Detections
Analytics

CVEs

Tenable maintains a list of Common Vulnerabilities and Exposures (CVEs) and their affected products. Tenable augments the data to include related Tenable Plugins that detect each vulnerability. 329462 CVEs are indexed from NVD.

RSS Feeds

Search

Vulnerability Watch ›

  • CVE-2025-64155
    criticalVulnerability of Interest

    Reports indicate that threat actors are actively exploiting this vulnerability. Apply the available patches as soon as possible.

  • CVE-2025-20393
    criticalVulnerability of Interest

    Exploitation has been reported and patches are now available. Immediate patching of this Cisco vulnerability is recommended.

  • CVE-2025-37164
    criticalVulnerability of Interest

    This HPE OneView RCE was assigned the maximum CVSS score of 10. Exploitation has been reported and a PoC has been released. Immediate patching is recommended.

  • CVE-2025-8110
    highVulnerability of Interest

    Zero-day exploitation has been observed. Refer to the vendor for further updates on patching and mitigation options

  • CVE-2025-59466
    mediumVulnerability Being Monitored

    We are monitoring a new denial of service (DoS) vulnerability that affects React Server, Next.js and many Application Performance Monitoring (APM) tools.

  • CVE-2026-0227
    highVulnerability Being Monitored

    Exploit code is reportedly available for this high severity denial of service vulnerability affecting PAN-OS Firewalls. Immediate patching is recommended.

  • CVE-2025-69258
    criticalVulnerability Being Monitored

    Patches have been released as well as exploit code for this Trend Micro Apex Central RCE. Immediate patching is recommended.

  • CVE-2026-21858
    criticalVulnerability Being Monitored

    This RCE in n8n has received the maximum CVSS score of 10. Immediate patching is recommended.

  • CVE-2026-20029
    mediumVulnerability Being Monitored

    Public exploit code has been released. While no exploitation has been reported, immediate patching of this Cisco Identity Services Engine (ISE) flaw is recommended.

Newest ›

  • CVE-2026-1290
    medium

    Authentication Bypass by Primary Weakness vulnerability in Jamf Jamf Pro allows unspecified impact.This issue affects Jamf Pro: from 11.20 through 11.24.

  • CVE-2025-70651
    high

    Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow in the ssid parameter of the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

  • CVE-2025-70645
    high

    Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the formSetWifiMacFilterCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

  • CVE-2025-13878
    high

    Malformed BRID/HHIT records can cause `named` to terminate unexpectedly. This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1.

  • CVE-2025-14083
    high

    A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control.

  • CVE-2026-0663
    medium

    Denial-of-service vulnerability in M-Files Server versions before 26.1.15632.3 allows an authenticated attacker with vault administrator privileges to crash the M-Files Server process by calling a vulnerable API endpoint.

  • CVE-2025-14559
    medium

    A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the...

  • CVE-2026-24016
    high

    The installer of ServerView Agents for Windows provided by Fsas Technologies Inc. may insecurely load Dynamic Link Libraries. Arbitrary code may be executed with the administrator privilege when the installer is executed.

  • CVE-2026-24061
    critical

    telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

  • CVE-2026-1035
    low

    A flaw was found in the Keycloak server during refresh token processing, specifically in the...

Updated ›

  • CVE-2026-24061
    critical

    telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

  • CVE-2026-24026
    No Score

    Rejected reason: Not used

  • CVE-2026-24025
    No Score

    Rejected reason: Not used

  • CVE-2026-24024
    No Score

    Rejected reason: Not used

  • CVE-2026-24023
    No Score

    Rejected reason: Not used

  • CVE-2026-24022
    No Score

    Rejected reason: Not used

  • CVE-2026-24021
    No Score

    Rejected reason: Not used

  • CVE-2026-24020
    No Score

    Rejected reason: Not used

  • CVE-2026-24016
    high

    The installer of ServerView Agents for Windows provided by Fsas Technologies Inc. may insecurely load Dynamic Link Libraries. Arbitrary code may be executed with the administrator privilege when the installer is executed.

  • CVE-2026-21984
    high

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).