338622 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-6638
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the...
Linux Distros Unpatched Vulnerability : CVE-2026-6478
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticat...
Linux Distros Unpatched Vulnerability : CVE-2026-44060
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer underflow in dsiwriteinit in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI wri...
RockyLinux 8 : kernel (RLSA-2026:16195)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:16195 advisory. kernel: Dirty Frag is a new universal Local Privilege Escalation LPE vulnerability in the Linux kernel CVE-2026-43284 Tenable has extracted the preceding...
Linux Distros Unpatched Vulnerability : CVE-2026-8584
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to...
RHEL 9 : firefox (RHSA-2026:17687)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:17687 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...
RHEL 9 : dovecot (RHSA-2026:17628)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:17628 advisory. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3...
Security Updates for Microsoft Office Products C2R (May 2026)
The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. CVE-2026-40358 - Heap-based buffer overflow in Microsoft Office allows an unauthorized...
Amazon Linux 2 : microcode_ctl, --advisory ALAS2-2026-3294 (ALAS-2026-3294)
The version of microcodectl installed on the remote host is prior to 2.1-47. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3294 advisory. Improper handling of values in the microcode flow for some IntelR Processor Family may allow an escalation of privilege. Startu...
Linux Distros Unpatched Vulnerability : CVE-2026-6476
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQL injection in PostgreSQL pgcreatesubscriber allows an attacker with pgcreatesubscription rights to execute arbitrary SQL as a superuser. The attack takes...
Debian dsa-6272 : libnode-dev - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6272 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6272-1 [email protected] https://www.debian.org/securit...
Linux Distros Unpatched Vulnerability : CVE-2026-44307
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory...
Security Updates for Microsoft SQL Server (May 2026) (Remote)
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - External control of file name or path in SQL Server allows an authorized attacker to execute code over a network. CVE-2026-40370 Note that Nessus has...
Linux Distros Unpatched Vulnerability : CVE-2026-41018
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Elasticsearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the...
Linux Distros Unpatched Vulnerability : CVE-2026-44312
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to...
Linux Distros Unpatched Vulnerability : CVE-2026-44061
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authentication credentials vi...
Linux Distros Unpatched Vulnerability : CVE-2026-6477
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server...
GitLab 18.9.1 < 18.9.7 / 18.10 < 18.10.6 / 18.11 < 18.11.3 (CVE-2026-4524)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Authentication Bypass Using an Alternate Path or Channel in GitLab CVE-2026-4524 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
RockyLinux 8 : jq (RLSA-2026:16252)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:16252 advisory. jq: out-of-bounds read in jvparsesized on error formatting for non-NUL-terminated buffers CVE-2026-39979 jq: jq: Denial of Service via crafted JSON obje...
Debian dsa-6266 : libnghttp2-14 - security update
The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6266 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6266-1 [email protected] https://www.debian.org/security/...
Linux Distros Unpatched Vulnerability : CVE-2026-8570
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a...
Linux Distros Unpatched Vulnerability : CVE-2026-8537
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in ViewTransitions in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HT...
Linux Distros Unpatched Vulnerability : CVE-2026-8516
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in DataTransfer in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in...
Linux Distros Unpatched Vulnerability : CVE-2026-42561
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header...
Linux Distros Unpatched Vulnerability : CVE-2026-44431
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via...
Linux Distros Unpatched Vulnerability : CVE-2026-42582
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final, when decoding header blocks, the non-Huffman branch of...
Linux Distros Unpatched Vulnerability : CVE-2026-43479
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: usb: lan78xx: fix WARN in netifnapidellocked on disconnect Remove redundant netifnapidel call from disconnect path. A WARN may be triggered in...
TencentOS Server 4: ruby (TSSA-2026:0297)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0297 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Linux Distros Unpatched Vulnerability : CVE-2026-8527
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a craft...
GitLab 15.7 < 18.9.7 / 18.10 < 18.10.6 / 18.11 < 18.11.3 (CVE-2026-6883)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Missing Authorization in GitLab CVE-2026-6883 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenabl...
Linux Distros Unpatched Vulnerability : CVE-2026-8585
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Media in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to...
Amazon Linux 2 : containerd, --advisory ALAS2ECS-2026-109 (ALASECS-2026-109)
The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-109 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler...
Palo Alto GlobalProtect App MacOS 6.0.x < 6.0.13 / 6.2.x < 6.2.8-h10 / 6.3.x < 6.3.3-h9 Improper Certificate Validation (CVE-2026-0249)
The version of Palo Alto GlobalProtect App installed on the remote macOS host is 6.0.x prior to 6.0.13, 6.2.x prior to 6.2.8-h10, or 6.3.x prior to 6.3.3-h9. It is, therefore, affected by an improper certificate validation vulnerability: - Multiple improper certificate validation vulnerabilities ...
Unity Linux 20.1070a Security Update: git (UTSA-2026-021382)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021382 advisory. Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has clon...
Linux Distros Unpatched Vulnerability : CVE-2026-6474
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Externally-controlled format string in PostgreSQL timeofday function allows an attacker to retrieve portions of server memory, via crafted timezone zones...
Linux Distros Unpatched Vulnerability : CVE-2026-46469
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemuxparsetrak function does not...
Amazon Linux 2 : oci-add-hooks, --advisory ALAS2NITRO-ENCLAVES-2026-101 (ALASNITRO-ENCLAVES-2026-101)
The version of oci-add-hooks installed on the remote host is prior to 0-0.9.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-101 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow ...
Google Chrome < 148.0.7778.167 Multiple Vulnerabilities
The version of Google Chrome installed on the remote macOS host is prior to 148.0.7778.167. It is, therefore, affected by multiple vulnerabilities as referenced in the 202605stable-channel-update-for-desktop12 advisory. - Use after free in Extensions in Google Chrome on Mac prior to 148.0.7778.16...
Linux Distros Unpatched Vulnerability : CVE-2026-8547
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in Passwords in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer...
Linux Distros Unpatched Vulnerability : CVE-2026-44071
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netatalk 3.1.2 through 4.4.2 is compiled without FORTIFYSOURCE, which disables built-in buffer overflow detection at runtime, potentially allowing a remote...
TencentOS Server 4: firefox (TSSA-2026:0292)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0292 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
RHEL 10 : libsoup3 (RHSA-2026:17482)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:17482 advisory. Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup,...
GitLab 18.11 < 18.11.3 (CVE-2026-6335)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in GitLab CVE-2026-6335 Note that Nessus has not tested for this issue but has instead relied only on the application...
GitLab 11.10 < 18.9.7 / 18.10 < 18.10.6 / 18.11 < 18.11.3 (CVE-2026-6063)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Authorization Bypass Through User-Controlled Key in GitLab CVE-2026-6063 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...
Linux Distros Unpatched Vulnerability : CVE-2026-42946
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability exists in the ngxhttpscgimodule and ngxhttpuwsgimodule modules that may result in excessive memory allocation or an over-read of data. When...
Linux Distros Unpatched Vulnerability : CVE-2026-44053
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which allows a remote attacker to obtain authentication credentials or...
Amazon Linux 2 : PackageKit, --advisory ALAS2-2026-3282 (ALAS-2026-3282)
The version of PackageKit installed on the remote host is prior to 1.1.5-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3282 advisory. PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro,...
Amazon Linux 2 : rust, --advisory ALAS2-2026-3296 (ALAS-2026-3296)
The version of rust installed on the remote host is prior to 1.95.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3296 advisory. Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear functions in the thinvec crate. A panic in ptr::dropinplace...
Linux Distros Unpatched Vulnerability : CVE-2026-6637
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stack buffer overflow in PostgreSQL module refint allows an unprivileged database user to execute arbitrary code as the operating system user running the...
RHEL 9 : dovecot (RHSA-2026:17630)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:17630 advisory. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3...