Detections
Analytics

CVEs

Tenable maintains a list of Common Vulnerabilities and Exposures (CVEs) and their affected products. Tenable augments the data to include related Tenable Plugins that detect each vulnerability. 328500 CVEs are indexed from NVD.

RSS Feeds

Search

Vulnerability Watch ›

  • CVE-2025-37164
    criticalVulnerability of Interest

    This HPE OneView RCE was assigned the maximum CVSS score of 10. Exploitation has been reported by CISA and a PoC has been released. Immediate patching is recommended.

  • CVE-2025-8110
    highVulnerability of Interest

    Zero-day exploitation has been observed. Refer to the vendor for further updates on patching and mitigation options

  • CVE-2020-12812
    criticalVulnerability of Interest

    This improper authentication vulnerability affecting Fortinet devices is exploitable in certain configurations. Exploitation has been observed and patching is recommended.

  • CVE-2025-59466
    highVulnerability Being Monitored

    We are monitoring a new denial of service (DoS) vulnerability that affects React Server, Next.js and many Application Performance Monitoring (APM) tools.

  • CVE-2025-69258
    criticalVulnerability Being Monitored

    Patches have been released as well as exploit code for this Trend Micro Apex Central RCE. Immediate patching is recommended.

  • CVE-2026-21877
    criticalVulnerability Being Monitored

    This RCE in n8n has received the maximum CVSS score of 10. Immediate patching is recommended.

  • CVE-2026-21858
    criticalVulnerability Being Monitored

    This RCE in n8n has received the maximum CVSS score of 10. Immediate patching is recommended.

  • CVE-2026-20029
    mediumVulnerability Being Monitored

    Public exploit code has been released. While no exploitation has been reported, immediate patching of this Cisco Identity Services Engine (ISE) flaw is recommended.

Newest ›

  • CVE-2026-0694
    medium

    The SearchWiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post titles...

  • CVE-2026-0680
    medium

    The Real Post Slider Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...

  • CVE-2025-15486
    medium

    The Kunze Law plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's...

  • CVE-2025-15378
    high

    The AJS Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ...

  • CVE-2025-15377
    medium

    The Sosh Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all...

  • CVE-2025-15283
    high

    The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ...

  • CVE-2025-15266
    high

    The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for...

  • CVE-2025-15021
    medium

    The Gotham Block Extra Light plugin for WordPress is vulnerable to Stored Cross-Site Scripting...

  • CVE-2025-15020
    medium

    The Gotham Block Extra Light plugin for WordPress is vulnerable to Arbitrary File Read in all...

  • CVE-2025-14880
    medium

    The Netcash WooCommerce Payment Gateway plugin for WordPress is vulnerable to unauthorized...

Updated ›

  • CVE-2026-22718
    medium

    The VSCode extension for Spring CLI are vulnerable to command injection, resulting in command execution on the users machine.

  • CVE-2026-22686
    critical

    Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.7.0, there is a critical sandbox escape vulnerability in enclave-vm that allows untrusted, sandboxed JavaScript code to execute arbitrary code in the host Node.js runtime. When a tool invocation fails, enclave-vm exposes a host-side Error object to sandboxed code. This Error object retains its host realm prototype chain, which can be traversed to reach the host Function constructor. An attacker can intentionally trigger a host error, then climb the prototype chain. Using the host Function constructor, arbitrary JavaScript can be compiled and executed in the host context, fully bypassing the sandbox and granting access to sensitive resources such as process.env, filesystem, and network. This breaks enclave-vm’s core security guarantee of isolating untrusted code. This vulnerability is fixed in 2.7.0.

  • CVE-2025-68970
    medium

    Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

  • CVE-2025-68969
    medium

    Multi-thread race condition vulnerability in the thermal management module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2025-68968
    high

    Double free vulnerability in the multi-mode input module. Impact: Successful exploitation of this vulnerability may affect the input function.

  • CVE-2025-68967
    medium

    Vulnerability of improper permission control in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

  • CVE-2025-68966
    medium

    Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

  • CVE-2025-68965
    medium

    Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

  • CVE-2025-68964
    medium

    Data verification vulnerability in the HiView module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2025-68963
    medium

    Man-in-the-middle attack vulnerability in the Clone module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.