-premises allows an authorized attacker to execute code over a...
RHEL 9 : nginx (RHSA-2026:17791)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17791 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...
Linux Distros Unpatched Vulnerability : CVE-2026-8503
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurel...
Cisco Catalyst SD-WAN Controller Authentication Bypass (cisco-sa-sdwan-rpa2-v69WY2SW)
According to its self-reported version, Cisco SD-WAN Viptela Software is affected by a vulnerability. - A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an...
RHEL 10 : kernel (RHSA-2026:17795)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17795 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Dirty Frag is a new universal Local...
Adobe Substance 3D Sampler <= 5.1.3 Arbitrary Code Execution (APSB26-54)
The version of Adobe Substance 3D Sampler installed on the remote host is prior or equal to 5.1.3. It is, therefore, affected by a heap-based buffer overflow vulnerability as referenced in the APSB26-54 advisory. - Substance3D - Sampler versions 5.1.3 and earlier are affected by a Heap-based Buff...
Debian dla-4584 : openssh-client - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4584 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4584-1 [email protected]...
MiracleLinux 9 : thunderbird-140.10.0-1.el9_7.ML.1 (AXSA:2026-616:11)
The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-616:11 advisory. firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the...
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2026-122 (ALASKERNEL-5.4-2026-122)
The version of kernel installed on the remote host is prior to 5.4.302-224.471. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2026-122 advisory. In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag...
Adobe Substance 3D Painter <= 12.0.2 Multiple Vulnerabilities (APSB26-55)
The version of Adobe Substance 3D Painter installed on the remote host is prior or equal to 12.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-55 advisory. - Substance3D - Painter versions 12.0.2 and earlier are affected by an Out-of-bounds Write...
FreeBSD : www/nginx -- Remote Code Execution/DoS (3414ac89-4f9f-11f1-a1c0-0050569f0b83)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 3414ac89-4f9f-11f1-a1c0-0050569f0b83 advisory. nginx development team reports: When using the proxysetbody directive, an attacker might injec...
Linux Distros Unpatched Vulnerability : CVE-2026-6811
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances whe...
Security Updates for Microsoft .NET Framework (May 2026)
The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. CVE-2026-32177 Note that Nessus has not tested...
Spring Framework 5.3.x < 5.3.48 / 6.1.x < 6.1.27 / 6.2.x < 6.2.18 / 7.0.x < 7.0.7 Multiple DoS
The version of Spring Framework installed on the remote host is 5.3.x prior to 5.3.48, 6.1.x prior to 6.1.27, 6.2.x prior to 6.2.18, or 7.0.x prior to 7.0.7. It is, therefore, affected by multiple vulnerabilities: - A WebFlux server application that processes multipart requests creates temp files...
SAP NetWeaver AS ABAP Reflected XSS (3728690)
The version of SAP NetWeaver AS ABAP detected on the remote host is affected by a reflected cross-site scripting XSS vulnerability as referenced in SAP Security Note 3728690: - A reflected cross-site scripting XSS vulnerability exists in SAP NetWeaver Application Server ABAP Applications based on...
Linux Distros Unpatched Vulnerability : CVE-2026-44636
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, signed integer overflow in sixelencodehighcolor's allocation si...
Security Updates for Microsoft Dynamics 365 Business Central (May 2026) (CVE-2026-40417)
The Microsoft Dynamics 365 Business Central install is missing a security update. It is, therefore, affected by an elevation of privilege vulnerability: - Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally. CVE-2026-40417 Note that Nessus...
Amazon Linux 2023 : cuda (ALAS2023NVIDIA-2026-279)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2026-279 advisory. NVIDIA CUDA Toolkit contains a vulnerability in command cuobjdump where a user may cause an out-of-bound write by passing in a malformed ELF file. A successful exploit of this vulnerability may le...
Linux Distros Unpatched Vulnerability : CVE-2026-43996
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0...
Siemens Teamcenter PDF.js Arbitrary Code Execution (SSA-827383)
The version of Siemens Teamcenter installed on the remote host is affected by a vulnerability: - A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. CVE-2024-4367 Note that Nessus has not tested for this issue but has...
Fedora 42 : uriparser (2026-593d463bbf)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-593d463bbf advisory. Update to uriparser-1.0.1. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...
IBM App Connect Enterprise Information Disclosure (7272270)
IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenabl...
Adobe Substance 3D Designer <= 15.1.0 Multiple Vulnerabilities (APSB26-52)
The version of Adobe Substance 3D Designer installed on the remote host is prior or equal to 15.1.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-52 advisory. - Substance3D - Designer versions 15.1.0 and earlier are affected by a Server-Side Request Forgery...
Microsoft Azure Monitor Agent < 1.14.0 Elevation of Privilege (CVE-2026-32204)
The version of Microsoft Azure Monitor Agent installed on the remote host is prior to 1.14.0. It is, therefore, affected by an elevation of privilege vulnerability: - External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. An...
Open WebUI < 0.9.5 Multiple Vulnerabilities
The version of Open WebUI running on the remote host is prior to 0.9.5. It is, therefore, affected by multiple vulnerabilities: - An insecure direct object reference IDOR vulnerability in the retrieval API allows any authenticated user who knows a private knowledge base UUID to bypass access...
Zabbix 7.0.x < 7.0.24 / 7.4.x < 7.4.8 XSS (ZBX-27758)
The version of Zabbix Server installed on the remote host is prior to 7.0.24, 7.4.8. It is, therefore, affected by a stored cross-site scripting XSS vulnerability. An authenticated non-super administrator can create a maintenance period with a JavaScript payload that is executed by any user that...
Microsoft Visual Studio Code Live Preview Extension < 0.4.19 Path Traversal (CVE-2026-41612)
The Microsoft Visual Studio Code Live Preview Extension installed on the remote host is prior to 0.4.19. It is, therefore, affected by a path traversal vulnerability: - Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally. CVE-2026-41612 No...
Microsoft Power Automate for Desktop < 2.68.237.26118 Information Disclosure (May 2026)
The version of Microsoft Power Automate for desktop installed on the remote Windows host is prior to 2.68.237.26118. It is, therefore, affected by an information disclosure vulnerability: - Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker ...
Palo Alto Prisma Access Agent 24.x / 25.x / 26.x < 26.2.1 Multiple Vulnerabilities
The version of Palo Alto Networks Prisma Access Agent installed on the remote host is 24.x, 25.x, or 26.x prior to 26.2.1. It is, therefore, affected by multiple vulnerabilities: - Multiple information disclosure vulnerabilities allow a local user to access sensitive configuration data and...
Fedora 44 : nginx / nginx-mod-brotli / nginx-mod-fancyindex / etc (2026-094eb13bb1)
The remote Fedora 44 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-094eb13bb1 advisory. nginx-mod-fancyindex: - Rebuild for 1.30.1 nginx-mod-headers-more: - Rebuild for 1.30.1 nginx-mod-naxsi: - Rebuild for 1.30.1 nginx-mod-js-challenge...
Zoom Rooms < 7.0.0 Untrusted Search Path (ZSB-26008)
The version of Zoom Rooms installed on the remote host is prior to 7.0.0. It is, therefore, affected by a vulnerability as referenced in the ZSB-26008 advisory. - Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an...
RHEL 9 : nginx (RHSA-2026:17751)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17751 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...
Linux Distros Unpatched Vulnerability : CVE-2026-42327
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocspresponders returns OCSP responder URLs from...
Golang 1.25.x < 1.25.10 / 1.26.x < 1.26.3 Multiple Vulnerabilities
The version of Golang running on the remote host is 1.25.x prior to 1.25.10, or 1.26.x prior to 1.26.3. It is, therefore, affected by multiple vulnerabilities, including: - The net package's LookupCNAME function could trigger a double-free crash when using the cgo DNS resolver with very long CNAM...
FreeBSD : PostgreSQL -- Multiple vulnerabilities (7185ecc9-4fb7-11f1-bc50-6cc21735f730)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 7185ecc9-4fb7-11f1-bc50-6cc21735f730 advisory. The PostgreSQL project reports: Missing authorization in PostgreSQL CREATE TYPE allows an obje...