KB5094126: Windows 11 Version 24H2 / Windows 11 Version 25H2 Security Update (June 2026)

The remote Windows host is missing security update 5094126. It is, therefore, affected by multiple vulnerabilities - Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. CVE-2026-42909, CVE-2026-42913, CVE-2026-42985, CVE-2026-42992,...

Oracle Linux 10 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50304)

The remote Oracle Linux 10 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-50304 advisory. - arm64: errata: Mitigate TLBI errata on various Arm CPUs Mark Rutland Orabug: 39017589 CVE-2025-10263 Tenable has extracted the preceding description blo...

Linux Distros Unpatched Vulnerability : CVE-2026-41838

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequa...

Linux Distros Unpatched Vulnerability : CVE-2026-11639

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Compositing in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML page...

Linux Distros Unpatched Vulnerability : CVE-2026-48913

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use After Free vulnerability in Apache HTTP Server module modhttp2 when file handles are already exhausted. This issue affects Apache HTTP Server: from 2.4.55...

Security Updates for Microsoft Excel Products (June 2026)

The Microsoft Excel Products are missing a security update. They are, therefore, affected by multiple vulnerabilities: - Integer underflow wrap or wraparound in Microsoft Office Excel allows an unauthorized attacker to execute code locally. CVE-2026-44817, CVE-2026-44818, CVE-2026-44820,...

Fedora 44 : mingw-objfw (2026-2aa17af701)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-2aa17af701 advisory. Update to 1.5.5, containing many bug fixes, some also security related. Tenable has extracted the preceding description block directly from the Fedora securi...

Linux Distros Unpatched Vulnerability : CVE-2026-11666

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Input in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to perform UI spoofing via a crafted HTML...

FreeBSD : Apache httpd -- Multiple vulnerabilities (7655baae-637d-11f1-8607-8447094a420f)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 7655baae-637d-11f1-8607-8447094a420f advisory. The Apache httpd project reports: See links for details. Tenable has extracted the preceding...

EulerOS 2.0 SP11 : curl (EulerOS-SA-2026-2200)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the...

EulerOS 2.0 SP11 : systemd (EulerOS-SA-2026-2266)

According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : systemd, a system and service manager, as PID 1 hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data...

Fedora 43 : xorg-x11-server (2026-c3ea7d7b0e)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-c3ea7d7b0e advisory. Update to xserver 21.1.23, Security fixes for: ZDI-CAN-30136, ZDI-CAN-30159, ZDI-CAN-30160, ZDI-CAN-30161, ZDI-CAN-30163, ZDI-CAN-30164, ZDI-CAN-30165,...

EulerOS 2.0 SP11 : nghttp2 (EulerOS-SA-2026-2219)

According to the versions of the nghttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the...

Linux Distros Unpatched Vulnerability : CVE-2026-11677

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Race in Network in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the network process to potentially perform a sandb...

Linux Distros Unpatched Vulnerability : CVE-2026-42490

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To create and manage guests, domc...

Linux Distros Unpatched Vulnerability : CVE-2026-11680

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Media in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted...

EulerOS 2.0 SP11 : libsoup (EulerOS-SA-2026-2213)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in th...

EulerOS 2.0 SP11 : openssh (EulerOS-SA-2026-2220)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenSSH before 10.3 mishandles the authorizedkeys principals option in uncommon scenarios involving a principals list in conjunction with a...

Linux Distros Unpatched Vulnerability : CVE-2026-11661

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Views in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially...

Linux Distros Unpatched Vulnerability : CVE-2026-11792

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the createmaskedentrystring function in auditlog.c copies a...

Linux Distros Unpatched Vulnerability : CVE-2026-11788

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an...

KB5094127: Windows 10 version 21H2 / Windows 10 Version 22H2 Security Update (June 2026)

The remote Windows host is missing security update 5094127. It is, therefore, affected by multiple vulnerabilities - Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. CVE-2026-42909, CVE-2026-42985, CVE-2026-42992, CVE-2026-42993,...

Fedora 44 : sentencepiece (2026-314504fd18)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-314504fd18 advisory. Update to 0.2.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

MiracleLinux 8 : ruby:3.3 (AXSA:2026-769:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-769:01 advisory. erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 Tenable has extracted the preceding description block directly from the...

Linux Distros Unpatched Vulnerability : CVE-2026-41851

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Applications which accept user-supplied Spring Expression Language SpEL expressions may be vulnerable to a Denial of Service DoS attack if the evaluation of a...

EulerOS 2.0 SP11 : python-requests (EulerOS-SA-2026-2263)

According to the versions of the python-requests packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename...

EulerOS 2.0 SP11 : avahi (EulerOS-SA-2026-2235)

According to the versions of the avahi packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and below,...

Linux Distros Unpatched Vulnerability : CVE-2026-42487

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HVM guest I/O port accesses are subject to either emulation or at least translation. Translations are managed by the device model via XENDOMCTLioportmapping, an...

EulerOS 2.0 SP11 : libcap (EulerOS-SA-2026-2211)

According to the versions of the libcap packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the capsetfile function...

EulerOS 2.0 SP11 : util-linux (EulerOS-SA-2026-2268)

According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can modify the...

Linux Distros Unpatched Vulnerability : CVE-2026-11329

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. Affected by this issue is the function generatehashkey of the file...

EulerOS 2.0 SP11 : libarchive (EulerOS-SA-2026-2248)

According to the versions of the libarchive packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata processing...

Linux Distros Unpatched Vulnerability : CVE-2026-11674

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Guest View in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML...

Linux Distros Unpatched Vulnerability : CVE-2026-11648

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted...

EulerOS 2.0 SP11 : golang (EulerOS-SA-2026-2245)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a...

Linux Distros Unpatched Vulnerability : CVE-2026-46329

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of the filesystem should be zeroed out, similar to loopback devices...

KB5095051: Windows 11 Version 26H1 Security Update (June 2026)

The remote Windows host is missing security update 5095051. It is, therefore, affected by multiple vulnerabilities - Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. CVE-2026-42909, CVE-2026-42913, CVE-2026-42985, CVE-2026-42992,...

EulerOS 2.0 SP11 : libtiff (EulerOS-SA-2026-2215)

According to the versions of the libtiff packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile...

Linux Distros Unpatched Vulnerability : CVE-2026-11658

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer...

Fortinet Fortigate Restricted CLI escape using Lua (FG-IR-26-143)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-143 advisory. - An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability CWE-1244 vulnerability in Fortinet FortiOS...

EulerOS 2.0 SP11 : openssl (EulerOS-SA-2026-2221)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the require...

Linux Distros Unpatched Vulnerability : CVE-2026-11685

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in MediaCapture in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted...

Linux Distros Unpatched Vulnerability : CVE-2026-41840

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring WebFlux applications are vulnerable to Denial of Service DoS attacks when processing multipart requests. Affected versions: Spring Framework 7.0.0 throug...

Linux Distros Unpatched Vulnerability : CVE-2026-11689

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in Passwords in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypa...

Linux Distros Unpatched Vulnerability : CVE-2026-11681

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...

Linux Distros Unpatched Vulnerability : CVE-2026-11679

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Codecs in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially...

Linux Distros Unpatched Vulnerability : CVE-2026-11647

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Printing in Google Chrome on Android prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially...

Adobe Dreamweaver 21.0 < 21.8 Multiple Vulnerabilities (APSB26-62) (macOS)

The version of Adobe Dreamweaver installed on the remote macOS host is prior to 21.8. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-62 advisory. - Dreamweaver Desktop versions 21.7 and earlier are affected by an Access of Uninitialized Pointer vulnerability th...

EulerOS 2.0 SP11 : tigervnc (EulerOS-SA-2026-2230)

According to the versions of the tigervnc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application...

EulerOS 2.0 SP11 : firewalld (EulerOS-SA-2026-2202)

According to the versions of the firewalld packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus Desktop Bus setter...