RHEL 9 : Red Hat OpenStack Platform 17.1 (openstack-keystone) (RHSA-2026:28044)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28044 advisory. Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. Security Fixes: OpenStack Keystone:...

Oracle Linux 9 : python-jwcrypto (ELSA-2026-19197)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-19197 advisory. 1.5.6-3 - Limit max plaintext size for JWE decompression Resolves: RHEL-166029 Tenable has extracted the preceding description block directly from the Oracle...

Automated Logic WebCTRL Storing Passwords in a Recoverable Format (CVE-2025-14295)

CWE-257 Storing Passwords in a Recoverable Format vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. An attacker with elevated access can retrieve passwords stored in a recoverable format, potentially compromising credentials and neighboring...

Linux Distros Unpatched Vulnerability : CVE-2026-54265

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, an...

Automated Logic WebCTRL Cross-site Scripting (CVE-2024-5540)

CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products in versions older than 8.0. Untrusted data is included in web pages without proper validation, allowing...

Vertiv Liebert SiteScan Improper Validation of Array Index (CVE-2025-0657)

CWE-129 Improper Validation of Array Index vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. Software uses an array index that has not been properly validated to ensure it falls within valid array bounds. This can result in out-of-bounds access,...

Linux Distros Unpatched Vulnerability : CVE-2026-49241

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. Prior to 21.2.4, the client-side Angular Language Servi...

Oracle Linux 9 : corosync (ELSA-2026-19200)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19200 advisory. - totemsrp: Return error if sanity check fails fixes CVE-2026-35091 - totemsrp: Fix integer overflow in membjoinsanity fixes CVE-2026-35092 Tenable ha...

RHEL 10 : samba (RHSA-2026:28055)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28055 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...

Linux Distros Unpatched Vulnerability : CVE-2026-49461

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to large memory...

Schneider (CVE-2025-13901)

CWE-404 Improper Resource Shutdown or Release vulnerability exists that could cause partial Denial of Service on Machine Expert protocol when an unauthenticated attacker sends malicious payload to occupy active communication channels. This plugin only works with Tenable.ot. Please visit...

Linux Distros Unpatched Vulnerability : CVE-2026-54266

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, an...

Oracle Linux 9 : gdk-pixbuf2 (ELSA-2026-19210)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19210 advisory. - Backport fixes for CVE-2026-5201 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has...

Linux Distros Unpatched Vulnerability : CVE-2026-50184

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.1...

Linux Distros Unpatched Vulnerability : CVE-2026-55653

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie- Hellman Group Exchange DH-GEX client path. This occur...

Linux Distros Unpatched Vulnerability : CVE-2026-55654

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI Generic Security Service Application Programming...

Linux Distros Unpatched Vulnerability : CVE-2026-50168

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.1...

Oracle WebLogic Server Multiple Vulnerabilities (June 2026 CSPU)

The 12.2.1.4.0 and 14.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the June 2026 CSPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Console. Supported versions th...

Carrier Corporation i-VU Cross-site Scripting (CVE-2024-5540)

CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products in versions older than 8.0. Untrusted data is included in web pages without proper validation, allowing...

Linux Distros Unpatched Vulnerability : CVE-2026-54530

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loo...

Linux Distros Unpatched Vulnerability : CVE-2026-53539

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, when parsing application/x-www-form-urlencoded bodies, QuerystringParser located t...

Linux Distros Unpatched Vulnerability : CVE-2026-54911

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps or ujson.dump or ujson.encode have a...

Automated Logic WebCTRL Incorrect Authorization (CVE-2024-5539)

CWE-863 Incorrect Authorization vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The system fails to perform adequate authorization checks, allowing an actor to perform actions or access resources without proper entitlement, leading to...

Linux Distros Unpatched Vulnerability : CVE-2026-54264

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, an...

Linux Distros Unpatched Vulnerability : CVE-2026-50169

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.1...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : HAProxy vulnerabilities (USN-8459-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8459-1 advisory. It was discovered that HAProxy incorrectly handled the FCGI demultiplexer record length field. A remote attacker could...

Oracle Linux 9 : qemu-kvm (ELSA-2026-18772)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-18772 advisory. 10.1.0-17 - kvm-mirror-Fix-missed-dirty-bitmap-writes-during-startup.patch RHEL-155947 RHEL-155948 - kvm-linux-aio-Put-all-parameters-into-qemulaiocb.patch...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : MySQL vulnerabilities (USN-8457-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8457-1 advisory. It was discovered that MySQL Router incorrectly handled repeated TLS protocol upgrade requests. An unauthenticated remote...

Vertiv Liebert SiteScan Cross-site Scripting (CVE-2024-8528)

CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. User input is not properly sanitized, allowing injection of malicious scripts into web pages viewed by...

RHEL 8 : samba (RHSA-2026:28057)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28057 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...

Linux Distros Unpatched Vulnerability : CVE-2026-55599

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - phpseclib is a PHP secure communications library. From 0.1.1 until 1.0.30, 2.0.55, and 3.0.54, when an application validates an untrusted X.509 certificate with...

Linux Distros Unpatched Vulnerability : CVE-2026-53538

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, QuerystringParser treated ; as a field separator in...

Linux Distros Unpatched Vulnerability : CVE-2026-9029

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug. sanitizeTextPanelContent runs on the raw template string before...

Ubuntu 25.10 / 26.04 LTS : libxml2 vulnerabilities (USN-8460-1)

The remote Ubuntu 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8460-1 advisory. It was discovered that libxml2 did not properly release memory allocated in the xmllint utility. An attacker could possibly use this issue to cau...

Oracle WebLogic Server Multiple Vulnerabilities (June 2026 CSPU) (14.1.2.0.0 / 15.1.1.0.0)

The 14.1.2.0.0 and 15.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the June 2026 CSPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Console. Supported versions th...

Automated Logic WebCTRL Improper Validation of Array Index (CVE-2025-0657)

CWE-129 Improper Validation of Array Index vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. Software uses an array index that has not been properly validated to ensure it falls within valid array bounds. This can result in out-of-bounds access,...

RHEL 9 : samba (RHSA-2026:28054)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28054 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...

Oracle WebLogic Server Remote Takeover (June 2026 CSPU)

The 12.2.1.4.0 and 14.1.2.0.0 versions of WebLogic Server installed on the remote host are affected by a vulnerability as referenced in the June 2026 CSPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : nginx vulnerabilities (USN-8458-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8458-1 advisory. It was discovered that nginx incorrectly handled large headers when proxying HTTP/2 traffic. A remote attacker could use...

Carrier Corporation i-VU Cross-site Scripting (CVE-2024-8528)

CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. User input is not properly sanitized, allowing injection of malicious scripts into web pages viewed by...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : Netatalk vulnerabilities (USN-8455-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8455-1 advisory. Arjun Basnet discovered that Netatalk improperly validated inputs when...

Oracle Linux 9 : mingw-glib2 (ELSA-2026-18705)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-18705 advisory. 2.78.6-3 - Resolves: RHEL-131012 - CVE-2025-13601 mingw-glib2: Integer overflow in in gescapeuristring Tenable has extracted the preceding description block...

Vertiv Liebert SiteScan Incorrect Authorization (CVE-2024-5539)

CWE-863 Incorrect Authorization vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The system fails to perform adequate authorization checks, allowing an actor to perform actions or access resources without proper entitlement, leading to...

Vertiv Liebert SiteScan Open Redirect (CVE-2024-8527)

CWE-601 URL Redirection to Untrusted Site 'Open Redirect' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The application accepts a user-supplied URL and redirects without proper validation, allowing attackers to exploit user sessions through ...

Oracle Linux 9 : firefox (ELSA-2026-19201)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19201 advisory. 140.10.0-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079773 - Add firefox-oracle-default-prefs.js and remove the corresponding R...

Oracle Linux 9 : libssh (ELSA-2026-18683)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-18683 advisory. - Resolves: CVE-2025-4877 - Resolves: CVE-2025-4878 - Resolves: CVE-2025-5351 - Resolves: CVE-2025-8114 - Resolves: CVE-2025-8277 - Resolves:...

JetBrains YouTrack < 2024.2.148429 / < 2024.3.148430 / < 2025.1.148120 / < 2025.2.148048 / < 2025.3.148033 / < 2026.1.13757 Authentication Bypass (CVE-2026-50242)

The version of JetBrains YouTrack installed on the remote host is prior to 2024.2.148429, 2024.3.x prior to 2024.3.148430, 2025.1.x prior to 2025.1.148120, 2025.2.x prior to 2025.2.148048, 2025.3.x prior to 2025.3.148033, or 2026.1.x prior to 2026.1.13757. It is, therefore, affected by an...

Linux Distros Unpatched Vulnerability : CVE-2026-54267

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, an...

Linux Distros Unpatched Vulnerability : CVE-2026-54268

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, an...

Photon OS 5.0: Linux PHSA-2026-5.0-0890

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0890. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...