Detections
Analytics

CVEs

Tenable maintains a list of Common Vulnerabilities and Exposures (CVEs) and their affected products. Tenable augments the data to include related Tenable Plugins that detect each vulnerability. 329971 CVEs are indexed from NVD.

RSS Feeds

Search

Vulnerability Watch ›

  • CVE-2026-20045
    highVulnerability of Interest

    Cisco reports that attempted exploitation has been observed and this RCE has been rated as critical. Immediate patching is recommended

  • CVE-2025-64155
    criticalVulnerability of Interest

    Reports indicate that threat actors are actively exploiting this vulnerability. Apply the available patches as soon as possible.

  • CVE-2025-20393
    criticalVulnerability of Interest

    Exploitation has been reported and patches are now available. Immediate patching of this Cisco vulnerability is recommended.

  • CVE-2025-37164
    criticalVulnerability of Interest

    This HPE OneView RCE was assigned the maximum CVSS score of 10. Exploitation has been reported and a PoC has been released. Immediate patching is recommended.

  • CVE-2025-8110
    highVulnerability of Interest

    Zero-day exploitation has been observed. Refer to the vendor for further updates on patching and mitigation options

  • CVE-2025-59466
    mediumVulnerability Being Monitored

    We are monitoring a new denial of service (DoS) vulnerability that affects React Server, Next.js and many Application Performance Monitoring (APM) tools.

  • CVE-2026-0227
    highVulnerability Being Monitored

    Exploit code is reportedly available for this high severity denial of service vulnerability affecting PAN-OS Firewalls. Immediate patching is recommended.

  • CVE-2025-69258
    criticalVulnerability Being Monitored

    Patches have been released as well as exploit code for this Trend Micro Apex Central RCE. Immediate patching is recommended.

Newest ›

  • CVE-2026-22279
    medium

    Dell PowerScale OneFS, versions prior 9.13.0.0, contains an insufficient logging vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to information tampering.

  • CVE-2025-66428
    high

    An issue with WordPress directory names in WebPros WordPress Toolkit before 6.9.1 allows privilege escalation.

  • CVE-2026-24388
    critical

    Missing Authorization vulnerability in Ludwig You WPMasterToolKit wpmastertoolkit allows...

  • CVE-2026-24389
    medium

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...

  • CVE-2026-24377
    high

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in...

  • CVE-2026-24371
    critical

    Missing Authorization vulnerability in bookingalgorithms BA Book Everything ba-book-everything...

  • CVE-2026-24354
    medium

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...

  • CVE-2026-22481
    critical

    Missing Authorization vulnerability in Rasedul Haque Rumi BD Courier Order Ratio Checker bd...

  • CVE-2026-22466
    high

    Missing Authorization vulnerability in Chandni Patel WP MapIt wp-mapit allows Exploiting...

  • CVE-2026-22447
    high

    Missing Authorization vulnerability in Select-Themes Prowess prowess allows Exploiting...

Updated ›

  • CVE-2026-24390
    critical

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QantumThemes Kentha Elementor Widgets kentha-elementor allows PHP Local File Inclusion.This issue affects Kentha Elementor Widgets: from n/a through < 3.1.

  • CVE-2026-24386
    high

    Missing Authorization vulnerability in Element Invader Element Invader &#8211; Template Kits for Elementor elementinvader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Invader &#8211; Template Kits for Elementor: from n/a through <= 1.2.4.

  • CVE-2026-24384
    high

    Cross-Site Request Forgery (CSRF) vulnerability in launchinteractive Merge + Minify + Refresh merge-minify-refresh allows Cross Site Request Forgery.This issue affects Merge + Minify + Refresh: from n/a through <= 2.14.

  • CVE-2026-24383
    medium

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins B Slider b-slider allows DOM-Based XSS.This issue affects B Slider: from n/a through <= 2.0.6.

  • CVE-2026-24381
    critical

    Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods PhotoMe photome allows Server Side Request Forgery.This issue affects PhotoMe: from n/a through < 5.7.2.

  • CVE-2026-24380
    high

    Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.8.0.

  • CVE-2026-24379
    critical

    Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through <= 2.4.3.

  • CVE-2026-24374
    high

    Cross-Site Request Forgery (CSRF) vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Cross Site Request Forgery.This issue affects RegistrationMagic: from n/a through <= 6.0.6.9.

  • CVE-2026-24368
    high

    Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0.

  • CVE-2026-24367
    critical

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a through < 3.2.8.