CVEs

Tenable maintains a list of Common Vulnerabilities and Exposures (CVEs) and their affected products. Tenable augments the data to include related Tenable Plugins that detect each vulnerability. 329462 CVEs are indexed from NVD.

Search

Vulnerability Watch ›

  • CVE-2025-64155
    criticalVulnerability of Interest

    Reports indicate that threat actors are actively exploiting this vulnerability. Apply the available patches as soon as possible.

  • CVE-2025-20393
    criticalVulnerability of Interest

    Exploitation has been reported and patches are now available. Immediate patching of this Cisco vulnerability is recommended.

  • CVE-2025-37164
    criticalVulnerability of Interest

    This HPE OneView RCE was assigned the maximum CVSS score of 10. Exploitation has been reported and a PoC has been released. Immediate patching is recommended.

  • CVE-2025-8110
    highVulnerability of Interest

    Zero-day exploitation has been observed. Refer to the vendor for further updates on patching and mitigation options

  • CVE-2025-59466
    mediumVulnerability Being Monitored

    We are monitoring a new denial of service (DoS) vulnerability that affects React Server, Next.js and many Application Performance Monitoring (APM) tools.

  • CVE-2026-0227
    highVulnerability Being Monitored

    Exploit code is reportedly available for this high severity denial of service vulnerability affecting PAN-OS Firewalls. Immediate patching is recommended.

  • CVE-2025-69258
    criticalVulnerability Being Monitored

    Patches have been released as well as exploit code for this Trend Micro Apex Central RCE. Immediate patching is recommended.

  • CVE-2026-21858
    criticalVulnerability Being Monitored

    This RCE in n8n has received the maximum CVSS score of 10. Immediate patching is recommended.

  • CVE-2026-20029
    mediumVulnerability Being Monitored

    Public exploit code has been released. While no exploitation has been reported, immediate patching of this Cisco Identity Services Engine (ISE) flaw is recommended.

Newest ›

  • Authentication Bypass by Primary Weakness vulnerability in Jamf Jamf Pro allows unspecified impact.This issue affects Jamf Pro: from 11.20 through 11.24.

  • Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow in the ssid parameter of the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

  • Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the formSetWifiMacFilterCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

  • Malformed BRID/HHIT records can cause `named` to terminate unexpectedly. This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1.

  • A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control.

  • Denial-of-service vulnerability in M-Files Server versions before 26.1.15632.3 allows an authenticated attacker with vault administrator privileges to crash the M-Files Server process by calling a vulnerable API endpoint.

  • A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the...

  • The installer of ServerView Agents for Windows provided by Fsas Technologies Inc. may insecurely load Dynamic Link Libraries. Arbitrary code may be executed with the administrator privilege when the installer is executed.

  • telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

  • A flaw was found in the Keycloak server during refresh token processing, specifically in the...

Updated ›

  • telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

  • Rejected reason: Not used

  • Rejected reason: Not used

  • Rejected reason: Not used

  • Rejected reason: Not used

  • Rejected reason: Not used

  • Rejected reason: Not used

  • Rejected reason: Not used

  • The installer of ServerView Agents for Windows provided by Fsas Technologies Inc. may insecurely load Dynamic Link Libraries. Arbitrary code may be executed with the administrator privilege when the installer is executed.

  • Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).