CVEs

Tenable maintains a list of Common Vulnerabilities and Exposures (CVEs) and their affected products. Tenable augments the data to include related Tenable Plugins that detect each vulnerability. 329971 CVEs are indexed from NVD.

Search

Vulnerability Watch ›

  • CVE-2026-20045
    highVulnerability of Interest

    Cisco reports that attempted exploitation has been observed and this RCE has been rated as critical. Immediate patching is recommended

  • CVE-2025-64155
    criticalVulnerability of Interest

    Reports indicate that threat actors are actively exploiting this vulnerability. Apply the available patches as soon as possible.

  • CVE-2025-20393
    criticalVulnerability of Interest

    Exploitation has been reported and patches are now available. Immediate patching of this Cisco vulnerability is recommended.

  • CVE-2025-37164
    criticalVulnerability of Interest

    This HPE OneView RCE was assigned the maximum CVSS score of 10. Exploitation has been reported and a PoC has been released. Immediate patching is recommended.

  • CVE-2025-8110
    highVulnerability of Interest

    Zero-day exploitation has been observed. Refer to the vendor for further updates on patching and mitigation options

  • CVE-2025-59466
    mediumVulnerability Being Monitored

    We are monitoring a new denial of service (DoS) vulnerability that affects React Server, Next.js and many Application Performance Monitoring (APM) tools.

  • CVE-2026-0227
    highVulnerability Being Monitored

    Exploit code is reportedly available for this high severity denial of service vulnerability affecting PAN-OS Firewalls. Immediate patching is recommended.

  • CVE-2025-69258
    criticalVulnerability Being Monitored

    Patches have been released as well as exploit code for this Trend Micro Apex Central RCE. Immediate patching is recommended.

Newest ›

  • Dell PowerScale OneFS, versions prior 9.13.0.0, contains an insufficient logging vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to information tampering.

  • An issue with WordPress directory names in WebPros WordPress Toolkit before 6.9.1 allows privilege escalation.

  • Missing Authorization vulnerability in Ludwig You WPMasterToolKit wpmastertoolkit allows...

  • Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...

  • Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in...

  • Missing Authorization vulnerability in bookingalgorithms BA Book Everything ba-book-everything...

  • Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...

  • Missing Authorization vulnerability in Rasedul Haque Rumi BD Courier Order Ratio Checker bd...

  • Missing Authorization vulnerability in Chandni Patel WP MapIt wp-mapit allows Exploiting...

  • Missing Authorization vulnerability in Select-Themes Prowess prowess allows Exploiting...

Updated ›

  • Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QantumThemes Kentha Elementor Widgets kentha-elementor allows PHP Local File Inclusion.This issue affects Kentha Elementor Widgets: from n/a through < 3.1.

  • Missing Authorization vulnerability in Element Invader Element Invader &#8211; Template Kits for Elementor elementinvader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Invader &#8211; Template Kits for Elementor: from n/a through <= 1.2.4.

  • Cross-Site Request Forgery (CSRF) vulnerability in launchinteractive Merge + Minify + Refresh merge-minify-refresh allows Cross Site Request Forgery.This issue affects Merge + Minify + Refresh: from n/a through <= 2.14.

  • Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins B Slider b-slider allows DOM-Based XSS.This issue affects B Slider: from n/a through <= 2.0.6.

  • Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods PhotoMe photome allows Server Side Request Forgery.This issue affects PhotoMe: from n/a through < 5.7.2.

  • Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.8.0.

  • Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through <= 2.4.3.

  • Cross-Site Request Forgery (CSRF) vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Cross Site Request Forgery.This issue affects RegistrationMagic: from n/a through <= 6.0.6.9.

  • Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0.

  • Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a through < 3.2.8.