CVEs

Tenable maintains a list of Common Vulnerabilities and Exposures (CVEs) and their affected products. Tenable augments the data to include related Tenable Plugins that detect each vulnerability. 325309 CVEs are indexed from NVD.

Search

Vulnerability Watch ›

  • CVE-2025-14733
    criticalVulnerability of Interest

    This RCE flaw affecting WatchGuard Firebox can be exploited in certain configurations. Exploitation has been observed and immediate patching is recommended.

  • CVE-2025-40602
    mediumVulnerability of Interest

    SonicWall SMA1000 appliances are affected by a privilege escalation flaw (CVE-2025-40602). When chained with CVE-2025-23006, code execution is possible. Exploitation has begun

  • CVE-2025-20393
    criticalVulnerability of Interest

    A Cisco Secure Email Gateway And Cisco Secure Email and Web Manager command injection flaw can be exploited in certain configurations, limited exploitation has been observed.

  • CVE-2025-59719
    criticalVulnerability of Interest

    Exploitation has been observed for this authentication bypass flaw. Immediate patching is recommended and access to the management interface should be restricted.

  • CVE-2025-59718
    criticalVulnerability of Interest

    Exploitation has been observed for this authentication bypass flaw. Immediate patching is recommended and access to the management interface should be restricted.

  • CVE-2025-23006
    criticalVulnerability of Interest

    SonicWall SMA1000 appliances are affected by a privilege escalation flaw (CVE-2025-40602). When chained with CVE-2025-23006, code execution is possible. Exploitation has begun

  • CVE-2020-12812
    criticalVulnerability of Interest

    This improper authentication vulnerability affecting Fortinet devices is exploitable in certain configurations. Exploitation has been observed and patching is recommended.

  • CVE-2025-68613
    criticalVulnerability Being Monitored

    Code execution is possible in some conditions. Immediate updating of the n8n automation platform is recommended.

  • CVE-2025-14847
    highVulnerability Being Monitored

    This critical severity RCE affecting MongoDB should be patched as soon as possible. Currently no known exploitation has been reported.

  • CVE-2025-37164
    criticalVulnerability Being Monitored

    This HPE OneView RCE was assigned the maximum CVSS score of 10. While no exploitation has been reported, immediate patching is recommended.

Newest ›

  • A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. Affected by this issue is the...

  • A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. Affected by this...

  • Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization vulnerability...

  • Improper Authentication vulnerability in Gmission Web Fax allows Privilege Escalation.This issue...

  • Missing Authorization vulnerability in Gmission Web Fax allows Privilege Abuse, Session...

  • The YaMaps for WordPress Plugin WordPress plugin before 0.6.40 does not validate and escape some...

  • The Plugin Organizer WordPress plugin before 10.2.4 does not sanitize and escape a parameter...

  • A weakness has been identified in SohuTV CacheCloud up to 3.2.0. Affected is the function advancedAnalysis of the file src/main/java/com/sohu/cache/web/controller/InstanceController.java. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. The project was informed of the problem early through an issue report but has not responded yet.

  • A security flaw has been discovered in SohuTV CacheCloud up to 3.2.0. This impacts the function preview of the file src/main/java/com/sohu/cache/web/controller/RedisConfigTemplateController.java. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be exploited. The project was informed of the problem early through an issue report but has not responded yet.

  • A vulnerability was identified in SohuTV CacheCloud up to 3.2.0. This affects the function index of the file src/main/java/com/sohu/cache/web/controller/ServerController.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

Updated ›

  • Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

  • A weakness has been identified in SohuTV CacheCloud up to 3.2.0. Affected is the function advancedAnalysis of the file src/main/java/com/sohu/cache/web/controller/InstanceController.java. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. The project was informed of the problem early through an issue report but has not responded yet.

  • A security flaw has been discovered in SohuTV CacheCloud up to 3.2.0. This impacts the function preview of the file src/main/java/com/sohu/cache/web/controller/RedisConfigTemplateController.java. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be exploited. The project was informed of the problem early through an issue report but has not responded yet.

  • A vulnerability was identified in SohuTV CacheCloud up to 3.2.0. This affects the function index of the file src/main/java/com/sohu/cache/web/controller/ServerController.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

  • A security vulnerability has been detected in Advaya Softech GEMS ERP Portal up to 2.1. This affects an unknown part of the file /home.jsp?isError=true of the component Error Message Handler. The manipulation of the argument Message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

  • A weakness has been identified in BiggiDroid Simple PHP CMS 1.0. Affected by this issue is some unknown functionality of the file /admin/editsite.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

  • A vulnerability was identified in itsourcecode Student Management System 1.0. Affected is an unknown function of the file /statistical.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.

  • A vulnerability was determined in itsourcecode Online Cake Ordering System 1.0. This impacts an unknown function of the file /detailtransac.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

  • A vulnerability was found in itsourcecode Online Cake Ordering System 1.0. This affects an unknown function of the file /updatesupplier.php?action=edit. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.

  • A vulnerability has been found in itsourcecode Online Cake Ordering System 1.0. The impacted element is an unknown function of the file /updatecustomer.php?action=edit. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.