338622 matches found
Ivanti Secure Access Client 22.x < 22.8R6 Multiple Vulnerabilities
The Ivanti Secure Access Client installed on the remote host is 22.x prior to 22.8R6. It is, therefore, affected by multiple vulnerabilities: - An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to read or modify...
Linux Distros Unpatched Vulnerability : CVE-2026-44240
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - basic-ftp is an FTP client for Node.js. Prior to 5.3.1, basic-ftp is vulnerable to client-side denial of service when parsing FTP control-channel multiline...
Linux Distros Unpatched Vulnerability : CVE-2026-8517
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Object lifecycle issue in WebShare in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: gstreamer1-plugins-base (UTSA-2026-021387)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021387 advisory. GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affecte...
RHEL 10 : firefox (RHSA-2026:17690)
The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:17690 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...
Linux Distros Unpatched Vulnerability : CVE-2026-7836
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attack...
Linux Distros Unpatched Vulnerability : CVE-2026-44283
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: gstreamer1-plugins-bad-free (UTSA-2026-021396)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021396 advisory. GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affecte...
Linux Distros Unpatched Vulnerability : CVE-2026-8548
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds write in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform ...
Linux Distros Unpatched Vulnerability : CVE-2026-7474
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability...
Linux Distros Unpatched Vulnerability : CVE-2026-8552
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap buffer overflow in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted...
Debian dla-4582 : thunderbird - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4582 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4582-1 [email protected]...
Linux Distros Unpatched Vulnerability : CVE-2026-44065
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An off-by-two error in lpwrite in papd in Netatalk 2.0.0 through 4.4.2 allows an adjacent network attacker to modify limited data or cause a minor service...
Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3290 (ALAS-2026-3290)
The version of thunderbird installed on the remote host is prior to 140.10.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3290 advisory. Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear functions in the thinvec crate. A panic i...
GitLab 9.0 < 18.9.7 / 18.10 < 18.10.6 / 18.11 < 18.11.3 (CVE-2026-1659)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Allocation of Resources Without Limits or Throttling in GitLab CVE-2026-1659 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version numbe...
Linux Distros Unpatched Vulnerability : CVE-2026-42583
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a ByteBuf of size...
Linux Distros Unpatched Vulnerability : CVE-2026-42585
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty incorrectly parses malformed...
Linux Distros Unpatched Vulnerability : CVE-2026-8562
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Side-channel information leakage in Navigation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML...
RHEL 9 : dovecot (RHSA-2026:17626)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:17626 advisory. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3...
Palo Alto Networks Prisma SD-WAN ION 6.3.x < 6.3.6-b10 / 6.4.x < 6.4.3-b8 / 6.5.x < 6.5.3-b15 Multiple Vulnerabilities
The version of the remote Palo Alto Networks Prisma SD-WAN ION device is 6.3.x prior to 6.3.6-b10, 6.4.x prior to 6.4.3-b8, or 6.5.x prior to 6.5.3-b15. It is, therefore, affected by multiple vulnerabilities: - A denial of service DoS vulnerability in Palo Alto Networks Prisma SD-WAN ION devices...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: gstreamer1-plugins-good (UTSA-2026-021385)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021385 advisory. GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affecte...
Amazon Linux 2 : runc, --advisory ALAS2DOCKER-2026-116 (ALASDOCKER-2026-116)
The version of runc installed on the remote host is prior to 1.3.4-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-116 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler...
Linux Distros Unpatched Vulnerability : CVE-2026-8528
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer...
Linux Distros Unpatched Vulnerability : CVE-2026-42581
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpObjectDecoder strips a conflicting...
Linux Distros Unpatched Vulnerability : CVE-2026-6575
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer over-read in PostgreSQL function pgrestoreattributestats accepts array values of unmatched length, which causes query planning to read past end of one...
Linux Distros Unpatched Vulnerability : CVE-2026-8576
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in CORS in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: gstreamer1-plugins-good (UTSA-2026-021394)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021394 advisory. GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected...
Linux Distros Unpatched Vulnerability : CVE-2026-44073
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteuid, which may allow a remote authenticated attacker to retain...
Security Updates for Microsoft Word Products C2R (May 2026)
The Microsoft Word Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. CVE-2026-40361, CVE-2026-40366 - Access of resource using incompatible type 'type...
Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2026-058 (ALASFIREFOX-2026-058)
The version of firefox installed on the remote host is prior to 140.10.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2026-058 advisory. Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear functions in the thinvec crate. A panic...
Linux Distros Unpatched Vulnerability : CVE-2026-8533
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perfo...
Amazon Linux 2 : rclone, --advisory ALAS2-2026-3285 (ALAS-2026-3285)
The version of rclone installed on the remote host is prior to 1.55.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3285 advisory. Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC...
Linux Distros Unpatched Vulnerability : CVE-2026-8535
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds read in Media in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to...
Amazon Linux 2 : python-lxml, --advisory ALAS2-2026-3297 (ALAS-2026-3297)
The version of python-lxml installed on the remote host is prior to 3.2.1-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3297 advisory. lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the...
Linux Distros Unpatched Vulnerability : CVE-2026-44931
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The newly introduced RecordUsage D-Bus method https://gitlab.freedesktop.org/pwithnall/malcontent/-/blob/0.14.0/libmalcontent-timer/child-timer- service.c in...
Security Updates for Microsoft Windows Admin Center (May 2026)
The Microsoft Windows Admin Center installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network. CVE-2026-35438 - Improper access...
Unity Linux 20.1070a Security Update: git (UTSA-2026-021308)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021308 advisory. Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals...
Security Update for Microsoft .NET Core (May 2026)
The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the vendor advisory. - A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: gstreamer1-plugins-base (UTSA-2026-021386)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021386 advisory. GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affecte...
Linux Distros Unpatched Vulnerability : CVE-2026-44066
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Netatalk 3.1.0 through 4.4.2 allow a remote authenticated attacker to obtain...
Linux Distros Unpatched Vulnerability : CVE-2026-8571
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to...
Linux Distros Unpatched Vulnerability : CVE-2026-43489
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: liveupdate: luofile: remember retrieve status LUO keeps track of successful retrieve attempt...
Linux Distros Unpatched Vulnerability : CVE-2026-8514
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Aura in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a...
Amazon Linux 2 : runfinch-finch, --advisory ALAS2DOCKER-2026-117 (ALASDOCKER-2026-117)
The version of runfinch-finch installed on the remote host is prior to 1.17.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-117 advisory. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination ...
Linux Distros Unpatched Vulnerability : CVE-2026-8199
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authenticated user can cause excess memory usage via bitwise match expression AST processing of $bitsAllSet, $bitsAnySet, $bitsAllClear, and $bitsAnyClear...
Linux Distros Unpatched Vulnerability : CVE-2026-43476
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iio: chemical: sps30i2c: fix buffer size in sps30i2creadmeas sizeofnum evaluates to sizeofsizet 8 bytes on 64-bit instead of the intended be32 element size 4...
Linux Distros Unpatched Vulnerability : CVE-2026-40701
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpsslmodule module when the sslverifyclient directive is set to on or optional, and the sslocs...
Security Update for Microsoft .NET Core SDK (May 2026)
The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the vendor advisory. - A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who...
GitLab 13.7 < 18.9.7 / 18.10 < 18.10.6 / 18.11 < 18.11.3 (CVE-2026-3160)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Unintended Proxy or Intermediary 'Confused Deputy' in GitLab CVE-2026-3160 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...
Linux Distros Unpatched Vulnerability : CVE-2026-8544
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...