OpenSSL 3.4.0 < 3.4.6 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.4.6. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.4.6 advisory. - Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification...

Linux Distros Unpatched Vulnerability : CVE-2026-46324

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nftables: use listdelrcu for netlink hooks nftnetdevunregisterhooks and nftunregisterflowtablenethooks need to use listdelrcu, this list can be walke...

Linux Distros Unpatched Vulnerability : CVE-2026-41846

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring MVC applications which accept user-supplied values in the cssClass, cssErrorClass, or cssStyle attributes of JSP form tags allow arbitrary HTML/JavaScrip...

Linux Distros Unpatched Vulnerability : CVE-2026-40982

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud- config-server module. A malicious user, or attacker,...

Linux Distros Unpatched Vulnerability : CVE-2026-29167

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use After Free vulnerability in Apache HTTP Server with modldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67...

Linux Distros Unpatched Vulnerability : CVE-2026-11786

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when processing attribute types with trailing semicolons during...

EulerOS 2.0 SP11 : libssh (EulerOS-SA-2026-2214)

According to the versions of the libssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The API function sshgethexa is vulnerable, when 0-lenght input is provided to this function. This function is used internally in...

EulerOS 2.0 SP11 : libtiff (EulerOS-SA-2026-2253)

According to the versions of the libtiff packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile...

Linux Distros Unpatched Vulnerability : CVE-2026-11789

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted passwor...

Linux Distros Unpatched Vulnerability : CVE-2026-11644

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Views in Google Chrome on Linux prior to 149.0.7827.103 allowed an attacker who convinced a user to install a malicious extension to execute...

Linux Distros Unpatched Vulnerability : CVE-2026-46311

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amdgpu/userq: fix access to stale wptr mapping Use drmexec to take both locks i.e vm root bo and wptrobj bo to access the mapping data properly. This fixes...

Linux Distros Unpatched Vulnerability : CVE-2026-46327

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dm: fix unlocked test for dmsuspendedmd The function dmblkreportzones tests if the device is suspended with the dmsuspendedmd call. However, this function is...

Linux Distros Unpatched Vulnerability : CVE-2026-11646

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in ViewTransitions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HT...

Linux Distros Unpatched Vulnerability : CVE-2026-11635

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially...

Linux Distros Unpatched Vulnerability : CVE-2026-11631

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Aura in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially...

Linux Distros Unpatched Vulnerability : CVE-2026-41848

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Applications may be vulnerable to a Regular Expression Denial of Service ReDoS attack if an attacker is able to provide a pattern which is then directly or...

Linux Distros Unpatched Vulnerability : CVE-2026-11655

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in Media in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially...

Adobe Acrobat < 24.001.30383 / 26.001.21662 Multiple Vulnerabilities (APSB26-63)

The version of Adobe Acrobat installed on the remote Windows host is a version prior to 24.001.30383 or 26.001.21662. It is, therefore, affected by multiple vulnerabilities. - Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Stack-based Buffer Overflow vulnerabilit...

Linux Distros Unpatched Vulnerability : CVE-2025-9957

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain...

MiracleLinux 8 : compat-openssl10-1.0.2o-4.el8_10.2 (AXSA:2026-770:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2026-770:01 advisory. openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing CVE-2026-28390 Tenable has extracted the preceding...

Security Updates for Microsoft SharePoint Server 2019 (June 2026)

The Microsoft SharePoint Server 2019 installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attack...

EulerOS 2.0 SP11 : pyOpenSSL (EulerOS-SA-2026-2224)

According to the versions of the pyOpenSSL packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback t...

Linux Distros Unpatched Vulnerability : CVE-2026-41850

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Applications that evaluate user-supplied Spring Expression Language SpEL expressions are vulnerable to an Algorithmic Denial of Service DoS. By providing a...

Veeam Service Provider Console < 9.2.1.33875 (kb4856)

The version of Veeam Service Provider Console installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the kb4856 advisory. - This vulnerability in Veeam Service Provider Console allows for remote code execution. CVE-2026-32998 Note...

Linux Distros Unpatched Vulnerability : CVE-2026-34356

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap-based Buffer Overflow vulnerability in Apache HTTP Server with malicious backend servers and ProxyPassReverseCookie This issue affects Apache HTTP Server:...

Linux Distros Unpatched Vulnerability : CVE-2026-41853

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 throug...

Linux Distros Unpatched Vulnerability : CVE-2026-11790

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper bound on the iteration count extracted from stored...

Linux Distros Unpatched Vulnerability : CVE-2026-46325

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGESIZE The current implementation incorrectly handles memory regions MRs with page sizes different fr...

Linux Distros Unpatched Vulnerability : CVE-2026-46294

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dm: fix a buffer overflow in ioctl processing Tony Asleson using Claude found a buffer overflow in dm- ioctl in the function retrievestatus: 1. The code in...

EulerOS 2.0 SP11 : mesa (EulerOS-SA-2026-2217)

According to the versions of the mesa packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an...

Linux Distros Unpatched Vulnerability : CVE-2026-11785

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial stack address information to be disclosed ...

Linux Distros Unpatched Vulnerability : CVE-2026-29170

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory...

RHEL 10 : yggdrasil (RHSA-2026:24716)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:24716 advisory. yggdrasil is a system daemon that subscribes to topics on an MQTT broker and routes any data received on the topics to an appropriate chil...

Linux Distros Unpatched Vulnerability : CVE-2026-11649

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2026-2209)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : crypto: algifaead - Revert to operating out-of-placeCVE-2026-31431 nfsd: fix RELEASELOCKOWNERCVE-2024-26629 bonding: limit BONDMODE8023AD to...

RHEL 8 : thunderbird (RHSA-2026:24717)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:24717 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Memory safety bugs fixed in Firefox ES...

EulerOS 2.0 SP11 : mesa (EulerOS-SA-2026-2254)

According to the versions of the mesa packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an...

Linux Distros Unpatched Vulnerability : CVE-2026-11656

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.103 allowed an attacker who convinced a user to install a malicious extension to potentiall...

EulerOS 2.0 SP11 : libsoup (EulerOS-SA-2026-2251)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in th...

Linux Distros Unpatched Vulnerability : CVE-2026-44185

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: fro...

Linux Distros Unpatched Vulnerability : CVE-2026-41847

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring WebFlux applications may be vulnerable to a security bypass when using the Kotlin Router DSL. Affected versions: Spring Framework 5.3.0 through 5.3.48...

Linux Distros Unpatched Vulnerability : CVE-2026-41849

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language SpEL. An attacker can exploit this by supplying a specially...

EulerOS 2.0 SP11 : gdk-pixbuf2 (EulerOS-SA-2026-2203)

According to the versions of the gdk-pixbuf2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper...

MiracleLinux 8 : frr-7.5.1-24.el8_10 (AXSA:2026-771:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-771:01 advisory. frr: denial of service via crafted FlowSpec component CVE-2026-37457 Tenable has extracted the preceding description block directly from the MiracleLinux...

Linux Distros Unpatched Vulnerability : CVE-2026-46291

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: caam - guard HMAC key hex dumps in hashdigestkey Use printhexdumpdevel for dumping sensitive HMAC key bytes in hashdigestkey to avoid leaking secrets at...

Linux Distros Unpatched Vulnerability : CVE-2026-11697

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in UI in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via ...

KB5094123: Windows 10 version 1809 / Windows Server 2019 Security Update (June 2026)

The remote Windows host is missing security update 5094123. It is, therefore, affected by multiple vulnerabilities - Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network. CVE-2026-47291 - Heap-based buffer overflow in Remote Desktop...

Linux Distros Unpatched Vulnerability : CVE-2026-11643

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Proxy in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via malicious network traffic. Chromium...

RHEL 9 : thunderbird (RHSA-2026:24846)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:24846 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Memory safety bugs fixed in Firefox ES...

RHEL 9 : krb5 (RHSA-2026:24686)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:24686 advisory. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending password...