CVEs

Tenable maintains a list of Common Vulnerabilities and Exposures (CVEs) and their affected products. Tenable augments the data to include related Tenable Plugins that detect each vulnerability. 328669 CVEs are indexed from NVD.

Search

Vulnerability Watch ›

  • CVE-2025-64155
    criticalVulnerability of Interest

    Public exploit code has been released for this Fortinet FortiSIEM command injection vulnerability. Immediate patching is recommended as Fortinet devices are often targeted

  • CVE-2025-37164
    criticalVulnerability of Interest

    This HPE OneView RCE was assigned the maximum CVSS score of 10. Exploitation has been reported by CISA and a PoC has been released. Immediate patching is recommended.

  • CVE-2025-8110
    highVulnerability of Interest

    Zero-day exploitation has been observed. Refer to the vendor for further updates on patching and mitigation options

  • CVE-2020-12812
    criticalVulnerability of Interest

    This improper authentication vulnerability affecting Fortinet devices is exploitable in certain configurations. Exploitation has been observed and patching is recommended.

  • CVE-2025-59466
    highVulnerability Being Monitored

    We are monitoring a new denial of service (DoS) vulnerability that affects React Server, Next.js and many Application Performance Monitoring (APM) tools.

  • CVE-2025-69258
    criticalVulnerability Being Monitored

    Patches have been released as well as exploit code for this Trend Micro Apex Central RCE. Immediate patching is recommended.

  • CVE-2026-21877
    criticalVulnerability Being Monitored

    This RCE in n8n has received the maximum CVSS score of 10. Immediate patching is recommended.

  • CVE-2026-21858
    criticalVulnerability Being Monitored

    This RCE in n8n has received the maximum CVSS score of 10. Immediate patching is recommended.

  • CVE-2026-20029
    mediumVulnerability Being Monitored

    Public exploit code has been released. While no exploitation has been reported, immediate patching of this Cisco Identity Services Engine (ISE) flaw is recommended.

Newest ›

  • The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

  • Rejected reason: Not used

  • Rejected reason: Not used

  • Rejected reason: Not used

  • Rejected reason: Not used

  • Rejected reason: Not used

  • Rejected reason: Not used

  • Rejected reason: Not used

  • Rejected reason: Not used

  • Rejected reason: Not used

Updated ›

  • Rejected reason: Not used

  • Rejected reason: Not used

  • Rejected reason: Not used

  • Rejected reason: Not used

  • Rejected reason: Not used

  • Rejected reason: Not used

  • Rejected reason: Not used

  • Rejected reason: Not used

  • Rejected reason: Not used

  • A vulnerability was found in PHPGurukul Online Course Registration up to 3.1. This issue affects some unknown processing of the file /admin/edit-student-profile.php of the component Student Registration Page. The manipulation of the argument photo results in unrestricted upload. The attack may be launched remotely. The exploit has been made public and could be used.