Detections
Analytics

CVEs

Tenable maintains a list of Common Vulnerabilities and Exposures (CVEs) and their affected products. Tenable augments the data to include related Tenable Plugins that detect each vulnerability. 330602 CVEs are indexed from NVD.

RSS Feeds

Search

Vulnerability Watch ›

  • CVE-2026-24858
    No ScoreVulnerability of Interest

    Fortinet has observed in the wild exploitation of this vulnerability. Customers must upgrade to the latest versions in order to use FortiCloud SSO authentication

  • CVE-2026-21509
    highVulnerability of Interest

    Microsoft released this out of band update to address a security feature bypass vulnerability that has been exploited in the wild. Immediate patching is recommended

  • CVE-2026-20045
    highVulnerability of Interest

    Cisco reports that attempted exploitation has been observed and this RCE has been rated as critical. Immediate patching is recommended

  • CVE-2025-64155
    criticalVulnerability of Interest

    Reports indicate that threat actors are actively exploiting this vulnerability. Apply the available patches as soon as possible.

  • CVE-2025-20393
    criticalVulnerability of Interest

    Exploitation has been reported and patches are now available. Immediate patching of this Cisco vulnerability is recommended.

  • CVE-2025-37164
    criticalVulnerability of Interest

    This HPE OneView RCE was assigned the maximum CVSS score of 10. Exploitation has been reported and a PoC has been released. Immediate patching is recommended.

  • CVE-2025-59719
    criticalVulnerability of Interest

    Exploitation has been observed for this authentication bypass flaw. Immediate patching is recommended and access to the management interface should be restricted.

  • CVE-2025-59718
    criticalVulnerability of Interest

    Exploitation has been observed for this authentication bypass flaw. Immediate patching is recommended and access to the management interface should be restricted.

  • CVE-2024-37079
    criticalVulnerability of Interest

    Exploitation has been reported for this VMware vCenter Server vulnerability. Patches are available and should be applied as soon as possible.

  • CVE-2026-22709
    criticalVulnerability Being Monitored

    This critical sandbox escape vulnerability affects the Node.js library and can be abused to execute commands. Immediate patching is recommended.

Newest ›

  • CVE-2026-24858
    No Score

    An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS, FortiManager, FortiAnalyzer may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.

  • CVE-2026-24345
    medium

    Cross-Site Request Forgery in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to...

  • CVE-2025-41728
    medium

    A low privileged remote attacker may be able to disclose confidential information from the memory of a privileged process by sending specially crafted calls to the Device Manager web service that cause an out-of-bounds read operation under certain circumstances due to ASLR and thereby potentially copy confidential information into a response.

  • CVE-2025-41727
    high

    A local low privileged attacker can bypass the authentication of the Device Manager user interface, allowing them to perform privileged operations and gain administrator access.

  • CVE-2025-41726
    high

    A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes.

  • CVE-2025-12387
    medium

    A vulnerability in the Pix-Link LV-WR21Q router's language module allows remote attackers to trigger a denial of service (DoS) by sending a specially crafted HTTP POST request containing non-existing language parameter. This renders the server unable to serve correct lang.js file, which causes administrator panel to not work, resulting in DoS until the language settings is reverted to a correct value. The Denial of Service affects only the administrator panel and does not affect other router functionalities. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version V108_108 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.

  • CVE-2025-12386
    medium

    Pix-Link LV-WR21Q does not enforce any form of authentication for endpoint /goform/getHomePageInfo. Remote unauthenticated attacker is able to use this endpoint to e.g: retrieve cleartext password to the access point. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version V108_108 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.

  • CVE-2026-24830
    critical

    Integer Overflow or Wraparound vulnerability in Ralim IronOS.This issue affects IronOS: before v2.23-rc2.

  • CVE-2026-24829
    medium

    Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4.

  • CVE-2026-24828
    high

    Missing Release of Memory after Effective Lifetime vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4.

Updated ›

  • CVE-2026-24830
    critical

    Integer Overflow or Wraparound vulnerability in Ralim IronOS.This issue affects IronOS: before v2.23-rc2.

  • CVE-2026-24829
    medium

    Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4.

  • CVE-2026-24828
    high

    Missing Release of Memory after Effective Lifetime vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4.

  • CVE-2026-24827
    high

    Out-of-bounds Write vulnerability in gerstrong Commander-Genius.This issue affects Commander-Genius: before Release refs/pull/358/merge.

  • CVE-2026-24826
    critical

    Out-of-bounds Write, Divide By Zero, NULL Pointer Dereference, Use of Uninitialized Resource, Out-of-bounds Read, Reachable Assertion vulnerability in cadaver turso3d.This issue affects .

  • CVE-2026-24824
    medium

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in yacy yacy_search_server (source/net/yacy/http/servlets modules). This vulnerability is associated with program files YaCyDefaultServlet.Java. This issue affects yacy_search_server.

  • CVE-2026-24823
    critical

    Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in FASTSHIFT X-TRACK (Software/X-Track/USER/App/Utils/lv_img_png/PNGdec/src modules). This vulnerability is associated with program files inflate.C. This issue affects X-TRACK: through v2.7.

  • CVE-2026-24822
    critical

    Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in ttttupup wxhelper (src modules). This vulnerability is associated with program files mongoose.C. This issue affects wxhelper: through 3.9.10.19-v1.

  • CVE-2026-24821
    critical

    Out-of-bounds Read vulnerability in turanszkij WickedEngine (WickedEngine/LUA modules). This vulnerability is associated with program files lparser.C. This issue affects WickedEngine: through 0.71.727.

  • CVE-2026-24820
    medium

    Out-of-bounds Read vulnerability in turanszkij WickedEngine (WickedEngine/LUA modules). This vulnerability is associated with program files ldebug.C. This issue affects WickedEngine: before 0.71.705.