337660 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-53702
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library gst-plugins-bad. When parsing a buffering period SEI message, the parser uses...
Fedora 44 : vaultwarden (2026-e14ea170b6)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-e14ea170b6 advisory. update to 1.36.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...
Linux Distros Unpatched Vulnerability : CVE-2026-46340
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is a network application framework for development of protocol servers and clients. In versions of netty-transport-sctp prior to 4.1.135.Final and...
Linux Distros Unpatched Vulnerability : CVE-2026-44487
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios's Node.js HTTP adapter may forward a Proxy-Authorization...
Linux Distros Unpatched Vulnerability : CVE-2026-9740
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The...
Linux Distros Unpatched Vulnerability : CVE-2026-9754
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command...
Linux Distros Unpatched Vulnerability : CVE-2026-44894
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is a network application framework for development of protocol servers and clients. NoQuicTokenHandler is the tokenHandler used when the application does...
EulerOS Virtualization 2.13.0 : polkit (EulerOS-SA-2026-2413)
According to the versions of the polkit packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the...
EulerOS Virtualization 2.13.1 : expat (EulerOS-SA-2026-2369)
According to the versions of the expat packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory...
Linux Distros Unpatched Vulnerability : CVE-2026-47244
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final,...
Linux Distros Unpatched Vulnerability : CVE-2026-12015
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Autofill in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to obtain potentially...
MongoDB 7.0.x < 7.0.35 / 8.0.x < 8.0.24 / 8.2.x < 8.2.10 / 8.3.x < 8.3.3 / 9.0.0-rc0 Multiple Vulnerabilities
The version of MongoDB installed on the remote host is 7.0.x prior to 7.0.35, 8.0.x prior to 8.0.24, 8.2.x prior to 8.2.10, or 8.3.x prior to 8.3.3. It is, therefore, affected by multiple vulnerabilities: - A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable...
Linux Distros Unpatched Vulnerability : CVE-2026-50009
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, Netty QUIC exposes the stateless reset...
RockyLinux 10 : valkey (RLSA-2026:25216)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:25216 advisory. redis: use-after-free in unblock client flow may allow remote code execution CVE-2026-23479 redis: Remote code execution via use-after-free in Lua...
EulerOS Virtualization 2.13.1 : python-pyasn1 (EulerOS-SA-2026-2387)
According to the versions of the python-pyasn1 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the pyasn1 library is vulnerable to a Denial of Service DoS...
MiracleLinux 8 : postgresql-jdbc-42.2.14-4.el8_10 (AXSA:2026-782:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-782:01 advisory. jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication CVE-2026-42198 Tenable has extracted the preceding...
SAP NetWeaver AS ABAP XML Signature Wrapping in SAML Authentication (3746332)
The version of SAP NetWeaver AS ABAP and ABAP Platform detected on the remote host is affected by an XML signature wrapping vulnerability in SAML authentication as referenced in SAP Security Note 3746332: - SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker...
Security Updates for Microsoft Excel Products C2R (June 2026)
The Microsoft Excel Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - Integer underflow wrap or wraparound in Microsoft Office Excel allows an unauthorized attacker to execute code locally. CVE-2026-44817, CVE-2026-44818, CVE-2026-44820,...
Security Updates for Microsoft Dynamics 365 (on-premises) (June 2026)
The Microsoft Dynamics 365 on-premises is missing a security update. It is, therefore, affected by a vulnerability: - Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 on-premises allows an authorized attacker to elevate privileges over a network. CVE-2026-4037...
Linux Distros Unpatched Vulnerability : CVE-2026-11822
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQLite before 3.53.2 contains memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory...
EulerOS Virtualization 2.13.1 : avahi (EulerOS-SA-2026-2365)
According to the versions of the avahi packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc...
Linux Distros Unpatched Vulnerability : CVE-2026-11816
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in keras/src/utils/fileutils.py. The functio...
EulerOS 2.0 SP11 : kernel (EulerOS-SA-2026-2424)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : xfrm: esp: avoid in-place decrypt on shared skb fragsCVE-2026-43284 Tenable has extracted the preceding description block directly from the EulerO...
Fedora 45 : kubernetes1.34 (2026-18d1f457ba)
The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-18d1f457ba advisory. Automatic update for kubernetes1.34-1.34.9-1.fc45. Changelog Fri Jun 12 2026 Bradley G Smith - 1.34.9-1 - Update to release v1.34.9 - Resolves: rhbz2467605 -...
EulerOS Virtualization 2.13.1 : libgcrypt (EulerOS-SA-2026-2374)
According to the versions of the libgcrypt packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to...
EulerOS Virtualization 2.13.1 : polkit (EulerOS-SA-2026-2384)
According to the versions of the polkit packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the...
Linux Distros Unpatched Vulnerability : CVE-2026-12010
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap buffer overflow in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentiall...
Fedora 43 : kernel (2026-75fcc75b5f)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-75fcc75b5f advisory. The 7.0.12-101/201 updates contain fixes for CVE-2025-10263. This CVE, while important, only impacts specific aarch64 CPUs. Tenable has extracted the precedi...
AlmaLinux 9 : kernel (ALSA-2026:24381)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:24381 advisory. kernel: smb: client: fix OOB reads parsing symlink error response CVE-2026-31613 kernel: Buffer overflow in drivers/xen/sys-hypervisor.c CVE-2026-31786...
Fedora 44 : kernel (2026-8b619eef6f)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-8b619eef6f advisory. The 7.0.12-101/201 updates contain fixes for CVE-2025-10263. This CVE, while important, only impacts specific aarch64 CPUs. Tenable has extracted the precedi...
EulerOS Virtualization 2.13.1 : python-pip (EulerOS-SA-2026-2386)
According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable...
EulerOS Virtualization 2.13.0 : python-pip (EulerOS-SA-2026-2415)
According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable...
Amazon Linux 2023 : docker (ALAS2023-2026-1835)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1835 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an...
Amazon Linux 2 : docker, --advisory ALAS2NITRO-ENCLAVES-2026-110 (ALASNITRO-ENCLAVES-2026-110)
The version of docker installed on the remote host is prior to 25.0.16-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-110 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680...
Amazon Linux 2 : docker, --advisory ALAS2DOCKER-2026-129 (ALASDOCKER-2026-129)
The version of docker installed on the remote host is prior to 25.0.16-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-129 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing...
RockyLinux 8 : kernel (RLSA-2026:25121)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:25121 advisory. kernel: geneve: Fix use-after-free in genevefinddev. CVE-2025-21858 kernel: smc: Fix use-after-free in tcpwritetimerhandler CVE-2023-53781 kernel: nbd:...
RockyLinux 8 : kernel-rt (RLSA-2026:25120)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:25120 advisory. kernel: geneve: Fix use-after-free in genevefinddev. CVE-2025-21858 kernel: smc: Fix use-after-free in tcpwritetimerhandler CVE-2023-53781 kernel: nbd:...
Spring Framework 5.3.x < 5.3.49 Multiple Vulnerabilities
The version of Spring Framework installed on the remote host is 5.3.x prior to 5.3.49. It is, therefore, affected by multiple vulnerabilities: - Spring WebFlux applications may be vulnerable to a security bypass when using the Kotlin Router DSL. CVE-2026-41847 - An integer overflow vulnerability...
MongoDB 8.3.x < 8.3.3 Information Disclosure
The version of MongoDB installed on the remote host is 8.3.x prior to 8.3.3. It is, therefore, affected by an information disclosure vulnerability: - MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metri...
QEMU 8.1.x < 10.0.10 / 10.2.x < 10.2.3 / 11.0.x < 11.0.1 Privilege Escalation
The version of QEMU installed on the remote Windows host is affected by a privilege escalation vulnerability: - An integer overflow exists in the calcimagehostmem function within the virtio-gpu driver due to the lack of proper validation of user-supplied data before allocating a buffer. A local...
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (Azure) vulnerabilities (USN-8426-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8426-1 advisory. It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Cop...
Linux Distros Unpatched Vulnerability : CVE-2026-44288
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs includes a minimal UTF-8 decoder that accepted...
AlmaLinux 9 : samba (ALSA-2026:25049)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:25049 advisory. samba: Missing access check on reparse point operations CVE-2026-1933 samba: vfsworm does not block directory modification CVE-2026-2340 samba: group...
Oracle Linux 7 : firefox (ELSA-2026-3984)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-3984 advisory. - Update to 140.8.0 ESR Orabug: 39361647CVE-2026-2447CVE-2026-2757 CVE-2026-2758CVE-2026-2759CVE-2026-2760CVE-2026-2761CVE-2026-2762...
AlmaLinux 10 : poppler (ALSA-2026:24985)
The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:24985 advisory. poppler: Integer overflow in Poppler SplashOutputDev::tilingPatternFill leads to heap buffer overflow via unchecked dimension multiplication CVE-2026-10118 Tenab...
RockyLinux 10 : samba (RLSA-2026:22963)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:22963 advisory. samba: Missing access check on reparse point operations CVE-2026-1933 samba: vfsworm does not block directory modification CVE-2026-2340 samba: group...
MiracleLinux 8 : poppler-20.11.0-14.el8_10 (AXSA:2026-780:03)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-780:03 advisory. poppler: Integer overflow in Poppler SplashOutputDev::tilingPatternFill leads to heap buffer overflow via unchecked dimension multiplication CVE-2026-10118...
RHEL 10 : poppler (RHSA-2026:24985)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:24985 advisory. Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: Integer overflow in...
Oracle Linux 8 : poppler (ELSA-2026-24984)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-24984 advisory. - Fix integer overflow in tilingPatternFill CVE-2026-10118 Tenable has extracted the preceding description block directly from the Oracle Linux security...
RHEL 9 : poppler (RHSA-2026:25058)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:25058 advisory. Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: Integer overflow in Poppl...