Detections
Analytics

CVEs

Tenable maintains a list of Common Vulnerabilities and Exposures (CVEs) and their affected products. Tenable augments the data to include related Tenable Plugins that detect each vulnerability. 320059 CVEs are indexed from NVD.

RSS Feeds

Search

Vulnerability Watch ›

  • CVE-2025-58034
    highVulnerability of Interest

    Exploitation of this Fortinet FortiWeb vulnerability has been observed. Patches have been released and should be applied as soon as possible.

  • CVE-2025-64446
    criticalVulnerability of Interest

    Exploitation of this Fortinet FortiWeb vulnerability has been observed. Patches have been released and should be applied as soon as possible.

  • CVE-2025-61757
    criticalVulnerability of Interest

    Exploitation of this Oracle Identity Manager remote code execution vulnerability has been observed. Immediate patching is recommended.

  • CVE-2025-20362
    highVulnerability of Interest

    CISA has released updated patch guidance and urges immediate patching for these Cisco vulnerabilities which have been exploited in the wild.

  • CVE-2025-20333
    criticalVulnerability of Interest

    CISA has released updated patch guidance and urges immediate patching for these Cisco vulnerabilities which have been exploited in the wild.

  • CVE-2025-41115
    criticalVulnerability Being Monitored

    This maximum severity flaw affecting Grafana could allow for privilege escalation. Immediate patching is recommended.

  • CVE-2025-60673
    mediumVulnerability Being Monitored

    While these D-Link flaws have not been exploited, they impact end of life devices. No patches will be released and affected models should be replaced with supported devices

  • CVE-2025-60672
    mediumVulnerability Being Monitored

    While these D-Link flaws have not been exploited, they impact end of life devices. No patches will be released and affected models should be replaced with supported devices

Newest ›

  • CVE-2025-66187
    No Score

    Rejected reason: Not used

  • CVE-2025-66186
    No Score

    Rejected reason: Not used

  • CVE-2025-66185
    No Score

    Rejected reason: Not used

  • CVE-2025-66184
    No Score

    Rejected reason: Not used

  • CVE-2025-66183
    No Score

    Rejected reason: Not used

  • CVE-2025-66182
    No Score

    Rejected reason: Not used

  • CVE-2025-66181
    No Score

    Rejected reason: Not used

  • CVE-2025-66180
    No Score

    Rejected reason: Not used

  • CVE-2025-66179
    No Score

    Rejected reason: Not used

  • CVE-2025-10646
    medium

    The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient capability check on the Base::get_rest_permission() method in all versions up to, and including, 2.5.7. This makes it possible for authenticated attackers, with Contributor-level access and above, to modify plugin settings, such as adding arbitrary posts to the search exclusion list.

Updated ›

  • CVE-2025-9803
    critical

    lunary-ai/lunary version 1.9.34 is vulnerable to an account takeover due to improper authentication in the Google OAuth integration. The application fails to verify the 'aud' (audience) field in the access token issued by Google, which is crucial for ensuring the token is intended for the application. This oversight allows attackers to use tokens issued to malicious applications to gain unauthorized access to user accounts. The issue is resolved in version 1.9.35.

  • CVE-2025-66187
    No Score

    Rejected reason: Not used

  • CVE-2025-66186
    No Score

    Rejected reason: Not used

  • CVE-2025-66185
    No Score

    Rejected reason: Not used

  • CVE-2025-66184
    No Score

    Rejected reason: Not used

  • CVE-2025-66183
    No Score

    Rejected reason: Not used

  • CVE-2025-66182
    No Score

    Rejected reason: Not used

  • CVE-2025-66181
    No Score

    Rejected reason: Not used

  • CVE-2025-66180
    No Score

    Rejected reason: Not used

  • CVE-2025-66179
    No Score

    Rejected reason: Not used