Tenable maintains a list of Common Vulnerabilities and Exposures (CVEs) and their affected products. Tenable augments the data to include related Tenable Plugins that detect each vulnerability. 328670 CVEs are indexed from NVD.
Public exploit code has been released for this Fortinet FortiSIEM command injection vulnerability. Immediate patching is recommended as Fortinet devices are often targeted
This HPE OneView RCE was assigned the maximum CVSS score of 10. Exploitation has been reported by CISA and a PoC has been released. Immediate patching is recommended.
Zero-day exploitation has been observed. Refer to the vendor for further updates on patching and mitigation options
This improper authentication vulnerability affecting Fortinet devices is exploitable in certain configurations. Exploitation has been observed and patching is recommended.
We are monitoring a new denial of service (DoS) vulnerability that affects React Server, Next.js and many Application Performance Monitoring (APM) tools.
Patches have been released as well as exploit code for this Trend Micro Apex Central RCE. Immediate patching is recommended.
This RCE in n8n has received the maximum CVSS score of 10. Immediate patching is recommended.
This RCE in n8n has received the maximum CVSS score of 10. Immediate patching is recommended.
Public exploit code has been released. While no exploitation has been reported, immediate patching of this Cisco Identity Services Engine (ISE) flaw is recommended.
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing ownership check in the dnd_codedropz_upload_delete() function in all versions up to, and including, 1.3.9.2. This makes it possible for unauthenticated attackers to delete arbitrary uploaded files when the "Send attachments as links" setting is enabled.
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 147 and Thunderbird < 147.