Bosch Security Systems IP Cameras Improper Input Validation (CVE-2023-39509)

A command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with administrative rights to run arbitrary commands on the OS of the camera. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

Linux Distros Unpatched Vulnerability : CVE-2026-12468

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Race in Updater in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a...

RHEL 10 : 389-ds-base (RHSA-2026:26457)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26457 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server...

Oracle Linux 8 : libxslt (ELSA-2026-26355)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-26355 advisory. 1.1.32-6.4.0.1 - Added libxslt-oracle-enterprise.patch and replaced doc/redhat.gif in tarball 1.1.32-6.4 - Fix CVE-2025-10911 RHEL-171739 Tenable has extracted...

RHEL 10 : valkey (RHSA-2026:26540)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26540 advisory. Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists,...

IBM WebSphere Application Server 8.5.x < 8.5.5.30 / 9.x < 9.0.5.29 (7276600)

The version of IBM WebSphere Application Server running on the remote host is affected by a vulnerability as referenced in the 7276600 advisory. - IBM WebSphere Application Server is vulnerable to server-side request forgery SSRF with the Ajax Proxy configured. This may allow an attacker to send...

MiracleLinux 8 : dotnet9.0-9.0.118-1.el8_10 (AXSA:2026-790:10)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-790:10 advisory. dotnet: .NET: Local file tampering via link following vulnerability CVE-2026-45491 dotnet: ASP.NET Core: Denial of Service via uncontrolled resource...

Linux Distros Unpatched Vulnerability : CVE-2026-12320

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Information disclosure in the Password Manager component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. CVE-2026-12320 Note that Nessus relie...

Linux Distros Unpatched Vulnerability : CVE-2026-8484

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap buffer overflow vulnerability exists in the Jansi JNI ioctl wrapper due to a lack of size verification for the argument array before the system call. Thi...

Linux Distros Unpatched Vulnerability : CVE-2026-12443

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page...

RockyLinux 9 : webkit2gtk3 (RLSA-2026:25927)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:25927 advisory. webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash CVE-2026-28946 webkitgtk: Processing maliciously crafted we...

Hitachi Energy RTU500 NULL Pointer Dereference (CVE-2026-8479)

IEC 60870-5-104 used in bidirectional mode is vulnerable to a NULL pointer dereference; if a specially crafted sequence of messages is sent for a certain time, this causes Denial of Service impact. Product is only affected if IEC 60870-5-104 functionality in bidirectional mode BCI is configured...

Linux Distros Unpatched Vulnerability : CVE-2026-12463

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to...

RHEL 8 : 389-ds:1.4 (RHSA-2026:26454)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26454 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server a...

RockyLinux 8 : webkit2gtk3 (RLSA-2026:25918)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:25918 advisory. webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash CVE-2026-28946 webkitgtk: Processing maliciously crafted we...

Fortra GoAnywhere Managed File Transfer (MFT) < 7.10.0 Multiple Vulnerabilities

According to its self-reported version, the instance of Fortra GoAnywhere Managed File Transfer MFT running on the remote host is prior to 7.10.0. It is, therefore, affected by multiple vulnerabilities, including: - The login limit is not enforced on the SFTP service if the Web User is configured...

MinIO RELEASE.2022-07-24T01-54-52Z < RELEASE.2026-04-14T21-32-45Z Path Traversal (CVE-2026-42600)

The version of MinIO installed on the remote host is RELEASE.2022-07-24T01-54-52Z or later but prior to RELEASE.2026-04-14T21-32-45Z. It is, therefore, affected by a path traversal vulnerability: - A path traversal vulnerability in MinIO's ReadMultiple internode storage-REST endpoint allows a...

Fedora 43 : ack (2026-45190a3b6b)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-45190a3b6b advisory. Update to version 3.10.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested fo...

MiracleLinux 8 : postfix-3.5.8-8.el8_10 (AXSA:2026-789:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-789:01 advisory. postfix: buffer over-read via malformed enhanced status code CVE-2026-43964 Tenable has extracted the preceding description block directly from the MiracleLin...

Linux Distros Unpatched Vulnerability : CVE-2026-12447

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap buffer overflow in WebRTC in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML...

Linux Distros Unpatched Vulnerability : CVE-2026-6009

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution RCE, potentially allowing code execution on the affected system...

FreeBSD : chromium -- security fixes (cffe1232-e4b3-4c72-8b4c-6a8298c9b289)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the cffe1232-e4b3-4c72-8b4c-6a8298c9b289 advisory. Chrome Releases reports: This update includes 33 security fixes: Tenable has extracted the...

Hitachi Energy RTU500 NULL Pointer Dereference (CVE-2025-69421)

Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function. A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS12 files. The PKCS12itemdecryptd2iex function does not check whether...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : OpenStack Keystone vulnerabilities (USN-8433-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8433-1 advisory. It was discovered that OpenStack Keystone allowed restricted application credentials to create EC2 credentials. An...

RHEL 8 : redhat-ds:11 (RHSA-2026:26458)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26458 advisory. Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol LDAP...

RockyLinux 8 : rsync (RLSA-2026:26408)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26408 advisory. rsync: rsync: Remote memory disclosure via integer overflow in compressed-token decoding CVE-2026-43618 rsync: TOCTOU symlink race condition allowing...

RockyLinux 9 : tomcat (RLSA-2026:26323)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:26323 advisory. tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation CVE-2026-24734 Tenable has extracted the preceding description bloc...

Photon OS 4.0: Nghttp2 PHSA-2026-4.0-1002

An update of the nghttp2 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1002. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Nova vulnerability (USN-8434-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8434-1 advisory. It was discovered that Nova did not strip internal nova-prefixed scheduler hints supplied by users on instance creation. An attack...

RockyLinux 9 : hplip (RLSA-2026:26297)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26297 advisory. HPLIP: HPLIP: Privilege escalation and arbitrary code execution via operating system command injection CVE-2026-8632 HPLIP: HPLIP: Arbitrary code...

Linux Distros Unpatched Vulnerability : CVE-2026-46448

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation. CVE-2026-46448 Note...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : ca-certificates update (USN-8436-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8436-1 advisory. The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained...

Security Update for Microsoft Visual Studio Code (June 2026)

The version of Microsoft Visual Studio Code installed on the remote Windows host is prior to 1.123.2. It is, therefore, affected by multiple vulnerabilities: - Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network. CVE-2026-47281 -...

Oracle PeopleSoft Unauthenticated Java Deserialization SSRF / RCE (CVE-2026-35273)

Binary data oraclepeoplesoftssrfcve202635273.nbin...

Fedora 45 : buildah / containers-common / podman / skopeo (2026-2419096432)

The remote Fedora 45 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-2419096432 advisory. Automatic update for buildah-1.44.0-1.fc45, podman-6.0.0rc1-1.fc45, skopeo-1.23.0-1.fc45, containers- common-0.68.0-1.fc45. Changelog for buildah Wed May 27...

Fedora 44 : librabbitmq (2026-7174ee9a91)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-7174ee9a91 advisory. Version 0.16.0 - 2026-06-08 Security - Fix out-of-bounds read via undersized frames in amqphandleinput GHSA-9mmv-r8g3-qp46, 878 - Fix client crash when serve...

ImageMagick 7.x < 7.1.2-25 Multiple Vulnerabilities

The remote host has a version of ImageMagick 7.x installed that is prior to 7.1.2-25. It is, therefore, affected by multiple vulnerabilities: - A memory corruption vulnerability can result in a denial of service condition. CVE-2026-53465 - A denial of service vulnerability exists that can be...

Oracle Linux 8 : libpng15 (ELSA-2026-26347)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-26347 advisory. 1.5.30-9 - fix CVE-2026-33416: use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE RHEL-161346 Tenable has extracted the preceding description blo...

Linux Distros Unpatched Vulnerability : CVE-2026-12460

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in File System Access. CVE-2026-12460 Note that Nessus relies on the presence of the package as reported by the vendor...

RockyLinux 9 : valkey (RLSA-2026:25925)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:25925 advisory. redis: use-after-free in unblock client flow may allow remote code execution CVE-2026-23479 redis: Remote code execution via use-after-free in Lua...

Linux Distros Unpatched Vulnerability : CVE-2026-12300

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152. CVE-2026-12300 Note that Nessus relies on the presence ...

Fedora 44 : firefox / nss (2026-5eeadd9b1b)

The remote Fedora 44 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-5eeadd9b1b advisory. Update NSS to 3.124.0 Update Firefox to 152.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

openSUSE 16 Security Update : libXpm (openSUSE-SU-2026:20953-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20953-1 advisory. This update for libXpm fixes the following issue: - CVE-2026-4367: out-of-bounds read in xpmNextWord bsc1260928. Tenable has extracted the preceding...

Linux Distros Unpatched Vulnerability : CVE-2026-12323

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. CVE-2026-12323 Note that Nessus relies on the...

Linux Distros Unpatched Vulnerability : CVE-2026-12326

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory safety bugs present in Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort so...

Linux Distros Unpatched Vulnerability : CVE-2026-12303

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Information disclosure due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

ImageMagick < 6.9.13-50 / 7.x < 7.1.2-25 Multiple Vulnerabilities

The remote host has a version of ImageMagick installed that is prior to 6.9.13-50 or 7.x prior to 7.1.2-25. It is, therefore, affected by multiple vulnerabilities, including: - A missing validation in AcquireAlignedMemory could cause memory exhaustion conditions. CVE-2026-53460 - An incorrect loo...

Linux Distros Unpatched Vulnerability : CVE-2026-12293

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. CVE-2026-12293 Note that Nessus relies on the...

Linux Distros Unpatched Vulnerability : CVE-2026-12321

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. CVE-2026-12321 Note that Nessus...

Linux Distros Unpatched Vulnerability : CVE-2026-12322

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. CVE-2026-12322 Note that Nessus relies on the...