Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Research

The Leader in Vulnerability and Exposure Research

Tenable Research is the source of all Tenable solutions. By providing exposure intelligence, security advisories and alerts, data science insights and zero-day research, Tenable helps organizations secure their modern attack surface.

Contact Us

Research Alerts

Today's Landscape
  • CVE-2025-2825: Public exploit code has been released and in the wild exploitation has been observed for unpatched instances of CrushFTP
  • CVE-2025-29927: Technical details are available for a critical Next.js authorization bypass flaw. Researchers are creating proof of concept exploits. Patching is strongly advised.
  • CVE-2025-23120: Researchers detail Veeam Backup & Replication flaws and note PoC for CVE-2024-40711 can be modified to exploit this flaw. Apply available patches immediately.
  • CVE-2025-31160: A CVE has been assigned for a denial of service flaw in atop that has been connected to a blog post warning from a reputable sysadmin. We are monitoring for more intel.
  • CVE-2025-24514: We are monitoring a series of vulnerabilities in the Ingress NGINX Controller for Kubernetes, dubbed IngressNightmare. Organizations are advised to apply available patches.

Meet Tenable Research

Vulnerability Intelligence

Tenable Research develops detections for vulnerabilities and exposures across the modern attack surface supporting cloud, IT IoT, OT, web apps and identity assets. New detections are released within 24 hours of high profile issues.

View the Content Portal See Latest Plugins Pipeline
Audits & Compliance

Tenable Research creates compliance audits against published standards and baselines (e.g. CIS Benchmarks, DISA STIGs) and across more than 25 security frameworks (e.g. HIPAA, NIST 800-53).

View the Audit Portal Download Audit Files
Security Response

The Security Response Team (SRT) tracks the threat and vulnerability landscapes to provide critical analysis and inform rapid detection coverage across Tenable solutions.

See Latest Security Advisories
Zero-Day Research

The team includes "white hat" researchers that analyze popular software platforms to proactively identify vulnerabilities and exposures to better protect customers.

See Latest Zero-Day Research
Attack Path Research

Tenable Research monitors the threat landscape and builds new attack techniques in support of Tenable Attack Path Analysis to uncover all potential attack paths that could impact organizations.

View Attack Path Techniques
Asset Management

Tenable Research develops asset identification and configuration audit plugins to identify operating systems, devices, applications and service identifications.

Search Plugins
Tenable Research Alliance

The Tenable Research Alliance Program is an intelligence sharing initiative among leading technology organizations to help protect customers before attackers become aware of exposures through formal vendor announcements.

Learn About the Tenable Research Alliance Program

Research Insights

  • AI apps - getting pervasive


    As of Aug '24, EMEA ranked first with 22% of AI-related scans resulting in a detection while in APAC it was about 5% and the Americas stood at 18% of scans.

    Small organizations can easily see 100 detections while larger ones 30,000-plus a day!

  • Know your AI exposure


    During a 75-day period between late June and early September, Tenable found over 9 million instances of AI applications on more than 1 million hosts

    Check out our Tenable VM AI detections here

  • Tenable One Platform Research

    900 Million for Identity, 400 Million for OT, 16 Billion for WAS - data points used by Tenable researchers to cover exposures across the Tenable One Platform

  • Did you know?

    If a vulnerability is exploited / PoC exists, then that CVE is remediated 2.2x faster than those without known exploits, on average.

    Critical CVEs are remediated 33% more than the average CVE in the first week of patch availability

  • Scheduled patch releases help



    Microsoft Patch Tuesday vulnerabilities are remediated 30% faster, on average, than other vulnerabilities, and reach about a 50% remediation rate around 20 days after Patch Tuesday each month

Explore Research Resources

CISA Known Exploited Vulnerabilities (KEV) Coverage

Research Release
Highlights

Content
Portal

Plugins
Pipeline

Recent Publications

Research Blog

April 1, 2025 ImageRunner: A Privilege Escalation Vulnerability Impacting GCP Cloud Run
March 26, 2025 Who's Afraid of AI Risk in Cloud Environments?
February 19, 2025 How To Reduce DNS Infrastructure Risk To Secure Your Cloud Attack Surface
December 11, 2024 New CISA Hardening Guidance Provides Valuable Insights for Network Security Engineers
More Research Blogs

Cyber Exposure Alerts

March 24, 2025 CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare
March 13, 2025 DeepSeek Deep Dive Part 1: Creating Malware, Including Keyloggers and Ransomware
March 11, 2025 Microsoft’s March 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-26633, CVE-2025-24983, CVE-2025-24993)
March 4, 2025 CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Zero-Day Vulnerabilities in VMware ESXi, Workstation and Fusion Exploited
More Cyber Exposure Alerts

Webinars and Reports

Report: Tenable Cloud Risk Report 2024
Report: Auditing Pimcore Enterprise Platform
Report: 2024 Cloud Security Outlook - Navigating Barriers and Setting Priorities
Webinar: Tenable Cloud Security Outlook 2024
Report: How Generative AI Is Changing Security Research
Tenable 2022 Threat Landscape Report
Report: Managing Risk in the Metaverse
Report: Router Vulnerability Present for a Decade - Why IoT Supply Chain Is to Blame

Tenable Research @ Medium

CVE-2024–8182 : Accidental Discovery of an Unauthenticated DoS
While reviewing some LLM related products with the team, we came across FlowiseAI.FlowiseAI is an open-source tool for building conversational AI appl…Joshua Martinelle
September 13, 2024
IoT firmware emulation and device fingerprinting challenges
Gathering information on a device could be tricky if you don’t have direct access to exposed services like SNMP, HTTP, FTP, or any other ports or pr…Gabriel Compan
August 6, 2024
Using conflicting objects in Active Directory to gain privileges
SummaryActive Directory (AD) uses a multi-master replication model to have a decentralized infrastructure. As long as one domain controller (DC) is up…Antoine Cauchois
July 31, 2024
Solidus — Code Review
Solidus — Code ReviewAs a Research Engineer at Tenable, we have several periods during the year to work on a subject of our choice, as long as …Joshua Martinelle
June 10, 2024
Stealthy Persistence with “Directory Synchronization Accounts” Role in Entra ID
SummaryThe “Directory Synchronization Accounts” Entra role is very powerful (allowing privilege escalation to the Global Administrator role) while…Clément Notin [Tenable]
June 3, 2024
WordPress : From vulnerability identification to compromising
WordPress Core is the most popular web Content Management System (CMS). This free and open-source CMS written in PHP allows developers to develop web …Joshua Martinelle
May 29, 2024
Another Path to Exploiting CVE-2024-1212 in Progress Kemp LoadMaster
IntroRhino Labs discovered a pre-authentication command injection vulnerability in the Progress Kemp LoadMaster. LoadMaster is a load balancer product…Ben Smith
April 2, 2024
Stealthy Persistence & PrivEsc in Entra ID by using the Federated Auth Secondary Token-signing Cert.
Exploiting Entra ID for Stealthier Persistence and Privilege Escalation using the Federated Authentication’s Secondary Token-signing CertificateSumm…Clément Notin [Tenable]
January 31, 2024

Learn More About Tenable

Careers

Secure your spot @ Tenable Research

Explore

Awards

See why customers trust Tenable

Explore

Community

Learn, share, and contribute

Explore
Try for free Buy now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose your subscription option:

Buy Now
Try for free Buy now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose your subscription option:

Buy Now
Try for free Buy now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose your subscription option:

Buy Now
Try for free Buy now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Request a demo of Tenable Security Center

Please fill out this form with your contact information.

A sales representative will contact you shortly to schedule a demo.

* Field is required

Request a demo of Tenable OT Security

Get the Operational Technology security you need.

Reduce the risk you don’t.

Request a demo

Don’t wait for an attack--eliminate risks before they’re exploited.

  • Uncover hidden weaknesses
  • Stop threats before they strike
  • Simplify security
  • Secure hybrid environments

Request a demo of Tenable Cloud Security

Exceptional unified cloud security awaits you!

We’ll show you exactly how Tenable Cloud Security helps you deliver multi-cloud asset discovery, prioritized risk assessments and automated compliance/audit reports.

See
Tenable One
in action

Exposure management for the modern attack surface.

See Tenable Attack Surface Management in action

Know the exposure of every asset on any platform.

Get a demo of Tenable Enclave Security

Please fill out the form with your contact information and a sales representative will contact you shortly to schedule a demo.

Try for free Buy now

Try Tenable Nessus Professional free

Free for 7 days

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
now available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select your license

Buy a multi-year license and save.

Add support and training
Buy Now
Renew an existing license Find a reseller
Try for free Buy now

Try Tenable Nessus Expert free

Free for 7 days.

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select your license

Buy a multi-year license and save more.

Add support and training
Buy Now
Renew an existing license Find a reseller

Get a demo of Tenable Patch Management

Interested in streamlining security and IT collaboration and shortening the mean time to remediate with automation? Try Tenable Patch Management.