338622 matches found
GitLab 13.7 < 18.9.7 / 18.10 < 18.10.6 / 18.11 < 18.11.3 (CVE-2026-3160)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Unintended Proxy or Intermediary 'Confused Deputy' in GitLab CVE-2026-3160 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...
Linux Distros Unpatched Vulnerability : CVE-2026-8544
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...
AlmaLinux 9 : gimp (ALSA-2026:16484)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:16484 advisory. gimp: GIMP:Memory disclosure and denial of service via specially crafted PCX image CVE-2026-4887 gimp: GIMP: Remote Code Execution via XPM File Parsing...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: gstreamer1-plugins-base (UTSA-2026-021388)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021388 advisory. GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected...
Linux Distros Unpatched Vulnerability : CVE-2026-8561
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect security UI in Fullscreen in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium...
Amazon Linux 2 : gimp, --advisory ALAS2GIMP-2026-015 (ALASGIMP-2026-015)
The version of gimp installed on the remote host is prior to 2.8.22-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2GIMP-2026-015 advisory. A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing ...
Linux Distros Unpatched Vulnerability : CVE-2026-8522
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromiu...
Linux Distros Unpatched Vulnerability : CVE-2026-42338
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group and Address6.link do not HTML-escape...
Linux Distros Unpatched Vulnerability : CVE-2026-43487
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ata: libata-core: Disable LPM on ST1000DM010-2EP102 According to a user report, the ST1000DM010-2EP102 has problems with LPM, causing random system freezes. The...
Linux Distros Unpatched Vulnerability : CVE-2026-43916
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pamauthnft is a PAM session module binding nftables firewall rules to authenticated sessions via cgroupv2 inodes. Prior to 0.2.0-alpha, a heap buffer over-read ...
Oracle Linux 8 : krb5 (ELSA-2026-16799)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-16799 advisory. 1.18.2-34.0.1 - Fixed race condition in krb5setpassword Orabug: 33609767 1.18.2-34 - Fix NegoEx parsing vulnerabilities CVE-2026-40355, CVE-2026-40356...
TencentOS Server 4: nginx (TSSA-2026:0279)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0279 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Vim < 9.2.0450 Heap Buffer Overflow (GHSA-q4jv-r9gj-6cwv)
The version of Vim installed on the remote host is prior to 9.2.0450. It is, therefore, affected by a vulnerability as referenced in the GHSA-q4jv-r9gj-6cwv advisory. - An integer overflow in the readcompound function within src/spellfile.c produces a heap buffer overflow when processing maliciou...
Linux Distros Unpatched Vulnerability : CVE-2026-8573
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in Codecs in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted...
Linux Distros Unpatched Vulnerability : CVE-2026-44544
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gittuf is a platform-agnostic Git security system. Prior to 0.14.0, an attacker with push access to gittuf's Reference State Log RSL can roll back the current...
TencentOS Server 3: kernel (TSSA-2026:0316)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0316 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
Linux Distros Unpatched Vulnerability : CVE-2026-46470
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemuxaudiocaps function does not...
Linux Distros Unpatched Vulnerability : CVE-2026-43482
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - schedext: Disable preemption between scxclaimexit and kicking helper work scxclaimexit atomically sets exitkind, which prevents scxerror from triggering further...
RedShift JDBC Driver < 2.2.2 Arbitrary Class Loading (CVE-2026-8178)
The Amazon Redshift JDBC Driver installed on the remote host is prior to 2.2.2. It is, therefore, affected by a flaw that could allow the driver to load and execute arbitrary classes when processing JDBC connection URL parameters. Under certain conditions, an actor able to influence the connectio...
Linux Distros Unpatched Vulnerability : CVE-2026-8577
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...
Linux Distros Unpatched Vulnerability : CVE-2026-42584
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpClientCodec pairs each inbound response with ...
Unity Linux 20.1070a Security Update: git (UTSA-2026-021355)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021355 advisory. Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals...
Linux Distros Unpatched Vulnerability : CVE-2026-8519
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted...
Linux Distros Unpatched Vulnerability : CVE-2026-8052
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad's exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink...
Unity Linux 20.1070a Security Update: git (UTSA-2026-021384)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021384 advisory. Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files...
Linux Distros Unpatched Vulnerability : CVE-2026-8388
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11,...
Fedora 44 : nix (2026-65ce3da435)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-65ce3da435 advisory. - update to 2.34.7: fixes high GHSA-vh5x-56v6-4368 and moderate GHSA-gr92-w2r5-qw5p -...
Linux Distros Unpatched Vulnerability : CVE-2026-44058
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authentication bypass vulnerability in Netatalk 2.2.2 through 4.4.2 allows a remote privileged user to authenticate as an arbitrary user via the admin auth...
Linux Distros Unpatched Vulnerability : CVE-2026-8553
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds...
Linux Distros Unpatched Vulnerability : CVE-2026-8557
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege...
Linux Distros Unpatched Vulnerability : CVE-2026-8526
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML...
Fedora 44 : freerdp (2026-1c8efcc330)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-1c8efcc330 advisory. Update to 3.26.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...
RHEL 10 : osbuild-composer (RHSA-2026:17686)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17686 advisory. A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for...
Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50271)
The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50271 advisory. - nfsd: fix heap overflow in NFSv4.0 LOCK replay cache Jeff Layton Orabug: 39362036 CVE-2026-31402 - net/sched: Only allow actct to bind to...
Unity Linux 20.1070a Security Update: git (UTSA-2026-021356)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021356 advisory. Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git process...
Linux Distros Unpatched Vulnerability : CVE-2026-8580
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page...
Linux Distros Unpatched Vulnerability : CVE-2026-46446
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to cpassword = '%@' in...
GitLab 18.8 < 18.9.7 / 18.10 < 18.10.6 / 18.11 < 18.11.3 (CVE-2026-7471)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Server-Side Request Forgery SSRF in GitLab CVE-2026-7471 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 809...
Linux Distros Unpatched Vulnerability : CVE-2026-6475
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Symlink following in PostgreSQL pgbasebackup plain format and in pgrewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc,...
Linux Distros Unpatched Vulnerability : CVE-2026-8520
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Race in Payments in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium...
Linux Distros Unpatched Vulnerability : CVE-2026-6473
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: gdk-pixbuf2 (UTSA-2026-021389)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021389 advisory. A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color compone...
Debian dsa-6267 : thunderbird - security update
The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6267 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6267-1 [email protected]...
Linux Distros Unpatched Vulnerability : CVE-2026-40460
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass ...
Amazon Linux 2 : opencryptoki, --advisory ALAS2-2026-3283 (ALAS-2026-3283)
The version of opencryptoki installed on the remote host is prior to 3.7.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3283 advisory. openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to...
TencentOS Server 4: python-lxml (TSSA-2026:0288)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0288 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Linux Distros Unpatched Vulnerability : CVE-2026-42579
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 domai...
JetBrains TeamCity <= 2025.11.4 Privilege Escalation (CVE-2026-44413)
The version of JetBrains TeamCity installed on the remote host is 2025.11.4 or prior. It is, therefore, affected by a post-authentication privilege escalation vulnerability that may allow any authenticated user, including standard or guest accounts, to expose some parts of the TeamCity server API...
Linux Distros Unpatched Vulnerability : CVE-2026-8559
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in Internationalization in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write...
Linux Distros Unpatched Vulnerability : CVE-2026-8567
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted...