CVE-2026-42937

Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell tmsh arp and ndp commands, and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view adjacent network information. Note: Software versions which have reached End of Technical...

CVE-2026-7561 Tm – WordPress Redirection <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Tm – WordPress Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicio...

WordPress Tm – WordPress Redirection plugin <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Tm – WordPress Redirection versions = 1.2...

SUSE CVE-2026-43191

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Adjust PHY FSM transition to TXEN-to-PLLON for TMDS on DCN35 Why A backport of the change made for DCN401 that addresses an issue where we turn off the PHY PLL when disabling TMDS output, which causes the OTG to...

EPSON Printers Improper Authentication (CVE-2022-36133)

The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000548)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000548 advisory. The tmreclaimthread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists befor...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003700)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003700 advisory. In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004404)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004404 advisory. mwifiextmcmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002167)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002167 advisory. The tmreclaimthread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists befor...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002353)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002353 advisory. The tmreclaimthread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists befor...

Malicious code in sonic-koig-tm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b70c5ad40f6211c37a16a7fee970f99a23120a6a4fd485a805f88d1187177ca This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Siemens SIMATIC Devices Improper Input Validation (CVE-2024-26651)

sr9800: Local Denial of Service Vulnerability. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503678; scriptversion"1.2";...

Siemens SIMATIC Devices NULL Pointer Dereference (CVE-2025-21844)

smb: client: Add check for nextbuffer in receiveencryptedstandard This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503639; scriptversion"1.2";...

Siemens SIMATIC Devices Use of Uninitialized Resource (CVE-2025-21787)

team: better TEAMOPTIONTYPESTRING validation This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503529; scriptversion"1.2";...

Siemens SIMATIC Devices Improper Input Validation (CVE-2024-27047)

Vulnerablity in Linux kernel: net: phy: phygetinternaldelay accessing an empty array The phygetinternaldelay function could try to access to an empty array in the case that the driver is calling phygetinternaldelay without defining delayvalues and rx-internal- delay-ps or tx-internal-delay-ps is...

Siemens SIMATIC Devices NULL Pointer Dereference (CVE-2024-36902)

Vulnerability in Linux kernel: ipv6: fib6rules: avoid possible NULL dereference in fib6ruleaction syzbot is able to trigger the following crash 1, caused by unsafe ip6dstidev use. Indeed ip6dstidev can return NULL, and must always be checked. This plugin only works with Tenable.ot. Please visit...

Siemens SIMATIC Devices Use After Free (CVE-2025-21761)

openvswitch: use RCU protection in ovsvportcmdfillinfo This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503450; scriptversion"1.2";...

Siemens SIMATIC Devices Improper Validation of Array Index (CVE-2024-35813)

In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid negative index with array access Commit 4d0c8d0aef63 mmc: core: Use mrq.sbc in close-ended ffu assigns previdata = idatasi - 1, but doesn't check that the iterator i is greater than zero. Let's fix this by adding...

Siemens SIMATIC Devices Improper Locking (CVE-2024-26643)

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: mark set as dead when unbinding anonymous set with timeout This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable,...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Uncontrolled Resource Consumption (CVE-2024-47710)

sockmap: vulnerability result of adding a condresched in sockhashfree to prevent CPU soft lockups when destroying maps with a large number of buckets. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...