Detections
Analytics

CVEs

Tenable maintains a list of Common Vulnerabilities and Exposures (CVEs) and their affected products. Tenable augments the data to include related Tenable Plugins that detect each vulnerability. 325199 CVEs are indexed from NVD.

RSS Feeds

Search

Vulnerability Watch ›

  • CVE-2025-14733
    criticalVulnerability of Interest

    This RCE flaw affecting WatchGuard Firebox can be exploited in certain configurations. Exploitation has been observed and immediate patching is recommended.

  • CVE-2025-40602
    mediumVulnerability of Interest

    SonicWall SMA1000 appliances are affected by a privilege escalation flaw (CVE-2025-40602). When chained with CVE-2025-23006, code execution is possible. Exploitation has begun

  • CVE-2025-20393
    criticalVulnerability of Interest

    A Cisco Secure Email Gateway And Cisco Secure Email and Web Manager command injection flaw can be exploited in certain configurations, limited exploitation has been observed.

  • CVE-2025-59719
    criticalVulnerability of Interest

    Exploitation has been observed for this authentication bypass flaw. Immediate patching is recommended and access to the management interface should be restricted.

  • CVE-2025-59718
    criticalVulnerability of Interest

    Exploitation has been observed for this authentication bypass flaw. Immediate patching is recommended and access to the management interface should be restricted.

  • CVE-2025-23006
    criticalVulnerability of Interest

    SonicWall SMA1000 appliances are affected by a privilege escalation flaw (CVE-2025-40602). When chained with CVE-2025-23006, code execution is possible. Exploitation has begun

  • CVE-2025-68613
    criticalVulnerability Being Monitored

    Code execution is possible in some conditions. Immediate updating of the n8n automation platform is recommended.

  • CVE-2025-14847
    highVulnerability Being Monitored

    This critical severity RCE affecting MongoDB should be patched as soon as possible. Currently no known exploitation has been reported.

  • CVE-2025-37164
    criticalVulnerability Being Monitored

    This HPE OneView RCE was assigned the maximum CVSS score of 10. While no exploitation has been reported, immediate patching is recommended.

Newest ›

  • CVE-2025-67450
    high

    Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package could perform arbitrary code execution . This security issue has been fixed in the latest version of EUC which is available on the Eaton download center.

  • CVE-2025-59888
    medium

    Improper quotation in search paths in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the file system. This security issue has been fixed in the latest version of EUC which is available on the Eaton download center.

  • CVE-2025-59887
    high

    Improper authentication of library files in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the software package. This security issue has been fixed in the latest version of EUC which is available on the Eaton download center.

  • CVE-2025-62578
    high

    DVP-12SE - Modbus/TCP Cleartext Transmission of Sensitive Information

  • CVE-2025-8075
    medium

    Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered that validation of incoming XML format request messages is inadequate. This vulnerability could allow an attacker to XSS on the user's browser. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.

  • CVE-2025-68946
    medium

    In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS.

  • CVE-2025-52601
    medium

    Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in Device Manager that a hardcoded encryption key for sensitive information. An attacker can use key to decrypt sensitive information. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.

  • CVE-2025-52600
    medium

    Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in camera video analytics that Improper input validation. This vulnerability could allow an attacker to execute specific commands on the user's host PC.The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.

  • CVE-2025-52599
    medium

    Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered Inadequate of permission management for camera guest account. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.

  • CVE-2025-52598
    medium

    Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has found a flaw that camera's client service does not perform certificate validation. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.

Updated ›

  • CVE-2025-8075
    medium

    Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered that validation of incoming XML format request messages is inadequate. This vulnerability could allow an attacker to XSS on the user's browser. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.

  • CVE-2025-68946
    medium

    In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS.

  • CVE-2025-68945
    medium

    In Gitea before 1.21.2, an anonymous user can visit a private user's project.

  • CVE-2025-68944
    medium

    Gitea before 1.22.2 sometimes mishandles the propagation of token scope for access control within one of its own package registries.

  • CVE-2025-68943
    medium

    Gitea before 1.21.8 inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order.

  • CVE-2025-68942
    medium

    Gitea before 1.22.2 allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text.

  • CVE-2025-68941
    medium

    Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources.

  • CVE-2025-68940
    low

    In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request.

  • CVE-2025-68939
    high

    Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API.

  • CVE-2025-68938
    medium

    Gitea before 1.25.2 mishandles authorization for deletion of releases.