338622 matches found
GitLab 11.9 < 18.9.7 / 18.10 < 18.10.6 / 18.11 < 18.11.3 (CVE-2026-1184)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Deserialization of Untrusted Data in GitLab CVE-2026-1184 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL...
Security Updates for Microsoft Visual Studio Products (May 2026)
The Microsoft Visual Studio Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. CVE-2026-32177 - A tampering vulnerability exists when .NET Core improperl...
Linux Distros Unpatched Vulnerability : CVE-2026-8550
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Google Lens in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially...
TencentOS Server 4: LibRaw (TSSA-2026:0233)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0233 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Linux Distros Unpatched Vulnerability : CVE-2026-8530
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Network in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially...
Linux Distros Unpatched Vulnerability : CVE-2026-8538
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to...
Linux Distros Unpatched Vulnerability : CVE-2026-44061
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authentication credentials vi...
Linux Distros Unpatched Vulnerability : CVE-2026-7474
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability...
Palo Alto GlobalProtect App MacOS 6.0.x < 6.0.13 / 6.2.x < 6.2.8-h10 / 6.3.x < 6.3.3-h9 Improper Certificate Validation (CVE-2026-0249)
The version of Palo Alto GlobalProtect App installed on the remote macOS host is 6.0.x prior to 6.0.13, 6.2.x prior to 6.2.8-h10, or 6.3.x prior to 6.3.3-h9. It is, therefore, affected by an improper certificate validation vulnerability: - Multiple improper certificate validation vulnerabilities ...
Unity Linux 20.1070a Security Update: git (UTSA-2026-021382)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021382 advisory. Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has clon...
Linux Distros Unpatched Vulnerability : CVE-2026-8585
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Media in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to...
Linux Distros Unpatched Vulnerability : CVE-2026-8390
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3. CVE-2026-8390 Note that Nessus relies on the presence ...
Photon OS 4.0: Systemd PHSA-2026-4.0-1014
An update of the systemd package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1014. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Linux Distros Unpatched Vulnerability : CVE-2026-8548
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds write in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform ...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: gstreamer1-plugins-base (UTSA-2026-021387)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021387 advisory. GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affecte...
RHEL 10 : firefox (RHSA-2026:17690)
The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:17690 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...
Linux Distros Unpatched Vulnerability : CVE-2026-44216
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wasmtime is a runtime for WebAssembly. From 30.0.0 to 36.0.8, 43.0.2, and 44.0.1, Wasmtime's allocation logic for a WebAssembly table contained checked arithmet...
Linux Distros Unpatched Vulnerability : CVE-2026-42585
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty incorrectly parses malformed...
RHEL 9 : openexr (RHSA-2026:17660)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17660 advisory. OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents ...
Amazon Linux 2 : ImageMagick, --advisory ALAS2-2026-3288 (ALAS-2026-3288)
The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3288 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: gstreamer1-plugins-base (UTSA-2026-021406)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021406 advisory. GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affect...
Linux Distros Unpatched Vulnerability : CVE-2026-8053
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memor...
Linux Distros Unpatched Vulnerability : CVE-2026-43961
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - vim - None Ubuntu Linux - Unknown description CVE-2026-43961 Note that Nessus relies on the presence of the package as reported by the vendor...
Linux Distros Unpatched Vulnerability : CVE-2026-43826
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the fu...
GitLab 18.3 < 18.9.7 / 18.10 < 18.10.6 / 18.11 < 18.11.3 (CVE-2026-3607)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Access Control Check Implemented After Asset is Accessed in GitLab CVE-2026-3607 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
FreeBSD : Gitlab -- vulnerabilities (b3cb8f40-4f4c-11f1-80f1-2cf05da270f3)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b3cb8f40-4f4c-11f1-80f1-2cf05da270f3 advisory. Gitlab reports: Cross-site Scripting issue in Analytics dashboard chart rendering impacts GitL...
Linux Distros Unpatched Vulnerability : CVE-2026-42580
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's chunk size parser silently overflows int,...
TencentOS Server 4: redis (TSSA-2026:0218)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0218 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
Linux Distros Unpatched Vulnerability : CVE-2026-8512
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in FileSystem in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to...
Linux Distros Unpatched Vulnerability : CVE-2026-8581
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...
Amazon Linux 2 : python3-tornado, --advisory ALAS2-2026-3287 (ALAS-2026-3287)
The version of python3-tornado installed on the remote host is prior to 5.0.2-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3287 advisory. In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to...
GitLab 17.10 < 18.9.7 / 18.10 < 18.10.6 / 18.11 < 18.11.3 (CVE-2026-1338)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Authorization Bypass Through User-Controlled Key in GitLab CVE-2026-1338 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...
TencentOS Server 4: cups (TSSA-2026:0276)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0276 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
Linux Distros Unpatched Vulnerability : CVE-2026-8201
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free vulnerability exists in MongoDB's Field-Level Encryption FLE query analysis component, affecting client-side uses of mongocryptd and cryptshare...
Linux Distros Unpatched Vulnerability : CVE-2026-44054
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netatalk 2.0.0 through 4.4.2 generates AFP session tokens derived from predictable process IDs, which allows a remote authenticated attacker to cause a denial o...
RHEL 8 : gimp:2.8 (RHSA-2026:17533)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:17533 advisory. The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox,...
Linux Distros Unpatched Vulnerability : CVE-2026-42859
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. An...
Palo Alto GlobalProtect App 6.0.x < 6.0.13 / 6.2.x < 6.2.8-h10 / 6.3.x < 6.3.3-h9 Multiple Vulnerabilities
The version of Palo Alto GlobalProtect App installed on the remote host is 6.0.x prior to 6.0.13, 6.2.x prior to 6.2.8-h10, or 6.3.x prior to 6.3.3-h9. It is, therefore, affected by multiple vulnerabilities: - A buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect app that...
GitLab 8.3 < 18.9.7 / 18.10 < 18.10.6 / 18.11 < 18.11.3 (CVE-2026-8280)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Allocation of Resources Without Limits or Throttling in GitLab CVE-2026-8280 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version numbe...
Linux Distros Unpatched Vulnerability : CVE-2026-8511
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromiu...
Linux Distros Unpatched Vulnerability : CVE-2026-44075
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A missing break statement in DSI OpenSession processing in Netatalk 1.5.0 through 4.4.2 causes a DSIOPTATTNQUANT switch case to fall through into DSIOPTSERVQUAN...
Amazon Linux 2023 : cuda (ALAS2023NVIDIA-2025-013)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2025-013 advisory. NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A...
Linux Distros Unpatched Vulnerability : CVE-2026-43901
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wireshark MCP is an MCP Server that turns tshark into a structured analysis interface, then layers in optional Wireshark suite utilities. In 1.1.5 and earlier,...
Linux Distros Unpatched Vulnerability : CVE-2026-44060
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer underflow in dsiwriteinit in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI wri...
Unity Linux 20.1070a Security Update: git (UTSA-2026-021309)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021309 advisory. Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals...
Linux Distros Unpatched Vulnerability : CVE-2026-8584
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to...
Linux Distros Unpatched Vulnerability : CVE-2026-6476
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQL injection in PostgreSQL pgcreatesubscriber allows an attacker with pgcreatesubscription rights to execute arbitrary SQL as a superuser. The attack takes...
RHEL 9 : firefox (RHSA-2026:17687)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:17687 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...
Amazon Linux 2 : microcode_ctl, --advisory ALAS2-2026-3294 (ALAS-2026-3294)
The version of microcodectl installed on the remote host is prior to 2.1-47. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3294 advisory. Improper handling of values in the microcode flow for some IntelR Processor Family may allow an escalation of privilege. Startu...
Linux Distros Unpatched Vulnerability : CVE-2026-44919
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL...