Detections
Analytics
CVEs
Tenable maintains a list of Common Vulnerabilities and Exposures (CVEs) and their affected products. Tenable augments the data to include related Tenable Plugins that detect each vulnerability. 328670 CVEs are indexed from NVD.
RSS Feeds
Search
Vulnerability Watch ›
CVE-2025-64155
criticalVulnerability of Interest
Public exploit code has been released for this Fortinet FortiSIEM command injection vulnerability. Immediate patching is recommended as Fortinet devices are often targeted
CVE-2025-37164
criticalVulnerability of Interest
This HPE OneView RCE was assigned the maximum CVSS score of 10. Exploitation has been reported by CISA and a PoC has been released. Immediate patching is recommended.
CVE-2025-8110
highVulnerability of Interest
Zero-day exploitation has been observed. Refer to the vendor for further updates on patching and mitigation options
CVE-2020-12812
criticalVulnerability of Interest
This improper authentication vulnerability affecting Fortinet devices is exploitable in certain configurations. Exploitation has been observed and patching is recommended.
CVE-2025-59466
highVulnerability Being Monitored
We are monitoring a new denial of service (DoS) vulnerability that affects React Server, Next.js and many Application Performance Monitoring (APM) tools.
CVE-2025-69258
criticalVulnerability Being Monitored
Patches have been released as well as exploit code for this Trend Micro Apex Central RCE. Immediate patching is recommended.
CVE-2026-21877
criticalVulnerability Being Monitored
This RCE in n8n has received the maximum CVSS score of 10. Immediate patching is recommended.
CVE-2026-21858
criticalVulnerability Being Monitored
This RCE in n8n has received the maximum CVSS score of 10. Immediate patching is recommended.
CVE-2026-20029
mediumVulnerability Being Monitored
Public exploit code has been released. While no exploitation has been reported, immediate patching of this Cisco Identity Services Engine (ISE) flaw is recommended.
Newest ›
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing ownership check in the dnd_codedropz_upload_delete() function in all versions up to, and including, 1.3.9.2. This makes it possible for unauthenticated attackers to delete arbitrary uploaded files when the "Send attachments as links" setting is enabled.
CVE-2025-14448
medium
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2026-23582
No Score
Rejected reason: Not used
CVE-2026-23581
No Score
Rejected reason: Not used
CVE-2026-23580
No Score
Rejected reason: Not used
CVE-2026-23579
No Score
Rejected reason: Not used
CVE-2026-23578
No Score
Rejected reason: Not used
CVE-2026-23577
No Score
Rejected reason: Not used
CVE-2026-23576
No Score
Rejected reason: Not used
CVE-2026-23575
No Score
Rejected reason: Not used
Updated ›
CVE-2026-23582
No Score
Rejected reason: Not used
CVE-2026-23581
No Score
Rejected reason: Not used
CVE-2026-23580
No Score
Rejected reason: Not used
CVE-2026-23579
No Score
Rejected reason: Not used
CVE-2026-23578
No Score
Rejected reason: Not used
CVE-2026-23577
No Score
Rejected reason: Not used
CVE-2026-23576
No Score
Rejected reason: Not used
CVE-2026-23575
No Score
Rejected reason: Not used
CVE-2026-23574
No Score
Rejected reason: Not used
CVE-2026-0892
critical
Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 147 and Thunderbird < 147.