Detections
Analytics
CVEs
Tenable maintains a list of Common Vulnerabilities and Exposures (CVEs) and their affected products. Tenable augments the data to include related Tenable Plugins that detect each vulnerability. 325227 CVEs are indexed from NVD.
RSS Feeds
Search
Vulnerability Watch ›
CVE-2025-14733
criticalVulnerability of Interest
This RCE flaw affecting WatchGuard Firebox can be exploited in certain configurations. Exploitation has been observed and immediate patching is recommended.
CVE-2025-40602
mediumVulnerability of Interest
SonicWall SMA1000 appliances are affected by a privilege escalation flaw (CVE-2025-40602). When chained with CVE-2025-23006, code execution is possible. Exploitation has begun
CVE-2025-20393
criticalVulnerability of Interest
A Cisco Secure Email Gateway And Cisco Secure Email and Web Manager command injection flaw can be exploited in certain configurations, limited exploitation has been observed.
CVE-2025-59719
criticalVulnerability of Interest
Exploitation has been observed for this authentication bypass flaw. Immediate patching is recommended and access to the management interface should be restricted.
CVE-2025-59718
criticalVulnerability of Interest
Exploitation has been observed for this authentication bypass flaw. Immediate patching is recommended and access to the management interface should be restricted.
CVE-2025-23006
criticalVulnerability of Interest
SonicWall SMA1000 appliances are affected by a privilege escalation flaw (CVE-2025-40602). When chained with CVE-2025-23006, code execution is possible. Exploitation has begun
CVE-2020-12812
criticalVulnerability of Interest
This improper authentication vulnerability affecting Fortinet devices is exploitable in certain configurations. Exploitation has been observed and patching is recommended.
CVE-2025-68613
criticalVulnerability Being Monitored
Code execution is possible in some conditions. Immediate updating of the n8n automation platform is recommended.
CVE-2025-14847
highVulnerability Being Monitored
This critical severity RCE affecting MongoDB should be patched as soon as possible. Currently no known exploitation has been reported.
CVE-2025-37164
criticalVulnerability Being Monitored
This HPE OneView RCE was assigned the maximum CVSS score of 10. While no exploitation has been reported, immediate patching is recommended.
Newest ›
CVE-2025-68697
high
Self-hosted n8n has Legacy Code node that enables arbitrary file read/write
CVE-2025-68668
critical
n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node
CVE-2025-67729
high
lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()
CVE-2025-61914
high
n8n's Possible Stored XSS in "Respond to Webhook" Node May Execute Outside iframe Sandbox
CVE-2025-66737
medium
Yealink T21P_E2 Phone 52.84.0.15 is vulnerable to Directory Traversal. A remote normal privileged attacker can read arbitrary files via a crafted request result read function of the diagnostic component.
CVE-2024-44065
critical
Time-based blind SQL Injection vulnerability in Cloudlog v2.6.15 at the endpoint /index.php/logbookadvanced/search in the qsoresults parameter.
CVE-2024-42718
high
A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter.
CVE-2025-67015
high
Incorrect access control in Comtech EF Data CDM-625 / CDM-625A Advanced Satellite Modem with firmware v2.5.1 allows attackers to change the Administrator password and escalate privileges via sending a crafted POST request to /Forms/admin_access_1.
CVE-2025-67014
high
Incorrect access control in DEV Systemtechnik GmbH DEV 7113 RF over Fiber Distribution System 32-0078 H.01 allows unauthenticated attackers to access an administrative endpoint.
CVE-2025-67013
medium
The web management interface in ETL Systems Ltd DEXTRA Series ' Digital L-Band Distribution System v1.8 does not implement Cross-Site Request Forgery (CSRF) protection mechanisms (no tokens, no Origin/Referer validation) on critical configuration endpoints.
Updated ›
CVE-2025-8075
medium
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered that validation of incoming XML format request messages is inadequate. This vulnerability could allow an attacker to XSS on the user's browser. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
CVE-2025-68946
medium
In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS.
CVE-2025-68945
medium
In Gitea before 1.21.2, an anonymous user can visit a private user's project.
CVE-2025-68944
medium
Gitea before 1.22.2 sometimes mishandles the propagation of token scope for access control within one of its own package registries.
CVE-2025-68943
medium
Gitea before 1.21.8 inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order.
CVE-2025-68942
medium
Gitea before 1.22.2 allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text.
CVE-2025-68941
medium
Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources.
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request.
CVE-2025-68939
high
Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API.
CVE-2025-68938
medium
Gitea before 1.25.2 mishandles authorization for deletion of releases.