Linux Distros Unpatched Vulnerability : CVE-2026-48818

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as...

Linux Distros Unpatched Vulnerability : CVE-2026-48988

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - markdown-it is a Markdown parser. Versions 14.1.1 and below contain a denial-of-service vulnerability when typographer: true is enabled, due to quadratic On^2...

RHEL 7 : libexif (RHSA-2026:26567)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26567 advisory. The libexif packages provide a library for extracting extra information from image files. Security Fixes: libexif: libexif: Information...

RockyLinux 8 : dracut (RLSA-2026:26534)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:26534 advisory. dracut: dracut: Root code execution via DHCP options command injection CVE-2026-6893 Tenable has extracted the preceding description block directly from the...

Linux Distros Unpatched Vulnerability : CVE-2026-46863

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server, MySQL Cluster product of Oracle MySQL component: Server: Connection Handling. Supported versions that are affected are MySQL...

Linux Distros Unpatched Vulnerability : CVE-2026-42055

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the...

Linux Distros Unpatched Vulnerability : CVE-2026-47262

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - containerd image-triggered runtime DoS via unbounded group parsing CVE-2026-47262 Note that Nessus relies on the presence of the package as reported by the...

SUSE SLED15 / SLES15 Security Update : alloy (SUSE-SU-2026:2438-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2438-1 advisory. This update for alloy fixes the following issues Security issues: - CVE-2026-4427: github.com/jackc/pgproto3/v...

SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2026:2404-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2404-1 advisory. - CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify bsc1266357. - CVE-2026-42766: Possible NULL Dereference in...

Linux Distros Unpatched Vulnerability : CVE-2026-48823

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting XSS vulnerability in the tag filtering functionality ...

Fedora 45 : docker-buildx (2026-33cccee12b)

The remote Fedora 45 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-33cccee12b advisory. Automatic update for docker-buildx-0.35.0-1.fc45. Changelog Thu Jun 18 2026 Bradley G Smith - 0.35.0-1 - Update to release v0.35.0 - Resolves:...

Fedora 45 : docker-buildkit (2026-c6481c190e)

The remote Fedora 45 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-c6481c190e advisory. Automatic update for docker-buildkit-0.31.0-1.fc45. Changelog Wed Jun 17 2026 Bradley G Smith - 0.31.0-1 - Update to release v0.31.0 - Resolve...

RHEL 8 / 9 : Satellite 6.16.9 Async Update (Important) (RHSA-2026:27076)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27076 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessi...

SUSE SLES12 Security Update : kernel (SUSE-SU-2026:2450-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2450-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-10263:...

MiracleLinux 8 : libpng12-1.2.57-7.el8_10 (AXSA:2026-793:02)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2026-793:02 advisory. libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVE-2026-33416 Tenable has extracted the preceding description block directly fro...

MiracleLinux 8 : libxslt-1.1.32-6.4.el8_10 (AXSA:2026-796:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-796:02 advisory. libxslt: use-after-free with key data stored cross-RVT CVE-2025-10911 Tenable has extracted the preceding description block directly from the MiracleLinux...

SUSE SLES16 Security Update : kernel (SUSE-SU-2026:22127-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22127-1 advisory. The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: -...

AlmaLinux 9 : podman (ALSA-2026:26447)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:26447 advisory. crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation CVE-2026-32281 crypto/tls: golang: Go crypto/tls:...

Debian dla-4634 : libnginx-mod-http-auth-pam - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4634 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4634-1 [email protected] https://www.debian.org/lts/security/...

SUSE SLES16 Security Update : kernel (SUSE-SU-2026:22099-1)

The remote SUSE Linux SLES16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22099-1 advisory. The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2026-23254:...

RHCOS 4 : OpenShift Container Platform 4.16.64 (RHSA-2026:25043)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:25043 advisory. - net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 Note that Nessus has not tested for this issue but has instead...

Linux Distros Unpatched Vulnerability : CVE-2026-46877

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: VMSVGA device. The supported version that is affected is 7.2.8. Easily...

SUSE SLES12 Security Update : LibVNCServer (SUSE-SU-2026:2428-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:2428-1 advisory. - CVE-2026-44988: Fixed missing validation of rectangle width in tight gradient decoding can lead to server-triggered out-of-bounds write bsc1266459...

Fedora 43 : perl-Net-Statsd (2026-9a8f233b8f)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-9a8f233b8f advisory. Metric names and values are now validated to ensure they do not contain characters below ASCII 32 including newlines, colon : or pipe | characters that might...

SUSE SLES15 Security Update : shim (SUSE-SU-2026:0741-2)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0741-2 advisory. shim is updated to version 16.1: - shimstartimage: fix guid/handle pairing when uninstalling protocols - Fix uncompressed ipv6 netboot - fix...

Photon OS 5.0: Jq PHSA-2026-5.0-0885

An update of the jq package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0885. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid321792...

Linux Distros Unpatched Vulnerability : CVE-2026-52910

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Free reuseport cBPF prog after RCU grace period. Eulgyu Kim reported the splat below with a repro. 0 The repro sets up a UDP reuseport group with a cBPF pr...

Ubuntu 16.04 LTS : Dolibarr vulnerability (USN-8448-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8448-1 advisory. It was discovered that Dolibarr incorrectly handled user-supplied database name values during installation. A remote attacker could possibly use this issue to...

Linux Distros Unpatched Vulnerability : CVE-2026-43994

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decodeoauthtokengcm. A uint16t...

Photon OS 5.0: Samba PHSA-2026-5.0-0886

An update of the samba package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0886. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

SUSE SLES12 Security Update : perl-HTTP-Daemon (SUSE-SU-2026:2408-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:2408-1 advisory. - CVE-2026-8450: Fixed OS command injection via sendfile bsc1266370. Tenable has extracted the preceding description block directly from the SUSE...

Linux Distros Unpatched Vulnerability : CVE-2026-56131

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free...

RockyLinux 10 : dracut (RLSA-2026:26532)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:26532 advisory. dracut: dracut: Root code execution via DHCP options command injection CVE-2026-6893 Tenable has extracted the preceding description block directly from the...

Linux Distros Unpatched Vulnerability : CVE-2026-46768

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: VMSVGA device. The supported version that is affected is 7.2.8. Easily...

Linux Distros Unpatched Vulnerability : CVE-2026-55748

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some...

SUSE SLES15 Security Update : wireshark (SUSE-SU-2026:2437-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2437-1 advisory. This update for wireshark fixes the following issues - CVE-2026-5405: RDP dissector crash bsc1263767. - CVE-2026-5656: Profile impo...

FreeBSD : Routinator -- CWE-20 Improper Input Validation (40edfb37-6a59-11f1-bf61-3c7c3fba4204)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 40edfb37-6a59-11f1-bf61-3c7c3fba4204 advisory. https://www.nlnetlabs.nl/downloads/routinator/CVE-2026-49234.txt reports: When sending a specifically...

SUSE SLES15 Security Update : frr (SUSE-SU-2026:2457-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2457-1 advisory. This update for frr fixes the following issue: - CVE-2026-5107: Fixed an improper access controls in EVPN Type-2 Route Handler...

Linux Distros Unpatched Vulnerability : CVE-2026-40528

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the dokeyvalue function in src/pkcs15init/profile.c tha...

Linux Distros Unpatched Vulnerability : CVE-2026-11525

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: When undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring, rather than the...

SUSE SLES15 Security Update : buildah (SUSE-SU-2026:2415-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2415-1 advisory. This update for buildah rebuilds it against the current go security release. Tenable has extracted the preceding description block directly...

Linux Distros Unpatched Vulnerability : CVE-2026-40510

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in pivprocesshistory in src/libopensc/card-piv.c that allows...

Fedora 45 : rust-bon / rust-bon-macros / rust-openssl / rust-openssl-sys / etc (2026-14941c1cf3)

The remote Fedora 45 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-14941c1cf3 advisory. - Update the openssl crate to version 0.10.81 and the openssl-sys crate to version 0.9.117. - Update the zeroize crate to version 1.9.0 and the zeroizederive...

Fedora 43 : chromium (2026-40cf884ac9)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-40cf884ac9 advisory. Update to 149.0.7827.114 CVE-2026-12007: Use after free Core CVE-2026-12008: Use after free DigitalCredentials CVE-2026-12009: Insufficient validati...

Linux Distros Unpatched Vulnerability : CVE-2026-33244

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre- rendering enabled, improper neutralization of the HTTP...

Linux Distros Unpatched Vulnerability : CVE-2026-6733

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an...

SUSE SLES15 Security Update : openssl-1_0_0 (SUSE-SU-2026:2399-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2399-1 advisory. This update for openssl-100 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String...

SUSE SLES15 Security Update : openssl-3 (SUSE-SU-2026:2397-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2397-1 advisory. This update for openssl-3 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String...

Linux Distros Unpatched Vulnerability : CVE-2026-48979

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PHP Standard Library PSL is set of APIs covering async, collections, networking, I/O, cryptography, terminal UI, etc. In versions 6.1.0, 6.1.1 and 6.2.0, the...

RHEL 7 : firefox (RHSA-2026:26551)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:26551 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...