337440 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-46974
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.2.8. Difficult to exploi...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : ldns vulnerability (USN-8449-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8449-1 advisory. Pablo Ruiz discovered that ldns did not properly validate DNS responses when used as a stub resolver...
SUSE SLES15 Security Update : rootlesskit (SUSE-SU-2026:2452-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2452-1 advisory. This update for rootlesskit rebuilds it against the current go security release. Tenable has extracted the preceding description block...
FreeBSD : jenkins -- multiple vulnerabilities (35598415-56de-4562-959c-11fb1fd2d995)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 35598415-56de-4562-959c-11fb1fd2d995 advisory. Jenkins Security Advisory 2026-06-10: Tenable has extracted the preceding description block...
Fedora 44 : restic (2026-2290b9a9ad)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-2290b9a9ad advisory. Update to 0.19.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...
Linux Distros Unpatched Vulnerability : CVE-2026-56211
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encoder's SVC...
Fedora 44 : singularity-ce (2026-63ae478575)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-63ae478575 advisory. Upgrade to 4.4.2 upstream version. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...
Linux Distros Unpatched Vulnerability : CVE-2026-44587
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CarrierWave is a framework to upload files from Ruby applications. In versions prior to 2.2.7 and 3.1.3, the contenttypedenylist check fails to escape regex...
SUSE SLED15 / SLES15 Security Update : rustup (SUSE-SU-2026:2441-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2441-1 advisory. This update for rustup fixes the following issues - CVE-2026-25727: time: parsing of user-provided input by the RFC 282...
SUSE SLES15 Security Update : container-suseconnect (SUSE-SU-2026:2420-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2420-1 advisory. This update for container-suseconnect rebuilds it against the current go security release. Tenable has extracted the preceding description...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Config-IniFiles vulnerability (USN-8445-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8445-1 advisory. It was discovered that Config-IniFiles incorrectly handled the -file argument in certain situations. An attacker could possibly us...
MiracleLinux 8 : opencryptoki-3.22.0-3.el8_10.3 (AXSA:2026-797:04)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-797:04 advisory. openCryptoki: openCryptoki: Information disclosure and Denial of Service via malformed BER-encoded cryptographic objects CVE-2026-40253 Tenable has extracted...
Photon OS 5.0: Libsolv PHSA-2026-5.0-0886
An update of the libsolv package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0886. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
SUSE SLES16 Security Update : editorconfig-core-c (SUSE-SU-2026:22125-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:22125-1 advisory. This update for editorconfig-core-c fixes the following issue: - CVE-2026-40489: lpattern buffer overflow bsc1262131. Tenable has extracted...
SUSE SLES15 Security Update : containerized-data-importer (SUSE-SU-2026:2407-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2407-1 advisory. This update for containerized-data-importer rebuilds the current sources against latest go security release and the images against the lates...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Graphite vulnerability (USN-8444-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8444-1 advisory. It was discovered that Graphite incorrectly handled memory when running certain actions. An attacker could use this issue to cause...
Linux Distros Unpatched Vulnerability : CVE-2026-55766
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - php-guzzlehttp-psr7 - None CVE-2026-55766 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C...
SUSE SLED15 / SLES15 Security Update : xwayland (SUSE-SU-2026:2426-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2426-1 advisory. - CreateSaverWindow Use-After-Free Information Disclosure. bsc1266301 - Font Alias Stack-based Buffer Overflow...
Linux Distros Unpatched Vulnerability : CVE-2026-50190
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - shaarli - None Ubuntu Linux - Unknown description CVE-2026-50190 Note that Nessus relies on the presence of the package as reported by the vendor...
SUSE SLES15 Security Update : buildah (SUSE-SU-2026:2416-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2416-1 advisory. This update for buildah rebuilds it against the current go security release. Tenable has extracted the preceding description block directly...
Fedora 44 : ocserv (2026-28036f36d5)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-28036f36d5 advisory. fix pam-guard-page test Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...
SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2026:2405-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2405-1 advisory. - CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify bsc1266357. - CVE-2026-42766: Possible NULL Dereference in...
Linux Distros Unpatched Vulnerability : CVE-2026-53492
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux - Unknown description CVE-2026-53492 Note that Nessus relies on the presence of the package as reported by the vendor. C Tenable, Inc...
Linux Distros Unpatched Vulnerability : CVE-2026-53488
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - containerd - None Ubuntu Linux - Unknown description CVE-2026-53488 Note that Nessus relies on the presence of the package as reported by the...
Fedora 43 : vorbis-tools (2026-cbf4cd18d1)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-cbf4cd18d1 advisory. CVE-2026-34253 - fix arbitrary code execution via buffer underflow Tenable has extracted the preceding description block directly from the Fedora security...
Ubuntu 26.04 LTS : Tomcat vulnerabilities (USN-8450-1)
The remote Ubuntu 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8450-1 advisory. It was discovered that Tomcat did not properly limit the size of WebDAV LOCK and PROPFIND request bodies. A remote attacker could possibly use this issue...
Linux Distros Unpatched Vulnerability : CVE-2026-22551
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs witho...
SUSE SLES12 Security Update : perl-XML-LibXML (SUSE-SU-2026:2402-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:2402-1 advisory. This update for perl-XML-LibXML fixes the following issue - CVE-2026-8177: read out-of-bounds heap memory when parsing XML node names containing...
Linux Distros Unpatched Vulnerability : CVE-2026-46825
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: VMSVGA device. The supported version that is affected is 7.2.8. Easily...
Linux Distros Unpatched Vulnerability : CVE-2026-48817
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and below, when dispatching a request, HTTPEndpoint selects the handler by lowercasing the...
Linux Distros Unpatched Vulnerability : CVE-2026-48821
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a DOM-based Cross-Site Scripting XSS vulnerability in the Thumbnail Synchronizer...
RockyLinux 10 : yggdrasil-worker-package-manager (RLSA-2026:25999)
The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:25999 advisory. golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-32282 Tenable has extracted the preceding description block directly from...
RHEL 8 : dracut (RHSA-2026:26534)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26534 advisory. The dracut packages contain an event-driven initial RAM file system initramfs generator infrastructure based on the udev device manager. The virtual...
Linux Distros Unpatched Vulnerability : CVE-2026-55202
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthenticated attackers to...
Photon OS 5.0: Python3 PHSA-2026-5.0-0882
An update of the python3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0882. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Linux Distros Unpatched Vulnerability : CVE-2026-55392
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfssbisvalid function fails to validate slogblocksize field in NILFS2 superblock before bit-shift...
Linux Distros Unpatched Vulnerability : CVE-2026-42530
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticate...
SUSE SLES15 Security Update : openssl-3 (SUSE-SU-2026:2393-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2393-1 advisory. This update for openssl-3 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String...
Fedora 43 : perl-GD (2026-63831abaee)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-63831abaee advisory. This update fixes a command injection issue resulting from the use of the 2-argument form of open CVE-2026-11526. Tenable has extracted the preceding...
RockyLinux 9 : dracut (RLSA-2026:26533)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:26533 advisory. dracut: dracut: Root code execution via DHCP options command injection CVE-2026-6893 Tenable has extracted the preceding description block directly from the...
Fedora 43 : perl-HTTP-Daemon (2026-f276b2154e)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-f276b2154e advisory. Changes: 6.17 2026-05-19 23:11:06Z - Fix CVE-2026-8450 affects 6.15 and earlier: 2-arg open in sendfile enabled RCE / arbitrary file write / response-body...
Linux Distros Unpatched Vulnerability : CVE-2026-48818
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as...
Linux Distros Unpatched Vulnerability : CVE-2026-48988
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - markdown-it is a Markdown parser. Versions 14.1.1 and below contain a denial-of-service vulnerability when typographer: true is enabled, due to quadratic On^2...
RHEL 7 : libexif (RHSA-2026:26567)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26567 advisory. The libexif packages provide a library for extracting extra information from image files. Security Fixes: libexif: libexif: Information...
RockyLinux 8 : dracut (RLSA-2026:26534)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:26534 advisory. dracut: dracut: Root code execution via DHCP options command injection CVE-2026-6893 Tenable has extracted the preceding description block directly from the...
Linux Distros Unpatched Vulnerability : CVE-2026-46863
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server, MySQL Cluster product of Oracle MySQL component: Server: Connection Handling. Supported versions that are affected are MySQL...
Linux Distros Unpatched Vulnerability : CVE-2026-42055
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the...
Linux Distros Unpatched Vulnerability : CVE-2026-47262
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - containerd image-triggered runtime DoS via unbounded group parsing CVE-2026-47262 Note that Nessus relies on the presence of the package as reported by the...
SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2026:2404-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2404-1 advisory. - CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify bsc1266357. - CVE-2026-42766: Possible NULL Dereference in...
Linux Distros Unpatched Vulnerability : CVE-2026-48823
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting XSS vulnerability in the tag filtering functionality ...