Linux Distros Unpatched Vulnerability : CVE-2026-46292

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pmdomain: core: Fix detach procedure for virtual devices in genpd If a device is attached to a PM domain through genpddevpmattachbyid, genpd calls pmruntimeenab...

EulerOS 2.0 SP11 : python-virtualenv (EulerOS-SA-2026-2264)

According to the versions of the python-virtualenv packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use...

Linux Distros Unpatched Vulnerability : CVE-2026-42535

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A path handling issue in moddavfs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially...

Fedora 44 : tailscale (2026-07897c0238)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-07897c0238 advisory. - update to 1.98.4 - Allow nftables to satisfy firewall dependency in lieu of iptables rhbz2453924 - Fix 45s timeout on shutdowns in certain cases...

OpenSSL 3.5.0 < 3.5.7 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.5.7. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.5.7 advisory. - Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification...

EulerOS 2.0 SP11 : cups (EulerOS-SA-2026-2199)

According to the versions of the cups packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a...

Fedora 44 : objfw (2026-729e540d74)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-729e540d74 advisory. Update to 1.5.5, containing many bug fixes, some also security related. Tenable has extracted the preceding description block directly from the Fedora securi...

EulerOS 2.0 SP11 : nghttp2 (EulerOS-SA-2026-2256)

According to the versions of the nghttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the...

EulerOS 2.0 SP11 : python-pyasn1 (EulerOS-SA-2026-2262)

According to the versions of the python-pyasn1 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from...

Linux Distros Unpatched Vulnerability : CVE-2026-41841

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring Framework 7.0.0...

EulerOS 2.0 SP11 : libcap (EulerOS-SA-2026-2249)

According to the versions of the libcap packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the capsetfile function...

Linux Distros Unpatched Vulnerability : CVE-2026-11645

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted...

Fedora 43 : mingw-objfw (2026-de23fedf3e)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-de23fedf3e advisory. Update to 1.5.5, containing many bug fixes, some also security related. Tenable has extracted the preceding description block directly from the Fedora securi...

Fedora 43 : objfw (2026-d1580bc2d5)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-d1580bc2d5 advisory. Update to 1.5.5, containing many bug fixes, some also security related. Tenable has extracted the preceding description block directly from the Fedora securi...

FreeBSD : Unbound -- Multiple vulnerabilities (72e5b334-6365-11f1-8c57-000af7b98cf6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 72e5b334-6365-11f1-8c57-000af7b98cf6 advisory. NLnet Labs reports: This release consolidates security fixes for issues reported over a period...

KB5094122: Windows 10 Version 1607 / Windows Server 2016 Security Update (June 2026)

The remote Windows host is missing security update 5094122. It is, therefore, affected by multiple vulnerabilities - Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network. CVE-2026-47291 - Heap-based buffer overflow in Remote Desktop...

EulerOS 2.0 SP11 : python-requests (EulerOS-SA-2026-2226)

According to the versions of the python-requests packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename...

Linux Distros Unpatched Vulnerability : CVE-2026-41845

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to incorrect escaping, the use of JavaScriptUtils.javaScriptEscape may lead to JavaScript code injection in the browser, potentially resulting in a cross-si...

Linux Distros Unpatched Vulnerability : CVE-2026-46320

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tap: free page on error paths in tapgetuserxdp tapgetuserxdp rejects a frame shorter than ETHHLEN with -EINVAL, and returns -ENOMEM when buildskb fails. Both...

KB5093998: Windows 11 version 23H2 Security Update (June 2026)

The remote Windows host is missing security update 5093998. It is, therefore, affected by multiple vulnerabilities - Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. CVE-2026-42909, CVE-2026-42913, CVE-2026-42985, CVE-2026-42992,...

EulerOS 2.0 SP11 : python-virtualenv (EulerOS-SA-2026-2227)

According to the versions of the python-virtualenv packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use...

Linux Distros Unpatched Vulnerability : CVE-2026-11698

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...

Linux Distros Unpatched Vulnerability : CVE-2026-11787

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in 389 Directory Server. The ldaputf8prev function reads bytes before the start of a buffer without bounds checking, causing a heap buffer...

Fedora 44 : exim (2026-78bf093219)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-78bf093219 advisory. This is an update fixing a pre-authentication information disclosure CVE-2026-48840. Tenable has extracted the preceding description block directly from the...

Linux Distros Unpatched Vulnerability : CVE-2026-42536

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap-based Buffer Overflow vulnerability in Apache HTTP Server with modxml2enc, xml2StartParse, and untrusted content This issue affects Apache HTTP Server: fro...

Linux Distros Unpatched Vulnerability : CVE-2026-11700

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Tracing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a...

Linux Distros Unpatched Vulnerability : CVE-2026-46317

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: arm64: Reassign nestedmmus array behind mmulock kvm-arch.nestedmmus is walked under kvm-mmulock, including from the MMU notifier path kvmunmapgfnrange -...

Fedora 43 : firefox (2026-91bc662689)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-91bc662689 advisory. - New upstream release 151.0.3 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus ha...

KB5094128: Windows Server 2022 / Azure Stack HCI 22H2 Security Update (June 2026)

The remote Windows host is missing security update 5094128. It is, therefore, affected by multiple vulnerabilities - Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network. CVE-2026-47291 - Heap-based buffer overflow in Remote Desktop...

Linux Distros Unpatched Vulnerability : CVE-2026-46315

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iouring/waitid: clear waitid info before copying it to userspace IORINGOPWAITID stores its result fields in struct iowaitid::info and later copies them to...

Adobe Reader < 26.001.21662 Multiple Vulnerabilities (APSB26-63)

The version of Adobe Reader installed on the remote Windows host is a version prior to 26.001.21662. It is, therefore, affected by multiple vulnerabilities. - Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could resu...

Linux Distros Unpatched Vulnerability : CVE-2026-11699

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...

Linux Distros Unpatched Vulnerability : CVE-2026-11678

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in libyuv in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially...

Linux Distros Unpatched Vulnerability : CVE-2026-41855

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In an untrusted JMS environment, org.springframework.jms.support.converter.MappingJackson2MessageConverter and...

Linux Distros Unpatched Vulnerability : CVE-2026-11671

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Navigation in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page...

Security Updates for Microsoft SharePoint Server 2016 (June 2026)

The Microsoft SharePoint Server 2016 installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attack...

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50305)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-50305 advisory. - arm64: errata: Mitigate TLBI errata on various Arm CPUs Mark Rutland Orabug: 39017590 CVE-2025-10263 - net: skbuff: propagate shared-frag marker through...

Linux Distros Unpatched Vulnerability : CVE-2026-11623

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security vulnerability has been detected in tmux up to 3.6a. Affected is the function imagefree of the file image.c. Such manipulation leads to use after free...

Linux Distros Unpatched Vulnerability : CVE-2026-11668

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Uninitialized Use in Codecs in Google Chrome on Linux, ChromeOS prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted video...

Linux Distros Unpatched Vulnerability : CVE-2026-11701

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Guest View in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to perform UI spoofing via a crafted HTML page...

EulerOS 2.0 SP11 : openssh (EulerOS-SA-2026-2257)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenSSH before 10.3 mishandles the authorizedkeys principals option in uncommon scenarios involving a principals list in conjunction with a...

Debian dla-4624 : libcrypto1.1-udeb - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4624 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4624-1 [email protected]...

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update (Important) (RHSA-2026:24761)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:24761 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

Linux Distros Unpatched Vulnerability : CVE-2026-11673

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in InterestGroups in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTM...

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2026-2247)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : crypto: algifaead - Revert to operating out-of-placeCVE-2026-31431 nfsd: fix RELEASELOCKOWNERCVE-2024-26629 bonding: limit BONDMODE8023AD to...

EulerOS 2.0 SP11 : gdk-pixbuf2 (EulerOS-SA-2026-2241)

According to the versions of the gdk-pixbuf2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper...

Adobe InDesign < 20.5.4 / 21.0 < 21.4.0 Multiple Vulnerabilities (APSB26-58)

The version of Adobe InDesign installed on the remote Windows host is prior to 20.5.4, 21.4.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-58 advisory. - InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability...

Amazon Linux 2 : mesa, --advisory ALAS2-2026-3330 (ALAS-2026-3330)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3330 advisory. In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca...

Amazon Linux 2 : rclone, --advisory ALAS2-2026-3348 (ALAS-2026-3348)

The version of rclone installed on the remote host is prior to 1.55.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3348 advisory. The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively...

Amazon Linux 2 : qt5-qt3d, --advisory ALAS2-2026-3335 (ALAS-2026-3335)

The version of qt5-qt3d installed on the remote host is prior to 5.15.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3335 advisory. Buffer Overflow vulnerability exists in Assimp versions up to 6.0.2 in the FBX Importer. The vulnerability occurs in...