[go: up one dir, main page]
Detections
Analytics

CVEs

Tenable maintains a list of Common Vulnerabilities and Exposures (CVEs) and their affected products. Tenable augments the data to include related Tenable Plugins that detect each vulnerability. 328008 CVEs are indexed from NVD.

RSS Feeds

Search

Vulnerability Watch ›

  • CVE-2025-37164
    criticalVulnerability of Interest

    This HPE OneView RCE was assigned the maximum CVSS score of 10. Exploitation has been reported by CISA and a PoC has been released. Immediate patching is recommended.

  • CVE-2020-12812
    criticalVulnerability of Interest

    This improper authentication vulnerability affecting Fortinet devices is exploitable in certain configurations. Exploitation has been observed and patching is recommended.

  • CVE-2025-69258
    criticalVulnerability Being Monitored

    Patches have been released as well as exploit code for this Trend Micro Apex Central RCE. Immediate patching is recommended.

  • CVE-2026-21877
    criticalVulnerability Being Monitored

    This RCE in n8n has received the maximum CVSS score of 10. Immediate patching is recommended.

  • CVE-2026-21858
    criticalVulnerability Being Monitored

    This RCE in n8n has received the maximum CVSS score of 10. Immediate patching is recommended.

  • CVE-2026-20029
    mediumVulnerability Being Monitored

    Public exploit code has been released. While no exploitation has been reported, immediate patching of this Cisco Identity Services Engine (ISE) flaw is recommended.

  • CVE-2025-52691
    criticalVulnerability Being Monitored

    While no evidence of exploitation has been observed, this RCE in SmarterMail should be patched as soon as possible. It was assigned the maximum CVSS score of 10

  • CVE-2025-13915
    criticalVulnerability Being Monitored

    This critical authentication bypass vulnerability affecting IBM API Connect should be patched as soon as possible.

Newest ›

  • CVE-2025-14829
    critical

    The E-xact | Hosted Payment | WordPress plugin through 2.0 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server.

  • CVE-2025-10915
    critical

    The Dreamer Blog WordPress theme through 1.2 is vulnerable to arbitrary installations due to a missing capability check.

  • CVE-2026-22837
    No Score

    Rejected reason: Not used

  • CVE-2026-22836
    No Score

    Rejected reason: Not used

  • CVE-2026-22835
    No Score

    Rejected reason: Not used

  • CVE-2026-22834
    No Score

    Rejected reason: Not used

  • CVE-2026-22833
    No Score

    Rejected reason: Not used

  • CVE-2026-22832
    No Score

    Rejected reason: Not used

  • CVE-2026-22831
    No Score

    Rejected reason: Not used

  • CVE-2026-22830
    No Score

    Rejected reason: Not used

Updated ›

  • CVE-2026-22837
    No Score

    Rejected reason: Not used

  • CVE-2026-22836
    No Score

    Rejected reason: Not used

  • CVE-2026-22835
    No Score

    Rejected reason: Not used

  • CVE-2026-22834
    No Score

    Rejected reason: Not used

  • CVE-2026-22833
    No Score

    Rejected reason: Not used

  • CVE-2026-22832
    No Score

    Rejected reason: Not used

  • CVE-2026-22831
    No Score

    Rejected reason: Not used

  • CVE-2026-22830
    No Score

    Rejected reason: Not used

  • CVE-2026-22829
    No Score

    Rejected reason: Not used

  • CVE-2026-0719
    high

    A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.