CVEs

Tenable maintains a list of Common Vulnerabilities and Exposures (CVEs) and their affected products. Tenable augments the data to include related Tenable Plugins that detect each vulnerability. 320059 CVEs are indexed from NVD.

Search

Vulnerability Watch ›

  • CVE-2025-58034
    highVulnerability of Interest

    Exploitation of this Fortinet FortiWeb vulnerability has been observed. Patches have been released and should be applied as soon as possible.

  • CVE-2025-64446
    criticalVulnerability of Interest

    Exploitation of this Fortinet FortiWeb vulnerability has been observed. Patches have been released and should be applied as soon as possible.

  • CVE-2025-61757
    criticalVulnerability of Interest

    Exploitation of this Oracle Identity Manager remote code execution vulnerability has been observed. Immediate patching is recommended.

  • CVE-2025-20362
    highVulnerability of Interest

    CISA has released updated patch guidance and urges immediate patching for these Cisco vulnerabilities which have been exploited in the wild.

  • CVE-2025-20333
    criticalVulnerability of Interest

    CISA has released updated patch guidance and urges immediate patching for these Cisco vulnerabilities which have been exploited in the wild.

  • CVE-2025-41115
    criticalVulnerability Being Monitored

    This maximum severity flaw affecting Grafana could allow for privilege escalation. Immediate patching is recommended.

  • CVE-2025-60673
    mediumVulnerability Being Monitored

    While these D-Link flaws have not been exploited, they impact end of life devices. No patches will be released and affected models should be replaced with supported devices

  • CVE-2025-60672
    mediumVulnerability Being Monitored

    While these D-Link flaws have not been exploited, they impact end of life devices. No patches will be released and affected models should be replaced with supported devices

Newest ›

  • Rejected reason: Not used

  • Rejected reason: Not used

  • Rejected reason: Not used

  • Rejected reason: Not used

  • Rejected reason: Not used

  • Rejected reason: Not used

  • Rejected reason: Not used

  • Rejected reason: Not used

  • Rejected reason: Not used

  • The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient capability check on the Base::get_rest_permission() method in all versions up to, and including, 2.5.7. This makes it possible for authenticated attackers, with Contributor-level access and above, to modify plugin settings, such as adding arbitrary posts to the search exclusion list.

Updated ›

  • lunary-ai/lunary version 1.9.34 is vulnerable to an account takeover due to improper authentication in the Google OAuth integration. The application fails to verify the 'aud' (audience) field in the access token issued by Google, which is crucial for ensuring the token is intended for the application. This oversight allows attackers to use tokens issued to malicious applications to gain unauthorized access to user accounts. The issue is resolved in version 1.9.35.

  • Rejected reason: Not used

  • Rejected reason: Not used

  • Rejected reason: Not used

  • Rejected reason: Not used

  • Rejected reason: Not used

  • Rejected reason: Not used

  • Rejected reason: Not used

  • Rejected reason: Not used

  • Rejected reason: Not used