Devolutions Server <= 2026.1.21 / 2026.2.0 <= 2026.2.5 Multiple Vulnerabilities (DEVO-2026-0017)

The version of Devolutions Server installed on the remote host is prior or equal to 2026.1.21 or 2026.2.0 prior or equal to 2026.2.5. It is, therefore, affected by multiple vulnerabilities, including: - Improper access control in PAM account discovery results in Devolutions Server 2026.2.5,...

RHEL 8 : firefox (RHSA-2026:26630)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:26630 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

Siemens RuggedCom Rox Integer Underflow (Wrap or Wraparound) (CVE-2019-14199)

An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a netprocessreceivedpacket integer underflow during an udppackethandler call. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for...

Libheif 1.19.x < 1.23.0 DoS (macOS)

According to its self-reported version, libheif on the remote host is affected by a denial of service vulnerability. A crafted HEIF sequence file can cause libheif to perform unbounded heap allocation due to a missing bound check in the stsz fixed-size mode of the HEIF sequence parser, leading to...

Mattermost Server 10.11.x < 10.11.14 / 11.4.x < 11.4.4 / 11.5.x < 11.5.2 Vulnerability (MMSA-2026-00597)

The version of Mattermost Server installed on the remote host is affected by a vulnerability: - Mattermost fails to enforce slash command trigger-word uniqueness during command updates which allows an authenticated team member with Manage Own Slash Commands permission to hijack and impersonate...

Siemens RuggedCom Rox Uncontrolled Recursion (CVE-2025-9714)

Uncontrolled recursion inXPath evaluationin libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions xmlXPathRunEval, xmlXPathCtxtCompile, and xmlXPathEvalExpr were resetting recursion depth to zero before...

Mattermost Desktop 5.13.x < 5.13.6 / 6.x < 6.2.0 Multiple Vulnerabilities (MMSA-2026-00651 / MMSA-2026-00652)

The version of Mattermost Desktop installed on the remote host is affected by multiple vulnerabilities: - Mattermost Desktop App versions =6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in the Mattermost Desktop App which allows any user on a...

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2026-23037)

In the Linux kernel, the following vulnerability has been resolved: can: etases58x: allow partial RX URB allocation to succeed When es58xallocrxurbs fails to allocate the requested number of URBs but succeeds in allocating some, it returns an error code. This causes es58xopen to return early,...

Siemens (CVE-2025-49794)

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's...

Debian dsa-6350 : firefox-esr - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6350 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6350-1 [email protected] https://www.debian.org/securit...

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2026-23228)

In the Linux kernel, the following vulnerability has been resolved: smb: server: fix leak of activenumconn in ksmbdtcpnewconnection On kthreadrun failure in ksmbdtcpnewconnection, the transport is freed via freetransport, which does not decrement activenumconn, leaking this counter. Replace...

Siemens SIMATIC S7-1500 TM MFP NULL Pointer Dereference (CVE-2026-28390)

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denia...

RockyLinux 9 : 389-ds-base (RLSA-2026:26455)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:26455 advisory. 389-ds-base: 389-ds-base: unbounded LDAP controls count in getldapmessagecontrolsext causes CPU and heap amplification remote DoS CVE-2026-9064 Bug Fixes and...

Siemens RUGGEDCOM RST2428P Stack-based Buffer Overflow (CVE-2025-69720)

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyzestring in progs/infocmp.c. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Mattermost Server 10.11.x < 10.11.16 / 11.5.x < 11.5.5 / 11.6.x < 11.6.2 Multiple Vulnerabilities (MMSA-2026-00616 / MMSA-2026-00649 / MMSA-2026-00655 / MMSA-2026-00656 / MMSA-2026-00661 / MMSA-2026-00662 / MMSA-2026-00665)

The version of Mattermost Server installed on the remote host is affected by multiple vulnerabilities: - Mattermost fails to require role-management authorization when setting the schemeadmin flag on group syncable link and patch endpoints, which allows a user with group-link permissions to...

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2025-40262)

In the Linux kernel, the following vulnerability has been resolved: Input: imxsckey - fix memory corruption on unload This is supposed to be priv but we accidentally pass &priv which is an address in the stack and so it will lead to memory corruption when the imxsckeyaction function is called...

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2026-23032)

In the Linux kernel, the following vulnerability has been resolved: nullblk: fix kmemleak by releasing references to fault configfs items When CONFIGBLKDEVNULLBLKFAULTINJECTION is enabled, the null-blk driver sets up fault injection support by creating the timeoutinject, requeueinject, and...

Linux Distros Unpatched Vulnerability : CVE-2026-12445

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a malicious extension to potentially...

ImageMagick 7.x < 7.1.2-24 Heap Buffer Over-write (CVE-2026-48724)

The remote host has a version of ImageMagick 7.x installed that is prior to 7.1.2-24. It is, therefore, affected by a heap buffer over-write vulnerability: - When using an image with mask the Floyd-Steinberg dithering method will cause a negative heap buffer over-write. CVE-2026-48724 Note that...

Hitachi Energy RTU500 NULL Pointer Dereference (CVE-2026-24515)

In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data, causing Denial of Service impact. Product is only affected if IEC 61850 functionality is configured. This plugin only works with Tenable.ot. Please visit...

Linux Distros Unpatched Vulnerability : CVE-2026-12318

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152 and Thunderbird 152. CVE-2026-12318 Note that Nessu...

RockyLinux 8 : libxml2 (RLSA-2026:26354)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:26354 advisory. libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c CVE-2024-34459 Tenable has extracted the preceding description block directly from the RockyLin...

Bosch Security Systems IP Cameras Uncontrolled Resource Consumption (CVE-2021-23852)

An authenticated attacker with administrator rights Bosch IP cameras can call an URL with an invalid parameter that causes the camera to become unresponsive for a few seconds and cause a Denial of Service DoS. This plugin only works with Tenable.ot. Please visit...

IBM WebSphere Application Server 8.5.x < 8.5.5.30 / 9.x < 9.0.5.29 / Liberty 17.0.0.3 < 26.0.0.7 (7276579)

The version of IBM WebSphere Application Server running on the remote host is affected by multiple vulnerabilities as referenced in the 7276579 advisory. - IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to HTTP request smuggling. A remote attacker could...

RHEL 7 : 389-ds-base (RHSA-2026:26453)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26453 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server a...

RHEL 9 : 389-ds-base (RHSA-2026:26455)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26455 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server a...

Bosch Security Systems IP Cameras Cross-site Scripting (CVE-2021-23848)

An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting XSS in the web-based interface. An attacker with knowledge of the camera address can send a crafted link to a user, which will execute javascript code in the context of the user. This plugin only works with...

Photon OS 5.0: Libssh2 PHSA-2026-5.0-0857

An update of the libssh2 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0857. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Squid vulnerabilities (USN-8435-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8435-1 advisory. It was discovered that Squid incorrectly handled FTP gateway processing under certain circumstances, which could result i...

Linux Distros Unpatched Vulnerability : CVE-2026-12444

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds read in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to obtain potentially sensitive information from...

Photon OS 5.0: Coredns PHSA-2026-5.0-0869

An update of the coredns package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0869. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

openSUSE 16 Security Update : python-python-dotenv (openSUSE-SU-2026:20952-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20952-1 advisory. This update for python-python-dotenv fixes the following issue: - CVE-2026-28684: Prior to version 1.2.2, setkey and unsetkey in python-dotenv follow...

RHEL 8 : 389-ds:1.4 (RHSA-2026:26459)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26459 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server a...

Linux Distros Unpatched Vulnerability : CVE-2026-12003

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - To allow builds of Python to be run from an in-tree layout rather than an installed file layout, the VPATH variable is defined at build time and used to locate...

Linux Distros Unpatched Vulnerability : CVE-2026-12457

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient data validation in Extensions. CVE-2026-12457 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900...

ConnectWise ScreenConnect < 26.2 Improper Input Validation (CVE-2026-11596)

According to its version, the ConnectWise ScreenConnect remote access software installed on the remote host is prior to 26.2. It is, therefore, affected by an improper input validation vulnerability: - Input validation within the Host Pass creation functionality could allow an authenticated user...

Linux Distros Unpatched Vulnerability : CVE-2026-53612

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - util-linux - None Ubuntu Linux - Local Privilege Escalation via TOCTOU in mount8 hookowner.c chmod/chown CVE-2026-53612 Note that Nessus relies o...

IBM WebSphere Application Server 8.5.x < 8.5.5.30 / 9.x < 9.0.5.29 (7276597)

The version of IBM WebSphere Application Server running on the remote host is affected by a vulnerability as referenced in the 7276597 advisory. - IBM WebSphere Application Server could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications. CWE:...

Fedora 44 : nextcloud (2026-86fab2703b)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-86fab2703b advisory. 33.0.5 Release Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

RHEL 9 : firefox (RHSA-2026:26492)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26492 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

Linux Distros Unpatched Vulnerability : CVE-2026-12452

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Downloads in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted...

IBM WebSphere Application Server 8.5.x < 8.5.5.30 / 9.x < 9.0.5.28 RCE (7276560)

The version of IBM WebSphere Application Server running on the remote host is affected by a remote code execution vulnerability as referenced in the 7276560 advisory. - IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, when using Intelligent Management with the...

Fedora 43 : nextcloud (2026-cb3feafe41)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-cb3feafe41 advisory. 33.0.5 Release Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

Bosch Security Systems IP Cameras Cross-Site Request Forgery (CVE-2021-23849)

A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user CSRF - Cross Site Request Forgery. This requires the victim to be tricked into clicking a malicious link or opening a malicious website while bei...

Linux Distros Unpatched Vulnerability : CVE-2026-12466

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page...

Oracle Linux 8 : rsync (ELSA-2026-26408)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-26408 advisory. - Integer overflow in compressed-token decoding CVE-2026-43618 Tenable has extracted the preceding description block directly from the Oracle Linux...

Linux Distros Unpatched Vulnerability : CVE-2026-12440

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in DigitalCredentials in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to potentially perform a sandbox escape via a...

Photon OS 4.0: Python3 PHSA-2026-4.0-1018

An update of the python3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1018. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Ubuntu 20.04 LTS : Linux kernel (Oracle) vulnerabilities (USN-8439-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8439-1 advisory. Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission chec...

Hitachi Energy RTU500 NULL Pointer Dereference (CVE-2026-32776)

libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content, causing Denial of Service impact. Product is only affected if IEC 61850 functionality is configured. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-...