CVE-2026-42937

Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell tmsh arp and ndp commands, and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view adjacent network information. Note: Software versions which have reached End of Technical...

CVE-2026-7561 Tm – WordPress Redirection <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Tm – WordPress Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicio...

WordPress Tm – WordPress Redirection plugin <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Tm – WordPress Redirection versions = 1.2...

SUSE CVE-2026-43191

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Adjust PHY FSM transition to TXEN-to-PLLON for TMDS on DCN35 Why A backport of the change made for DCN401 that addresses an issue where we turn off the PHY PLL when disabling TMDS output, which causes the OTG to...

EPSON Printers Improper Authentication (CVE-2022-36133)

The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000548)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000548 advisory. The tmreclaimthread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists befor...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003700)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003700 advisory. In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004404)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004404 advisory. mwifiextmcmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002353)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002353 advisory. The tmreclaimthread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists befor...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002167)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002167 advisory. The tmreclaimthread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists befor...

Malicious code in sonic-koig-tm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b70c5ad40f6211c37a16a7fee970f99a23120a6a4fd485a805f88d1187177ca This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Siemens SIMATIC Devices Incorrect Calculation of Buffer Size (CVE-2024-42259)

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Fix Virtual Memory mapping boundaries calculation Calculating the size of the mapped area as the lesser value between the requested size and the actual size does not consider the partial mapping offset. This can cau...

Siemens SIMATIC Devices NULL Pointer Dereference (CVE-2024-26812)

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Create persistent INTx handler This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if descripti...

Siemens SIMATIC Devices Improper Input Validation (CVE-2024-27047)

Vulnerablity in Linux kernel: net: phy: phygetinternaldelay accessing an empty array The phygetinternaldelay function could try to access to an empty array in the case that the driver is calling phygetinternaldelay without defining delayvalues and rx-internal- delay-ps or tx-internal-delay-ps is...

Siemens SIMATIC Devices Improper Input Validation (CVE-2024-27437)

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Disable auto-enable of exclusive INTx IRQ Currently for devices requiring masking at the irqchip for INTx, ie. devices without DisINTx support, the IRQ is enabled in requestirq and subsequently disabled as necessary to...

Siemens SIMATIC Devices Exposure of Resource to Wrong Sphere (CVE-2024-36959)

In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fix refcount leak in pinctrldttomap If we fail to allocate propname buffer, we need to drop the reference count we just took. Because the pinctrldtfreemaps includes the droping operation, here we call it...

Siemens SIMATIC Devices Improper Input Validation (CVE-2024-42281)

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a segment issue when downgrading gsosize Linearize the skb when downgrading gsosize because it may trigger a BUGON later when the skb is segmented as described in 1,2. This plugin only works with Tenable.ot. Please visit...

Siemens SIMATIC Devices Use After Free (CVE-2025-21858)

geneve: Fix use-after-free in genevefinddev This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503396; scriptversion"1.2";...

Siemens SIMATIC Devices Use After Free (CVE-2024-27395)

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Fix Use-After-Free in ovsctexit Since kfreercu, which is called in the hlistforeachentryrcu traversal of ovsctlimitexit, is not part of the RCU read critical section, it is possible that the RCU grace period wil...

Siemens SIMATIC Devices Use of Uninitialized Resource (CVE-2025-21787)

team: better TEAMOPTIONTYPESTRING validation This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503529; scriptversion"1.2";...