Mozilla Thunderbird < 152.0

The version of Thunderbird installed on the remote Windows host is prior to 152.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-60 advisory. - Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

Mozilla Firefox < 152.0

The version of Firefox installed on the remote Windows host is prior to 152.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-57 advisory. - Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

Mozilla Thunderbird < 140.12

The version of Thunderbird installed on the remote Windows host is prior to 140.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-61 advisory. - Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox E...

RHEL 9 : podman (RHSA-2026:26445)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26445 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods...

Mozilla Firefox ESR < 140.12

The version of Firefox ESR installed on the remote Windows host is prior to 140.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-58 advisory. - Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some o...

Mozilla Firefox ESR < 115.37

The version of Firefox ESR installed on the remote Windows host is prior to 115.37. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-59 advisory. - Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and...

Alibaba Cloud Linux 3 : 0157: libyang (ALINUX3-SA-2026:0157)

The remote Alibaba Cloud Linux 3 host has a package installed that is affected by a vulnerability as referenced in the ALINUX3-SA-2026:0157 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-44673: libyang is a YANG data modeling...

RHEL 8 : mysql:8.4 (RHSA-2026:26180)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26180 advisory. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and...

AlmaLinux 8 : mysql:8.4 (ALSA-2026:26180)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:26180 advisory. mysql: InnoDB unspecified vulnerability CPU Apr 2026 CVE-2026-22004 mysql: Information Schema unspecified vulnerability CPU Apr 2026 CVE-2026-22001 mysql...

RockyLinux 8 : mysql:8.4 (RLSA-2026:26180)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26180 advisory. mysql: InnoDB unspecified vulnerability CPU Apr 2026 CVE-2026-22004 mysql: Information Schema unspecified vulnerability CPU Apr 2026 CVE-2026-22001 mysq...

AlmaLinux 8 : mysql:8.0 (ALSA-2026:25919)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:25919 advisory. mysql: InnoDB unspecified vulnerability CPU Apr 2026 CVE-2026-22004 mysql: Information Schema unspecified vulnerability CPU Apr 2026 CVE-2026-22001 mysql...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : ADSys vulnerabilities (USN-8430-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8430-1 advisory. It was discovered that ADSys did not properly handle certain HTTP/2 frames. A remote attacker could possibly...

MiracleLinux 8 : dotnet8.0-8.0.128-1.el8_10.ML.1 (AXSA:2026-787:10)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-787:10 advisory. dotnet: .NET: Local file tampering via link following vulnerability CVE-2026-45491 dotnet: ASP.NET Core: Denial of Service via uncontrolled resource...

Debian dla-4628 : linux-base - security update

The remote Debian 12 host has a package installed that is affected by a vulnerability as referenced in the dla-4628 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4628-1 [email protected] https://www.debian.org/lts/security/ B...

RHEL 7 : libtiff (RHSA-2026:25910)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:25910 advisory. The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: libtiff: Arbitrar...

Linux Distros Unpatched Vulnerability : CVE-2026-49452

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - weasyprint - None Ubuntu Linux - Unknown description CVE-2026-49452 Note that Nessus relies on the presence of the package as reported by the...

Arista Networks EOS Tunnel Decapsulation Improper Validation (SA0137)

On affected platforms running Arista EOS where a tunnel decapsulation configuration - such as VXLAN Virtual Extensible LAN, decap-groups, or a GRE Generic Routing Encapsulation tunnel interface - is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packets wit...

RHEL 8 : webkit2gtk3 (RHSA-2026:25918)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25918 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously...

Fedora 45 : perl-Crypt-DSA (2026-cf622b92d7)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-cf622b92d7 advisory. Automatic update for perl-Crypt-DSA-1.21-1.fc45. Changelog Mon Jun 15 2026 Paul Howarth - 1.21-1 - Update to 1.21 - Fixed key material reuse for multiple...

Linux Distros Unpatched Vulnerability : CVE-2026-8357

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening...

Linux Distros Unpatched Vulnerability : CVE-2026-6039

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LibreOffice can import drawings in the DXF format used by CAD software. A heap buffer overflow existed when importing a DXF polyline. The point count taken from...

RHEL 9 : osbuild-composer (RHSA-2026:26054)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26054 advisory. A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building...

AlmaLinux 10 : postfix (ALSA-2026:25930)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:25930 advisory. postfix: buffer over-read via malformed enhanced status code CVE-2026-43964 Tenable has extracted the preceding description block directly from the AlmaLinux...

Debian dsa-6345 : libgd-perl - security update

The remote Debian 13 host has a package installed that is affected by a vulnerability as referenced in the dsa-6345 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6345-1 [email protected] https://www.debian.org/security/...

RHEL 9 : gimp (RHSA-2026:25899)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25899 advisory. The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox,...

Linux Distros Unpatched Vulnerability : CVE-2026-11850

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer underflow vulnerability was found in MIT krb5 in the berval2tldata function in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c. The function performs an...

RHEL 8 : redis:6 (RHSA-2026:26008)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26008 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and...

MiracleLinux 8 : httpd:2.4 (AXSA:2026-786:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-786:01 advisory. httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack CVE-2026-49975 Tenable has extracted the preceding description block...

AlmaLinux 10 : mod_http2 (ALSA-2026:25225)

The remote AlmaLinux 10 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2026:25225 advisory. httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack CVE-2026-49975 Tenable has extracted the preceding description block...

TencentOS Server 3: httpd:2.4 (TSSA-2026:0498)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0498 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

RHEL 8 : postfix (RHSA-2026:25932)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:25932 advisory. The postfix packages provide a Mail Transport Agent MTA, which supports protocols like LDAP, SMTP AUTH SASL, and TLS. Security Fixes: postfix: buffe...

Linux Distros Unpatched Vulnerability : CVE-2026-6040

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against...

Debian dla-4630 : libcrypto1.1-udeb - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4630 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4630-1 [email protected]...

RHEL 8 : libssh (RHSA-2026:25911)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:25911 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: Incorrect...

Linux Distros Unpatched Vulnerability : CVE-2026-53704

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO...

Linux Distros Unpatched Vulnerability : CVE-2026-52719

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG parser reads a segment length value from the...

RHEL 9 : samba (RHSA-2026:25979)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25979 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...

Linux Distros Unpatched Vulnerability : CVE-2026-12216

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A weakness has been identified in svaarala duktape up to 2.99.99. This issue affects some unknown processing of the file dukapibytecode.c. Executing a...

Linux Distros Unpatched Vulnerability : CVE-2026-53703

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in the GStreamer RealMedia demuxer gst-plugins-ugly. When processing a RealMedia .rm file, the demuxer parses MDPR media properties...

Debian dsa-6347 : bird2 - security update

The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6347 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6347-1 [email protected] https://www.debian.org/security/ Moritz...

Linux Distros Unpatched Vulnerability : CVE-2025-71330

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a...

Linux Distros Unpatched Vulnerability : CVE-2026-48096

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenFGA is an authorization/permission engine built for developers. Prior to version 1.16.0, when iterator caching is enabled, two distinct check requests can...

Oracle Linux 7 : gstreamer-plugins-base / and / gstreamer-plugins-good (ELSA-2026-7850)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-7850 advisory. - Security update CVE-2026-2921 Orabug: 39201593 gstreamer-plugins-good Tenable has extracted the preceding description block directly from the Oracle...

Fedora 45 : sudo (2026-41453e7fa4)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-41453e7fa4 advisory. Automatic update for sudo-1.9.17-13.p2.fc45. Changelog Mon Jun 15 2026 Alejandro Lpez - 1.9.17-12.p2 - Removed some unneeded build-time dependencies Mon Jun ...

Debian dla-4556 : dovecot-auth-lua - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4556 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4556-1 [email protected]...

RHEL 9 : valkey (RHSA-2026:25925)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25925 advisory. Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, se...

RHEL 9 : gimp (RHSA-2026:25907)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25907 advisory. The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox,...

FreeBSD : libsmi -- Buffer overflow in the smiGetNode function in lib/smi (76b09b16-638b-11f1-8e16-901b0e13f1a0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 76b09b16-638b-11f1-8e16-901b0e13f1a0 advisory. http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html reports: Buffer overflow in...

RHEL 10 : systemd (RHSA-2026:25900)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:25900 advisory. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive...

Linux Distros Unpatched Vulnerability : CVE-2026-10143

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker ...