IBM WebSphere Application Server Liberty 17.0.0.3 < 26.0.0.7 (7277536)

The version of IBM WebSphere Application Server Liberty running on the remote host is affected by a vulnerability as referenced in the 7277536 advisory. - IBM WebSphere Application Server Liberty is affected by an arbitrary file read vulnerability with the restConnector-2.0 feature enabled. CWE:...

IBM WebSphere Application Server 8.5.x < 8.5.5.30 / 9.x < 9.0.5.29 RCE (7277544)

The version of IBM WebSphere Application Server running on the remote host is affected by a remote code execution vulnerability as referenced in the 7277544 advisory. - IBM WebSphere Application Server is affected by a remote code execution vulnerability in the SOAP/JMX connector. CWE: CWE-502:...

Linux Distros Unpatched Vulnerability : CVE-2026-10658

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A missing length validation in the Zephyr Bluetooth Host ISO receive path can be triggered by malformed HCI ISO data. In btisorecv subsys/bluetooth/host/iso.c,...

AlmaLinux 8 : redis:6 (ALSA-2026:26008)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:26008 advisory. redis: RESTORE invalid memory access may allow remote code execution CVE-2026-25243 Tenable has extracted the preceding description block directly from the...

AlmaLinux 9 : corosync (ALSA-2026:19200)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:19200 advisory. corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet CVE-2026-35091 corosync: Corosync: Denial of Service via integer...

Fedora 44 : materialx (2026-d2806ddffc)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d2806ddffc advisory. New release version 1.39.5. See the change log. Tenable has extracted the preceding description block directly from the Fedora security advisory. No...

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.5 Product Security Update (Critical) (RHSA-2026:28376)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28376 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers ca...

Fedora 44 : frr / grout (2026-28949d21e5)

The remote Fedora 44 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-28949d21e5 advisory. New version of frr and grout. I am keeping libyang to version 3 at the moment due to recommendations from...

Linux Distros Unpatched Vulnerability : CVE-2026-44727

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyterserver render user-authored notebook HTML under...

Fedora 44 : perl-Crypt-DSA (2026-f4a6b0c635)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-f4a6b0c635 advisory. This update, to the current upstream release, prevents key material reuse for multiple signing events CVE-2026-12205, CWE-323. Tenable has extracted the...

Oracle Linux 9 : gimp (ELSA-2026-19362)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19362 advisory. - fix CVE-2026-4150 - align with Y-stream - fix CVE-2026-4151 - fix CVE-2026-4152 - fix CVE-2026-4153 - fix CVE-2026-4154 - fix CVE-2026-4887 - fix...

Oracle Linux 8 : virt:kvm_utils3 (ELSA-2026-50337)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50337 advisory. - Limit recursion in ri-records CVE-2021-3622 resolves: rhbz1976194 - Bounds check for block exceeding page length CVE-2021-3504 resolves: rhbz1950501...

Oracle Linux 9 : tigervnc (ELSA-2026-19342)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19342 advisory. - Fix CVE-2026-33999, CVE-2026-34000, CVE-2026-34001, CVE-2026-34002, CVE-2026-34003 xorg-x11-server: various XKB and XSYNC vulnerabilities Resolves:...

Photon OS 5.0: Fuse3 PHSA-2026-5.0-0860

An update of the fuse3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0860. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Linux Distros Unpatched Vulnerability : CVE-2025-71319

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a...

RHEL 10 : libxml2 (RHSA-2026:28234)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28234 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: buffer over-read in...

AlmaLinux 10 : python-urllib3 (ALSA-2026:28000)

The remote AlmaLinux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:28000 advisory. urllib3: urllib3: Denial of Service due to excessive HTTP response decompression CVE-2026-44432 urllib3: urllib3: Information disclosure via cross-origi...

RHEL 9 : python3.14 (RHSA-2026:28247)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28247 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

RHEL 10 : libsolv (RHSA-2026:28236)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28236 advisory. The libsolv packages provide a library for resolving package dependencies using a satisfiability algorithm. Security Fixes: libsolv:...

Slackware Linux 15.0 / current libarchive Vulnerability (SSA:2026-174-01)

The version of libarchive installed on the remote host is prior to 3.8.8. It is, therefore, affected by a vulnerability as referenced in the SSA:2026-174-01 advisory. New libarchive packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the preceding...

AlmaLinux 10 : python3.14-urllib3 (ALSA-2026:27929)

The remote AlmaLinux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:27929 advisory. urllib3: urllib3: Denial of Service due to excessive HTTP response decompression CVE-2026-44432 urllib3: urllib3: Information disclosure via cross-origi...

RHEL 10 : opencryptoki (RHSA-2026:28231)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28231 advisory. The opencryptoki packages contain version 2.11 of the PKCS11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These...

Oracle Linux 8 : mysql:8.4 (ELSA-2026-26180)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-26180 advisory. mecab 0.996-2.12 - Bump version for 'mysql' module rebuild We are moving the 'mecab-devel' RPM from the 'buildroot' repo to the 'AppStream' repo -...

Fedora 43 : chromium (2026-f9a0af40b2)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f9a0af40b2 advisory. Update to 149.0.7827.155 CVE-2026-12437: Use after free in WebShare CVE-2026-12438: Inappropriate implementation in WebView CVE-2026-12439: Use afte...

Photon OS 4.0: Samba PHSA-2026-4.0-1039

An update of the samba package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1039. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

RHEL 9 : Satellite 6.18.6 Async Update (Important) (RHSA-2026:28385)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28385 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity t...

RHEL 9 : opencryptoki (RHSA-2026:28256)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28256 advisory. The opencryptoki packages contain version 2.11 of the PKCS11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These...

Fedora 44 : coturn (2026-dda1360c18)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-dda1360c18 advisory. Coturn 4.13.1 What's in this release - Security fixes What's Changed - Null-terminate servername in stunischallengeresponsestr - Canonicalize all...

Fedora 43 : perl-Crypt-DSA (2026-5cf57e43e3)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-5cf57e43e3 advisory. This update, to the current upstream release, prevents key material reuse for multiple signing events CVE-2026-12205, CWE-323. Tenable has extracted the...

Debian dla-4641 : beets - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4641 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4641-1 [email protected] https://www.debian.org/lts/security/...

Oracle Linux 9 : grafana-pcp (ELSA-2026-19351)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-19351 advisory. - Resolves RHEL-166679: CVE-2026-32282 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note th...

Photon OS 4.0: Rsync PHSA-2026-4.0-1038

An update of the rsync package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1038. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

AlmaLinux 9 : skopeo (ALSA-2026:28074)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:28074 advisory. crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation CVE-2026-32281 crypto/tls: golang: Go crypto/tls:...

Oracle Linux 9 : grafana (ELSA-2026-19352)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19352 advisory. - Resolves RHEL-161803: CVE-2026-27877 - Resolves RHEL-166678: CVE-2026-32282 Tenable has extracted the preceding description block directly from the...

Fedora 43 : materialx (2026-85d5d5f493)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-85d5d5f493 advisory. New release version 1.39.5. See the change log. Tenable has extracted the preceding description block directly from the Fedora security advisory. No...

RHEL 9 : .NET 8.0 (RHSA-2026:28227)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28227 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

AlmaLinux 9 : kernel (ALSA-2026:27789)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:27789 advisory. kernel: can: isotp: fix tx.buf use-after-free in isotpsendmsg CVE-2026-31474 kernel: mptcp: fix slab-use-after-free in inetlookupestablished CVE-2026-316...

Linux Distros Unpatched Vulnerability : CVE-2026-10645

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Zephyr's ext2 directory-entry parser does not fully validate on-disk directory entry structure before copying the entry name and advancing traversal state. In...

AlmaLinux 9 : memcached (ALSA-2026:27862)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:27862 advisory. memcached: memcached: Username enumeration via timing side channel CVE-2026-47783 Tenable has extracted the preceding description block directly from the AlmaLinu...

Oracle Linux 9 : dnsmasq (ELSA-2026-19373)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19373 advisory. - Prevent overflow in extractname function CVE-2026-2291 - Prevent DoS in DNSSEC validation CVE-2026-4890 - Prevent out-of-bounds read in DNSSEC...

Debian dla-4642 : u-boot - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4642 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4642-1 [email protected]...

IBM WebSphere Application Server 8.5.x < 8.5.5.30 / 9.x < 9.0.5.29 XSS (7277546)

The version of IBM WebSphere Application Server running on the remote host is affected by a XSS vulnerability as referenced in the 7277546 advisory. - IBM WebSphere Application Server is affected by a cross-site scripting vulnerability in the administrative console login page. CWE: CWE-79: Improp...

IBM WebSphere Application Server 8.5.x < 8.5.5.31 / 9.x < 9.0.5.29 RCE (7277550)

The version of IBM WebSphere Application Server running on the remote host is affected by a remote code execution vulnerability as referenced in the 7277550 advisory. - IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by an HTTP request smuggling vulnerabilit...

Debian dsa-6363 : python3-urllib3 - security update

The remote Debian 13 host has a package installed that is affected by a vulnerability as referenced in the dsa-6363 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6363-1 [email protected] https://www.debian.org/security/ Moritz...

RHEL 9 : Red Hat Ansible Automation Platform 2.6 Product Security Update (Critical) (RHSA-2026:28377)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28377 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can...

Linux Distros Unpatched Vulnerability : CVE-2026-41423

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.21,...

Oracle Linux 9 : nginx (ELSA-2026-19374)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19374 advisory. - Resolves: RHEL-176232 - nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 - RHEL-159560 CVE-2026-27654 nginx: NGINX: Denial of Service or...

Fedora 43 : yt-dlp (2026-03f87de373)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-03f87de373 advisory. - Update to 2026.06.09. Fixes rhbz2487407. - Mitigates CVE-2026-50019, CVE-2026-50023, CVE-2026-50574 Tenable has extracted the preceding descriptio...

Oracle Linux 9 : libsndfile (ELSA-2026-19610)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19610 advisory. 1.0.32-9.1 - apply patch for CVE-2026-37555 Resolves: ?RHEL-174543 Tenable has extracted the preceding description block directly from the Oracle Linux securit...

Oracle Linux 9 : fence-agents (ELSA-2026-13672)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-13672 advisory. - bundled cryptography: replace with dependency to fix CVE-2026-26007 Tenable has extracted the preceding description block directly from the Oracle...