Detections
Analytics
CVEs
Tenable maintains a list of Common Vulnerabilities and Exposures (CVEs) and their affected products. Tenable augments the data to include related Tenable Plugins that detect each vulnerability. 332198 CVEs are indexed from NVD.
RSS Feeds
Search
Vulnerability Watch ›
CVE-2026-1340
criticalVulnerability of Interest
Two Ivanti Endpoint Manager Mobile zero-day flaws were exploited in the wild in limited attacks. Apply the available patches immediately.
CVE-2026-1281
criticalVulnerability of Interest
Two Ivanti Endpoint Manager Mobile zero-day flaws were exploited in the wild in limited attacks. Apply the available patches immediately.
CVE-2025-40551
criticalVulnerability of Interest
This critical vulnerability affecting SolarWinds Web Help Desk has been reportedly exploited in the wild and should be remediated as soon as possible.
CVE-2026-24858
criticalVulnerability of Interest
Fortinet has observed in the wild exploitation of this vulnerability. Customers must upgrade to the latest versions in order to use FortiCloud SSO authentication
CVE-2026-21509
highVulnerability of Interest
Microsoft released this out of band update to address a security feature bypass vulnerability that has been exploited in the wild. Immediate patching is recommended
CVE-2024-37079
criticalVulnerability of Interest
Exploitation has been reported for this VMware vCenter Server vulnerability. Patches are available and should be applied as soon as possible.
CVE-2025-40554
criticalVulnerability Being Monitored
This critical vulnerability affecting SolarWinds Web Help Desk should be remediated as soon as possible. Solar Winds products have been highly targeted in the past
CVE-2025-40553
criticalVulnerability Being Monitored
This critical vulnerability affecting SolarWinds Web Help Desk should be remediated as soon as possible. Solar Winds products have been highly targeted in the past
CVE-2025-40552
criticalVulnerability Being Monitored
This critical vulnerability affecting SolarWinds Web Help Desk should be remediated as soon as possible. Solar Winds products have been highly targeted in the past
CVE-2026-22709
criticalVulnerability Being Monitored
This critical sandbox escape vulnerability affects the Node.js library and can be abused to execute commands. Immediate patching is recommended.
Newest ›
CVE-2026-2017
critical
A vulnerability was detected in IP-COM W30AP up to 1.0.0.11(1340). Affected by this issue is the...
CVE-2026-2016
medium
A security vulnerability has been detected in happyfish100 libfastcommon up to 1.0.84. Affected...
CVE-2026-2015
medium
A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file FinalStatusImportService.php of the component Final Status Import. Executing a manipulation of the argument school_id can lead to improper authorization. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2026-2014
medium
A security flaw has been discovered in itsourcecode Student Management System 1.0. This impacts an unknown function of the file /ramonsys/billing/index.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.
CVE-2026-24928
medium
Out-of-bounds write vulnerability in the file system module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-24927
medium
Out-of-bounds access vulnerability in the frequency modulation module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-24924
medium
Vulnerability of improper permission control in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-24920
medium
Permission control vulnerability in the AMS module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-2013
medium
A vulnerability was identified in itsourcecode Student Management System 1.0. This affects an unknown function of the file /ramonsys/soa/index.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used.
CVE-2026-24931
medium
Vulnerability of improper criterion security check in the card module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Updated ›
CVE-2026-25698
No Score
Rejected reason: Not used
CVE-2026-25697
No Score
Rejected reason: Not used
CVE-2026-25696
No Score
Rejected reason: Not used
CVE-2026-25695
No Score
Rejected reason: Not used
CVE-2026-25694
No Score
Rejected reason: Not used
CVE-2026-25693
No Score
Rejected reason: Not used
CVE-2026-25692
No Score
Rejected reason: Not used
CVE-2026-25068
medium
alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplg_decode_control_mixer1() function reads the num_channels field from untrusted .tplg data and uses it as a loop bound without validating it against the fixed-size channel array (SND_TPLG_MAX_CHAN). A crafted topology file with an excessive num_channels value can cause out-of-bounds heap writes, leading to a crash.
CVE-2026-24931
medium
Vulnerability of improper criterion security check in the card module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-24930
high
UAF concurrency vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability.