Detections
Analytics
CVEs
Tenable maintains a list of Common Vulnerabilities and Exposures (CVEs) and their affected products. Tenable augments the data to include related Tenable Plugins that detect each vulnerability. 328669 CVEs are indexed from NVD.
RSS Feeds
Search
Vulnerability Watch ›
CVE-2025-64155
criticalVulnerability of Interest
Public exploit code has been released for this Fortinet FortiSIEM command injection vulnerability. Immediate patching is recommended as Fortinet devices are often targeted
CVE-2025-37164
criticalVulnerability of Interest
This HPE OneView RCE was assigned the maximum CVSS score of 10. Exploitation has been reported by CISA and a PoC has been released. Immediate patching is recommended.
CVE-2025-8110
highVulnerability of Interest
Zero-day exploitation has been observed. Refer to the vendor for further updates on patching and mitigation options
CVE-2020-12812
criticalVulnerability of Interest
This improper authentication vulnerability affecting Fortinet devices is exploitable in certain configurations. Exploitation has been observed and patching is recommended.
CVE-2025-59466
highVulnerability Being Monitored
We are monitoring a new denial of service (DoS) vulnerability that affects React Server, Next.js and many Application Performance Monitoring (APM) tools.
CVE-2025-69258
criticalVulnerability Being Monitored
Patches have been released as well as exploit code for this Trend Micro Apex Central RCE. Immediate patching is recommended.
CVE-2026-21877
criticalVulnerability Being Monitored
This RCE in n8n has received the maximum CVSS score of 10. Immediate patching is recommended.
CVE-2026-21858
criticalVulnerability Being Monitored
This RCE in n8n has received the maximum CVSS score of 10. Immediate patching is recommended.
CVE-2026-20029
mediumVulnerability Being Monitored
Public exploit code has been released. While no exploitation has been reported, immediate patching of this Cisco Identity Services Engine (ISE) flaw is recommended.
Newest ›
CVE-2025-14448
medium
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2026-23582
No Score
Rejected reason: Not used
CVE-2026-23581
No Score
Rejected reason: Not used
CVE-2026-23580
No Score
Rejected reason: Not used
CVE-2026-23579
No Score
Rejected reason: Not used
CVE-2026-23578
No Score
Rejected reason: Not used
CVE-2026-23577
No Score
Rejected reason: Not used
CVE-2026-23576
No Score
Rejected reason: Not used
CVE-2026-23575
No Score
Rejected reason: Not used
CVE-2026-23574
No Score
Rejected reason: Not used
Updated ›
CVE-2026-23582
No Score
Rejected reason: Not used
CVE-2026-23581
No Score
Rejected reason: Not used
CVE-2026-23580
No Score
Rejected reason: Not used
CVE-2026-23579
No Score
Rejected reason: Not used
CVE-2026-23578
No Score
Rejected reason: Not used
CVE-2026-23577
No Score
Rejected reason: Not used
CVE-2026-23576
No Score
Rejected reason: Not used
CVE-2026-23575
No Score
Rejected reason: Not used
CVE-2026-23574
No Score
Rejected reason: Not used
CVE-2026-0547
medium
A vulnerability was found in PHPGurukul Online Course Registration up to 3.1. This issue affects some unknown processing of the file /admin/edit-student-profile.php of the component Student Registration Page. The manipulation of the argument photo results in unrestricted upload. The attack may be launched remotely. The exploit has been made public and could be used.