MiracleLinux 8 : frr-7.5.1-24.el8_10 (AXSA:2026-771:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-771:01 advisory. frr: denial of service via crafted FlowSpec component CVE-2026-37457 Tenable has extracted the preceding description block directly from the MiracleLinux...

Linux Distros Unpatched Vulnerability : CVE-2026-11633

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a malicious peripheral...

KB5094042: Windows Server 2012 Security Update (June 2026)

The remote Windows host is missing security update 5094042. It is, therefore, affected by multiple vulnerabilities - Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network. CVE-2026-47291 - Heap-based buffer overflow in Remote Desktop...

Linux Distros Unpatched Vulnerability : CVE-2026-42487

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HVM guest I/O port accesses are subject to either emulation or at least translation. Translations are managed by the device model via XENDOMCTLioportmapping, an...

EulerOS 2.0 SP11 : libsoup (EulerOS-SA-2026-2251)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in th...

Linux Distros Unpatched Vulnerability : CVE-2026-11679

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Codecs in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially...

Linux Distros Unpatched Vulnerability : CVE-2026-11656

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.103 allowed an attacker who convinced a user to install a malicious extension to potentiall...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-42507)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-42507 advisory. - When returning errors, functions in the net/textproto package would include its input as part ...

Linux Distros Unpatched Vulnerability : CVE-2026-46316

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry vgicitsinvalidatecache walks the per-ITS translation cache with xaforeach a...

Linux Distros Unpatched Vulnerability : CVE-2026-46318

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Revert mm/hugetlbfs: update hugetlbfs to use mmapprepare This reverts commit ea52cb24cd3f mm/hugetlbfs: update hugetlbfs to use mmapprepare with conflict...

Fedora 43 : xorg-x11-server (2026-c3ea7d7b0e)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-c3ea7d7b0e advisory. Update to xserver 21.1.23, Security fixes for: ZDI-CAN-30136, ZDI-CAN-30159, ZDI-CAN-30160, ZDI-CAN-30161, ZDI-CAN-30163, ZDI-CAN-30164, ZDI-CAN-30165,...

Fedora 44 : pcs (2026-d420bebe72)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-d420bebe72 advisory. - Updated standalone web UI and HA Cluster Management Cockpit application to pcs-web-ui 0.1.24.3 see CHANGELOGWUI.md - Fixed a crash when running pcs...

RHEL 7 : libsoup (RHSA-2026:24722)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:24722 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Information disclosure via cleartext...

Linux Distros Unpatched Vulnerability : CVE-2026-11686

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Dawn in Google Chrome on macOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer...

SolarWinds Serv-U 15.5.0 < 15.5.5

The version of SolarWinds Serv-U installed on the remote host is prior to 15.5.4 HF1. It is, therefore, affected by a vulnerability as referenced in the solarwindsserv-u1554hf1 advisory. - SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without...

Linux Distros Unpatched Vulnerability : CVE-2026-11683

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in WebCodecs in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML pag...

Adobe Acrobat < 24.001.30383 / 26.001.21662 Multiple Vulnerabilities (APSB26-63) (macOS)

The version of Adobe Acrobat installed on the remote macOS host is a version prior to 24.001.30383 or 26.001.21662. It is, therefore, affected by multiple vulnerabilities. - Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Stack-based Buffer Overflow vulnerability...

Linux Distros Unpatched Vulnerability : CVE-2026-11695

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

Linux Distros Unpatched Vulnerability : CVE-2026-11663

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Skia in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a...

Linux Distros Unpatched Vulnerability : CVE-2026-46321

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tun: free page on short-frame rejection in tunxdpone tunxdpone returns -EINVAL on a frame shorter than ETHHLEN without freeing the page that vhostnetbuildxdp...

RHEL 8 : firefox (RHSA-2026:24755)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:24755 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

EulerOS 2.0 SP11 : linux-sgx (EulerOS-SA-2026-2216)

According to the versions of the linux-sgx packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypass...

Veeam Service Provider Console < 9.2.1.33875 (kb4856)

The version of Veeam Service Provider Console installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the kb4856 advisory. - This vulnerability in Veeam Service Provider Console allows for remote code execution. CVE-2026-32998 Note...

Linux Distros Unpatched Vulnerability : CVE-2026-29167

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use After Free vulnerability in Apache HTTP Server with modldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67...

Linux Distros Unpatched Vulnerability : CVE-2026-29170

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory...

EulerOS 2.0 SP11 : mesa (EulerOS-SA-2026-2217)

According to the versions of the mesa packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an...

OpenSSL 3.4.0 < 3.4.6 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.4.6. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.4.6 advisory. - Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification...

EulerOS 2.0 SP11 : openssh (EulerOS-SA-2026-2220)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenSSH before 10.3 mishandles the authorizedkeys principals option in uncommon scenarios involving a principals list in conjunction with a...

EulerOS 2.0 SP11 : gnutls (EulerOS-SA-2026-2206)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in GnuTLS. This vulnerability allows a denial of service DoS by excessive CPU Central Processing Unit and memory consumption via...

Security Updates for Microsoft SharePoint Server 2019 (June 2026)

The Microsoft SharePoint Server 2019 installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attack...

Linux Distros Unpatched Vulnerability : CVE-2026-11786

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when processing attribute types with trailing semicolons during...

Linux Distros Unpatched Vulnerability : CVE-2026-41850

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Applications that evaluate user-supplied Spring Expression Language SpEL expressions are vulnerable to an Algorithmic Denial of Service DoS. By providing a...

EulerOS 2.0 SP11 : polkit (EulerOS-SA-2026-2259)

According to the versions of the polkit packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the polkit-agent-helper-1...

Security Updates for Microsoft Office Online Server (June 2026)

The Microsoft Office Online Server or Office Web Apps installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Integer underflow wrap or wraparound in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

EulerOS 2.0 SP11 : libsoup (EulerOS-SA-2026-2213)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in th...

Linux Distros Unpatched Vulnerability : CVE-2009-10007

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Catalyst::Plugin::Authentication versions before 0.10027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not...

Oracle Linux 10 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50304)

The remote Oracle Linux 10 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-50304 advisory. - arm64: errata: Mitigate TLBI errata on various Arm CPUs Mark Rutland Orabug: 39017589 CVE-2025-10263 Tenable has extracted the preceding description blo...

Linux Distros Unpatched Vulnerability : CVE-2026-11692

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Read Anything in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perfo...

Linux Distros Unpatched Vulnerability : CVE-2026-46289

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lib/scatterlist: fix length calculations in extractkvectosg Patch series Fix bugs in extractitertosg, v3. Fix bugs in the kvec and user variants of...

MiracleLinux 8 : unbound-1.16.2-5.11.el8_10 (AXSA:2026-768:04)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-768:04 advisory. unbound: Heap overflow and crash with multiple nsid, cookie, padding EDNS options CVE-2026-42944 unbound: Unbound DNSSEC Validator Denial of Service...

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2026-2209)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : crypto: algifaead - Revert to operating out-of-placeCVE-2026-31431 nfsd: fix RELEASELOCKOWNERCVE-2024-26629 bonding: limit BONDMODE8023AD to...

EulerOS 2.0 SP11 : libtiff (EulerOS-SA-2026-2253)

According to the versions of the libtiff packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile...

Linux Distros Unpatched Vulnerability : CVE-2026-41847

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring WebFlux applications may be vulnerable to a security bypass when using the Kotlin Router DSL. Affected versions: Spring Framework 5.3.0 through 5.3.48...

Linux Distros Unpatched Vulnerability : CVE-2026-46294

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dm: fix a buffer overflow in ioctl processing Tony Asleson using Claude found a buffer overflow in dm- ioctl in the function retrievestatus: 1. The code in...

Linux Distros Unpatched Vulnerability : CVE-2026-11785

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial stack address information to be disclosed ...

Linux Distros Unpatched Vulnerability : CVE-2026-40982

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud- config-server module. A malicious user, or attacker,...

Linux Distros Unpatched Vulnerability : CVE-2026-46325

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGESIZE The current implementation incorrectly handles memory regions MRs with page sizes different fr...

Linux Distros Unpatched Vulnerability : CVE-2026-11690

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds read and write in Media in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to...

Linux Distros Unpatched Vulnerability : CVE-2026-11650

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

OpenSSL 3.6.0 < 3.6.3 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.6.3. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.6.3 advisory. - Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification...