Detections
Analytics

CVEs

Tenable maintains a list of Common Vulnerabilities and Exposures (CVEs) and their affected products. Tenable augments the data to include related Tenable Plugins that detect each vulnerability. 324498 CVEs are indexed from NVD.

RSS Feeds

Search

Vulnerability Watch ›

  • CVE-2025-14733
    criticalVulnerability of Interest

    This RCE flaw affecting WatchGuard Firebox can be exploited in certain configurations. Exploitation has been observed and immediate patching is recommended.

  • CVE-2025-40602
    mediumVulnerability of Interest

    SonicWall SMA1000 appliances are affected by a privilege escalation flaw (CVE-2025-40602). When chained with CVE-2025-23006, code execution is possible. Exploitation has begun

  • CVE-2025-20393
    criticalVulnerability of Interest

    A Cisco Secure Email Gateway And Cisco Secure Email and Web Manager command injection flaw can be exploited in certain configurations, limited exploitation has been observed.

  • CVE-2025-14611
    highVulnerability of Interest

    CVE assigned for a zero-day in Gladinet CentreStack/Triofox that was exploited in the wild and chained together with CVE-2025-11371.

  • CVE-2025-8110
    highVulnerability of Interest

    Zero-day exploitation has been observed. Refer to the vendor for further updates on patching and mitigation options

  • CVE-2025-59719
    criticalVulnerability of Interest

    Exploitation has been observed for this authentication bypass flaw. Immediate patching is recommended and access to the management interface should be restricted.

  • CVE-2025-59718
    criticalVulnerability of Interest

    Exploitation has been observed for this authentication bypass flaw. Immediate patching is recommended and access to the management interface should be restricted.

  • CVE-2025-55182
    criticalVulnerability of Interest

    This unauthenticated remote code execution flaw in React has been exploited in the wild and multiple exploit scripts have been made public. Immediate patching is required.

  • CVE-2025-23006
    criticalVulnerability of Interest

    SonicWall SMA1000 appliances are affected by a privilege escalation flaw (CVE-2025-40602). When chained with CVE-2025-23006, code execution is possible. Exploitation has begun

  • CVE-2025-37164
    criticalVulnerability Being Monitored

    This HPE OneView RCE was assigned the maximum CVSS score of 10. While no exploitation has been reported, immediate patching is recommended.

Newest ›

  • CVE-2025-13183
    high

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hotech Software Inc. Otello allows Stored XSS.This issue affects Otello: from 2.4.0 before 2.4.4.

  • CVE-2025-68561
    high

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ruben Garcia AutomatorWP allows SQL Injection.This issue affects AutomatorWP: from n/a through 5.2.4.

  • CVE-2025-68560
    high

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CodexThemes TheGem Theme Elements (for Elementor).This issue affects TheGem Theme Elements (for Elementor): from n/a through 5.10.5.1.

  • CVE-2025-68559
    medium

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem Theme Elements (for Elementor).This issue affects TheGem Theme Elements (for Elementor): from n/a through 5.10.5.1.

  • CVE-2025-68557
    medium

    Missing Authorization vulnerability in Vikas Ratudi Chakra test allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chakra test: from n/a through 1.0.1.

  • CVE-2025-68556
    medium

    Missing Authorization vulnerability in VillaTheme HAPPY allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through 1.0.9.

  • CVE-2025-68551
    medium

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vikas Ratudi VPSUForm allows Retrieve Embedded Sensitive Data.This issue affects VPSUForm: from n/a through 3.2.24.

  • CVE-2025-68550
    high

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme WPBulky allows Blind SQL Injection.This issue affects WPBulky: from n/a through 1.1.13.

  • CVE-2025-68548
    medium

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebCodingPlace Responsive Posts Carousel Pro allows Stored XSS.This issue affects Responsive Posts Carousel Pro: from n/a through 15.2.

  • CVE-2025-68546
    high

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Thembay Nika allows PHP Local File Inclusion.This issue affects Nika: from n/a through 1.2.14.

Updated ›

  • CVE-2025-68655
    No Score

    Rejected reason: Not used

  • CVE-2025-68654
    No Score

    Rejected reason: Not used

  • CVE-2025-68653
    No Score

    Rejected reason: Not used

  • CVE-2025-68652
    No Score

    Rejected reason: Not used

  • CVE-2025-68651
    No Score

    Rejected reason: Not used

  • CVE-2025-68650
    No Score

    Rejected reason: Not used

  • CVE-2025-68615
    critical

    net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-snmp snmptrapd daemon can cause a buffer overflow and the daemon to crash. This issue has been patched in versions 5.9.5 and 5.10.pre2.

  • CVE-2025-68614
    medium

    LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.12.0, the Alert Rule API is vulnerable to stored cross-site scripting. Alert rules can be created or updated via LibreNMS API. The alert rule name is not properly sanitized, and can be used to inject HTML code. This issue has been patched in version 25.12.0.

  • CVE-2025-68561
    high

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ruben Garcia AutomatorWP allows SQL Injection.This issue affects AutomatorWP: from n/a through 5.2.4.

  • CVE-2025-68560
    high

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CodexThemes TheGem Theme Elements (for Elementor).This issue affects TheGem Theme Elements (for Elementor): from n/a through 5.10.5.1.