EulerOS Virtualization 2.13.0 : curl (EulerOS-SA-2026-2397)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcu...

SAP NetWeaver AS Java Apache Log4j Vulnerability (3726899)

The version of SAP NetWeaver Application Server Java detected on the remote host is affected by a vulnerability in the Apache Log4j library as referenced in SAP Security Note 3726899: - The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname...

Linux Distros Unpatched Vulnerability : CVE-2026-44705

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vulnerability that allows escaping the...

Qnap QTS Incorrect Permission Assignment for Critical Resource (CVE-2025-66276)

QuTS hero is not affected. We have already fixed the vulnerability in the following version: QTS 5.2.7.3256 build 20250913 and later This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

RockyLinux 9 : mod_http2 (RLSA-2026:25057)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:25057 advisory. httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack CVE-2026-49975 Tenable has extracted the preceding description block...

Linux Distros Unpatched Vulnerability : CVE-2026-45674

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's...

Fedora 44 : vaultwarden-web (2026-111cf6d28f)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-111cf6d28f advisory. update to 2026.4.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

Linux Distros Unpatched Vulnerability : CVE-2026-12011

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in WebMIDI in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially...

EulerOS Virtualization 2.13.0 : libssh (EulerOS-SA-2026-2405)

According to the versions of the libssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A weakness has been identified in libssh up to 0.11.3. The impacted element is the function...

Linux Distros Unpatched Vulnerability : CVE-2026-48748

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, a memory exhaustion vulnerability in th...

Linux Distros Unpatched Vulnerability : CVE-2026-12014

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Cast in Google Chrome prior to 149.0.7827.115 allowed an attacker on the local network segment to potentially perform a sandbox escape via...

EulerOS Virtualization 2.13.0 : libgcrypt (EulerOS-SA-2026-2403)

According to the versions of the libgcrypt packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to...

EulerOS Virtualization 2.13.1 : ncurses (EulerOS-SA-2026-2379)

According to the versions of the ncurses packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyzestring in...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Mistral vulnerability (USN-8422-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8422-1 advisory. Eduardo Gonzalez Gutierrez and Arnaud Morin discovered that Mistral did not properly enforce access policies on some API endpoints...

Linux Distros Unpatched Vulnerability : CVE-2026-44486

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios' Node.js HTTP adapter can leak proxy credentials to a redire...

Linux Distros Unpatched Vulnerability : CVE-2026-45416

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final,...

Linux Distros Unpatched Vulnerability : CVE-2026-44967

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenTelemetry-cpp is the C++ implementation of OpenTelemetry. Prior to release 1.27.0, the OTLP HTTP exporters traces/metrics/logs read the full HTTP response...

EulerOS Virtualization 2.13.0 : binutils (EulerOS-SA-2026-2396)

According to the versions of the binutils packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of- bounds read in the bfd...

QEMU 8.1.x < 10.0.10 / 10.2.x < 10.2.3 / 11.0.x < 11.0.1 Privilege Escalation

The version of QEMU installed on the remote Windows host is affected by a privilege escalation vulnerability: - An integer overflow exists in the calcimagehostmem function within the virtio-gpu driver due to the lack of proper validation of user-supplied data before allocating a buffer. A local...

Linux Distros Unpatched Vulnerability : CVE-2026-12023

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in GPU in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform ...

Debian dsa-6343 : amqp-tools - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6343 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6343-1 [email protected] https://www.debian.org/securit...

Python 3.10.x / 3.11.x / 3.12.x / 3.13.x < 3.13.14 / 3.14.x < 3.14.6 Path Traversal

The version of Python installed on the remote Windows host is affected by a path traversal vulnerability. tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction...

Fedora 43 : xorg-x11-server-Xwayland (2026-557e726e74)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-557e726e74 advisory. Update to xwayland 24.1.12, Security fixes for: ZDI-CAN-30136, ZDI-CAN-30159, ZDI-CAN-30160, ZDI-CAN-30161, ZDI-CAN-30163, ZDI-CAN-30164, ZDI-CAN-30165,...

Fedora 43 : vaultwarden (2026-264f9ef567)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-264f9ef567 advisory. update to 1.36.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

RockyLinux 8 : .NET 10.0 (RLSA-2026:25114)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:25114 advisory. dotnet: .NET: Local file tampering via link following vulnerability CVE-2026-45491 dotnet: ASP.NET Core: Denial of Service via uncontrolled resource...

Linux Distros Unpatched Vulnerability : CVE-2026-9638

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable a...

Linux Distros Unpatched Vulnerability : CVE-2026-9753

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The $internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bound...

EulerOS Virtualization 2.13.0 : sqlite (EulerOS-SA-2026-2418)

According to the versions of the sqlite packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows...

Fedora 45 : kubernetes1.33 (2026-05251d4863)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-05251d4863 advisory. Automatic update for kubernetes1.33-1.33.13-1.fc45. Changelog Fri Jun 12 2026 Bradley G Smith - 1.33.13-1 - Update to release 1.33.13 - Resolves: rhbz2467604...

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2026-2423)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : xfrm: esp: avoid in-place decrypt on shared skb fragsCVE-2026-43284 Tenable has extracted the preceding description block directly from the EulerO...

EulerOS Virtualization 2.13.1 : systemd (EulerOS-SA-2026-2390)

According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config...

Linux Distros Unpatched Vulnerability : CVE-2026-12032

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Passwords in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process...

Linux Distros Unpatched Vulnerability : CVE-2026-12025

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer proces...

Linux Distros Unpatched Vulnerability : CVE-2017-20240

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing coul...

Linux Distros Unpatched Vulnerability : CVE-2026-9752

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygo...

Linux Distros Unpatched Vulnerability : CVE-2026-47691

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's...

EulerOS Virtualization 2.13.0 : openssl (EulerOS-SA-2026-2412)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can...

Linux Distros Unpatched Vulnerability : CVE-2026-9741

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption QE or Client-Side Field Level Encryption CSFLE results in...

Linux Distros Unpatched Vulnerability : CVE-2026-9204

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain...

Fedora 43 : chromium (2026-c5c0986fb6)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-c5c0986fb6 advisory. Update to 149.0.7827.102 CVE-2026-11628: Use after free in Ozone CVE-2026-11629: Use after free in Ozone CVE-2026-11630: Use after free in File Inpu...

Linux Distros Unpatched Vulnerability : CVE-2026-12012

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Network in Google Chrome prior to 149.0.7827.115 allowed an attacker in a privileged network position to potentially exploit heap corruption v...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : lwIP vulnerabilities (USN-8423-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8423-1 advisory. It was discovered that lwIP contained a buffer overflow in the EAP authentication handling code. An attacker could...

Veeam Software Appliance < 13.0.2.29 Arbitrary File Write (CVE-2026-32997)

The version of Veeam Backup and Replication Veeam Software Appliance installed on the remote Linux host is prior to 13.0.2.29. It is, therefore, affected by a vulnerability that allows an authenticated user with the Backup Administrator role to write arbitrary files on the Linux-based Veeam Backu...

Linux Distros Unpatched Vulnerability : CVE-2026-9750

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing...

Ubuntu 26.04 LTS : Ubuntu Kylin Software Center vulnerability (USN-8424-1)

The remote Ubuntu 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8424-1 advisory. It was discovered that Ubuntu Kylin Software Center incorrectly handled user-supplied input in its D-Bus service. A local attacker could possibly use this issue t...

Linux Distros Unpatched Vulnerability : CVE-2026-8589

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab EE affecting all versions from 13.1.4 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain...

Debian dsa-6342 : jpeg-xl-doc - security update

The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6342 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6342-1 [email protected] https://www.debian.org/security/ Moritz...

Fedora 43 : vaultwarden-web (2026-064873552d)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-064873552d advisory. update to 2026.4.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

Linux Distros Unpatched Vulnerability : CVE-2026-45536

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, nettyunixsocketrecvF...

EulerOS Virtualization 2.13.1 : sqlite (EulerOS-SA-2026-2389)

According to the versions of the sqlite packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows...