411 matches found
CVE-2026-42937
Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell tmsh arp and ndp commands, and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view adjacent network information. Note: Software versions which have reached End of Technical...
CVE-2026-7561 Tm – WordPress Redirection <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Tm – WordPress Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicio...
WordPress Tm – WordPress Redirection plugin <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability
Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Tm – WordPress Redirection versions = 1.2...
SUSE CVE-2026-43191
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Adjust PHY FSM transition to TXEN-to-PLLON for TMDS on DCN35 Why A backport of the change made for DCN401 that addresses an issue where we turn off the PHY PLL when disabling TMDS output, which causes the OTG to...
EPSON Printers Improper Authentication (CVE-2022-36133)
The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000548)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000548 advisory. The tmreclaimthread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists befor...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004404)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004404 advisory. mwifiextmcmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003700)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003700 advisory. In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002353)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002353 advisory. The tmreclaimthread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists befor...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002167)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002167 advisory. The tmreclaimthread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists befor...
Malicious code in sonic-koig-tm (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b70c5ad40f6211c37a16a7fee970f99a23120a6a4fd485a805f88d1187177ca This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-44960)
usb: gadget: core: Check for unset descriptor. It needs to be reassured that the descriptor has been set before looking at maxpacket. This fixes a null pointer panic in this case. This may happen if the gadget doesn't properly set up the endpoint for the current speed, or the gadget descriptors a...
Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Missing Initialization of a Variable (CVE-2024-53101)
In the Linux kernel, the following vulnerability has been resolved: fs: Fix uninitialized value issue in fromkuid and fromkgid ocfs2setattr uses attr-iamode, attr-iauid and attr-iagid in a trace point even though ATTRMODE, ATTRUID and ATTRGID aren't set. Initialize all fields of newattrs to avoid...
Siemens SIMATIC Devices Improper Locking (CVE-2024-26643)
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: mark set as dead when unbinding anonymous set with timeout This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable,...
Siemens SIMATIC Devices NULL Pointer Dereference (CVE-2024-26812)
In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Create persistent INTx handler This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if descripti...
Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Out-of-bounds Read (CVE-2024-49930)
wifi: ath11k: fix array out-of-bound access in SoC stats. Currently, the ath11ksocdpstats::halreoerror array is defined with a maximum size of DPREODSTRINGMAX. However, the ath11kdpprocessrx function access ath11ksocdpstats::halreoerror using the REO destination SRNG ring ID, which is incorrect...
Siemens SIMATIC Devices Out-of-bounds Write (CVE-2024-36916)
In the Linux kernel, the following vulnerability has been resolved: blk-iocost: avoid out of bounds shift UBSAN catches undefined behavior in blk-iocost, where sometimes iocg-delay is shifted right by a number that is too large, resulting in undefined behavior on some architectures. 186.556576...
Siemens SIMATIC Devices Improper Input Validation (CVE-2024-42281)
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a segment issue when downgrading gsosize Linearize the skb when downgrading gsosize because it may trigger a BUGON later when the skb is segmented as described in 1,2. This plugin only works with Tenable.ot. Please visit...
Siemens SIMATIC Devices Integer Overflow or Wraparound (CVE-2024-58017)
printk: Fix signed integer overflow when defining LOGBUFLENMAX This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503397; scriptversion"1.2";...
Siemens SIMATIC Devices Improper Input Validation (CVE-2024-26651)
sr9800: Local Denial of Service Vulnerability. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503678; scriptversion"1.2";...