Oracle Linux 9 : .NET / 8.0 (ELSA-2026-25220)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-25220 advisory. 8.0.128-1.0.1 - Add support for Oracle Linux 8.0.128-1 - Update to .NET SDK 8.0.128 and Runtime 8.0.28 - Resolves: RHEL-181055 8.0.127-1 - Update to...

Oracle Linux 9 : unbound (ELSA-2026-24369)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-24369 advisory. - Fix CVE-2026-33278 RHEL-177822 Fix CVE-2026-42944 RHEL-177936 Fix CVE-2026-42959 RHEL-177797 Tenable has extracted the preceding description block...

Linux Distros Unpatched Vulnerability : CVE-2026-50023

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary...

Linux Distros Unpatched Vulnerability : CVE-2025-61018

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in the sqloplacedtset component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

RHEL 8 : libpng12 (RHSA-2026:29018)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:29018 advisory. The libpng12 package provides libpng 1.2, which is the previous version of the libpng library for manipulating PNG Portable Network Graphics image...

Linux Distros Unpatched Vulnerability : CVE-2026-8932

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - curl - None CVE-2026-8932 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenable, Inc...

RockyLinux 9 : libpng (RLSA-2026:28255)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:28255 advisory. libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVE-2026-33416 libpng: libpng: Information disclosure and denial of service...

AlmaLinux 9 : tigervnc (ALSA-2026:19342)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:19342 advisory. xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling CVE-2026-33999 xwayland: xorg: X.Org X server:...

Linux Distros Unpatched Vulnerability : CVE-2025-61023

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in the stcompare component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

Linux Distros Unpatched Vulnerability : CVE-2025-61024

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in the sqlotryinloop component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

Oracle Linux 9 : python3.9 (ELSA-2026-18693)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-18693 advisory. - Security fixes for CVE-2026-4786 and CVE-2026-6100 Resolves: RHEL-167919, RHEL-168161 - Security fix for CVE-2026-4519 Resolves: RHEL-158117 Tenable has...

AlmaLinux 10 : python3.14 (ALSA-2026:28581)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:28581 advisory. python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open API CVE-2026-4786 python: Python: Cross-Site Scripting XSS...

AlmaLinux 10 : libpng (ALSA-2026:28233)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:28233 advisory. libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVE-2026-33416 libpng: libpng: Information disclosure and denial of service...

AlmaLinux 10 : postgresql16 (ALSA-2026:27743)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:27743 advisory. postgresql: PostgreSQL: Operating system account hijack via symlink following in pgbasebackup and pgrewind CVE-2026-6475 postgresql: PostgreSQL libpq:...

Oracle Linux 8 : postgresql:16 (ELSA-2026-28143)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-28143 advisory. pgaudit 16.0-1 - Update to 16.0 - Support postgresql 16 - Initial import for PG 16 module - Resolves: RHEL-3636 pgrepack 1.5.1-1 - Update to 1.5.1...

AlmaLinux 8 : redis:6 (ALSA-2026:26008)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:26008 advisory. redis: RESTORE invalid memory access may allow remote code execution CVE-2026-25243 Tenable has extracted the preceding description block directly from the...

AlmaLinux 8 : libpq (ALSA-2026:27738)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:27738 advisory. postgresql: PostgreSQL: Operating system account hijack via symlink following in pgbasebackup and pgrewind CVE-2026-6475 postgresql: PostgreSQL libpq:...

AlmaLinux 9 : postgresql (ALSA-2026:27741)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:27741 advisory. postgresql: PostgreSQL: Operating system account hijack via symlink following in pgbasebackup and pgrewind CVE-2026-6475 postgresql: PostgreSQL libpq:...

RockyLinux 10 : xorg-x11-server-Xwayland (RLSA-2026:26566)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26566 advisory. xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch...

RockyLinux 8 : postgresql:12 (RLSA-2026:28999)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:28999 advisory. postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison CVE-2026-6478 postgresql: integer overflow can cause an...

RockyLinux 10 : postgresql16 (RLSA-2026:27743)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:27743 advisory. postgresql: PostgreSQL: Operating system account hijack via symlink following in pgbasebackup and pgrewind CVE-2026-6475 postgresql: PostgreSQL libpq:...

Debian dla-4646 : libecpg-compat3 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4646 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4646-1 [email protected]...

Oracle Linux 8 : tigervnc (ELSA-2026-28923)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-28923 advisory. 1.15.0-10 - Rebuild for updated xorg-x11-server Resolves: RHEL-183998 Tenable has extracted the preceding description block directly from the Oracle...

Google Chrome < 149.0.7827.196 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 149.0.7827.196. It is, therefore, affected by multiple vulnerabilities as referenced in the 202606stable-channel-update-for-desktop0482630350 advisory. - Use after free in Autofill. CVE-2026-13038 - Use after free in WebG...

RockyLinux 8 : libpq (RLSA-2026:27738)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:27738 advisory. postgresql: PostgreSQL: Operating system account hijack via symlink following in pgbasebackup and pgrewind CVE-2026-6475 postgresql: PostgreSQL libpq:...

AlmaLinux 8 : postgresql:16 (ALSA-2026:28143)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:28143 advisory. postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison CVE-2026-6478 postgresql: integer overflow can cause an...

RockyLinux 10 : postgresql18 (RLSA-2026:27742)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:27742 advisory. postgresql: PostgreSQL: Operating system account hijack via symlink following in pgbasebackup and pgrewind CVE-2026-6475 postgresql: PostgreSQL libpq:...

RHEL 8 : tigervnc (RHSA-2026:28923)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28923 advisory. Virtual Network Computing VNC is a remote display system which allows users to view a computing desktop environment not only on the machine...

AlmaLinux 8 : postgresql:13 (ALSA-2026:28208)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:28208 advisory. postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison CVE-2026-6478 Tenable has extracted the preceding description blo...

RHEL 9 : libxslt (RHSA-2026:28243)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28243 advisory. libxslt is a library for transforming XML files into other textual formats including HTML, plain text, and other XML representations of the underlyi...

RockyLinux 9 : libxslt (RLSA-2026:28243)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:28243 advisory. libxslt: use-after-free with key data stored cross-RVT CVE-2025-10911 Tenable has extracted the preceding description block directly from the RockyLinux security...

Oracle Linux 8 : libpq (ELSA-2026-27738)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-27738 advisory. - Backport fixes for CVE-2026-6478, CVE-2026-6637, CVE-2026-6477, CVE-2026-6475, CVE-2026-6473 from PostgreSQL 14.23 Tenable has extracted the precedi...

Google Chrome < 149.0.7827.196 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 149.0.7827.196. It is, therefore, affected by multiple vulnerabilities as referenced in the 202606stable-channel-update-for-desktop0482630350 advisory. - Use after free in Autofill. CVE-2026-13038 - Use after free in...

Oracle Linux 9 : redis:7 (ELSA-2026-25219)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-25219 advisory. 7.2.14-1.0.1 - Build with 64k pages to support redis on UEK on aarch64 7.2.14-1 - rebase to 7.2.14 for CVE-2026-23479 CVE-2026-25243 CVE-2026-23631...

RHEL 8 : postgresql:12 (RHSA-2026:28999)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28999 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL: Credential recovery vi...

AlmaLinux 10 : libxslt (ALSA-2026:28584)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:28584 advisory. libxslt: use-after-free with key data stored cross-RVT CVE-2025-10911 Tenable has extracted the preceding description block directly from the AlmaLinux security...

RHEL 10 : libxslt (RHSA-2026:28584)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28584 advisory. libxslt is a library for transforming XML files into other textual formats including HTML, plain text, and other XML representations of the...

Oracle Linux 8 : nginx:1.24 (ELSA-2026-28921)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-28921 advisory. - Resolves: RHEL-178676 - nginx:1.24/nginx: code execution and denial of service CVE-2026-9256 - Resolves: RHEL-176224 - nginx:1.24/nginx: NGINX: Arbitrary Cod...

Photon OS 5.0: Fuse3 PHSA-2026-5.0-0860

An update of the fuse3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0860. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Fedora 44 : perl-Crypt-DSA (2026-f4a6b0c635)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-f4a6b0c635 advisory. This update, to the current upstream release, prevents key material reuse for multiple signing events CVE-2026-12205, CWE-323. Tenable has extracted the...

IBM WebSphere Application Server 8.5.x < 8.5.5.30 / 9.x < 9.0.5.29 RCE (7277544)

The version of IBM WebSphere Application Server running on the remote host is affected by a remote code execution vulnerability as referenced in the 7277544 advisory. - IBM WebSphere Application Server is affected by a remote code execution vulnerability in the SOAP/JMX connector. CWE: CWE-502:...

Linux Distros Unpatched Vulnerability : CVE-2025-71319

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a...

IBM WebSphere Application Server Liberty 17.0.0.3 < 26.0.0.7 (7277536)

The version of IBM WebSphere Application Server Liberty running on the remote host is affected by a vulnerability as referenced in the 7277536 advisory. - IBM WebSphere Application Server Liberty is affected by an arbitrary file read vulnerability with the restConnector-2.0 feature enabled. CWE:...

Oracle Linux 9 : gimp (ELSA-2026-19362)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19362 advisory. - fix CVE-2026-4150 - align with Y-stream - fix CVE-2026-4151 - fix CVE-2026-4152 - fix CVE-2026-4153 - fix CVE-2026-4154 - fix CVE-2026-4887 - fix...

Fedora 43 : chromium (2026-f9a0af40b2)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f9a0af40b2 advisory. Update to 149.0.7827.155 CVE-2026-12437: Use after free in WebShare CVE-2026-12438: Inappropriate implementation in WebView CVE-2026-12439: Use afte...

Fedora 44 : frr / grout (2026-28949d21e5)

The remote Fedora 44 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-28949d21e5 advisory. New version of frr and grout. I am keeping libyang to version 3 at the moment due to recommendations from...

Fedora 43 : materialx (2026-85d5d5f493)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-85d5d5f493 advisory. New release version 1.39.5. See the change log. Tenable has extracted the preceding description block directly from the Fedora security advisory. No...

Oracle Linux 9 : jmc (ELSA-2026-20568)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-20568 advisory. 8.2.0-5 - Remove the websocket plugin. Related: RHEL-168615 8.2.0-4 - Bump LZ4 Version to 1.10.2. Related: RHEL-135478 Tenable has extracted the...

Linux Distros Unpatched Vulnerability : CVE-2026-44889

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebOb provides objects for HTTP requests and responses. Prior to 1.8.10, the normalization of the HTTP Location header during a redirect is vulnerable to an ope...

Fedora 43 : coturn (2026-c42d951aad)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-c42d951aad advisory. Coturn 4.13.1 What's in this release - Security fixes What's Changed - Null-terminate servername in stunischallengeresponsestr - Canonicalize all...