Detections
Analytics
CVEs
Tenable maintains a list of Common Vulnerabilities and Exposures (CVEs) and their affected products. Tenable augments the data to include related Tenable Plugins that detect each vulnerability. 324652 CVEs are indexed from NVD.
RSS Feeds
Search
Vulnerability Watch ›
CVE-2025-14733
criticalVulnerability of Interest
This RCE flaw affecting WatchGuard Firebox can be exploited in certain configurations. Exploitation has been observed and immediate patching is recommended.
CVE-2025-40602
mediumVulnerability of Interest
SonicWall SMA1000 appliances are affected by a privilege escalation flaw (CVE-2025-40602). When chained with CVE-2025-23006, code execution is possible. Exploitation has begun
CVE-2025-20393
criticalVulnerability of Interest
A Cisco Secure Email Gateway And Cisco Secure Email and Web Manager command injection flaw can be exploited in certain configurations, limited exploitation has been observed.
CVE-2025-8110
highVulnerability of Interest
Zero-day exploitation has been observed. Refer to the vendor for further updates on patching and mitigation options
CVE-2025-59719
criticalVulnerability of Interest
Exploitation has been observed for this authentication bypass flaw. Immediate patching is recommended and access to the management interface should be restricted.
CVE-2025-59718
criticalVulnerability of Interest
Exploitation has been observed for this authentication bypass flaw. Immediate patching is recommended and access to the management interface should be restricted.
CVE-2025-55182
criticalVulnerability of Interest
This unauthenticated remote code execution flaw in React has been exploited in the wild and multiple exploit scripts have been made public. Immediate patching is required.
CVE-2025-23006
criticalVulnerability of Interest
SonicWall SMA1000 appliances are affected by a privilege escalation flaw (CVE-2025-40602). When chained with CVE-2025-23006, code execution is possible. Exploitation has begun
CVE-2025-68613
criticalVulnerability Being Monitored
Code execution is possible in some conditions. Immediate updating of the n8n automation platform is recommended.
CVE-2025-37164
criticalVulnerability Being Monitored
This HPE OneView RCE was assigned the maximum CVSS score of 10. While no exploitation has been reported, immediate patching is recommended.
Newest ›
CVE-2025-64641
medium
Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 fail to verify that post actions invoking /share-issue-publicly were created by the Jira plugin which allowed a malicious Mattermost user to exfiltrate Jira tickets when victim users interacted with affected posts
CVE-2025-13767
medium
Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 fails to validate user channel membership when attaching Mattermost posts as comments to Jira issues, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have access to.
ADB(Android Debug Bridge) is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability.
CVE-2025-13407
critical
The Gravity Forms WordPress plugin before 2.9.23.1 does not properly prevent users from uploading dangerous files through its chunked upload functionality, allowing attackers to upload PHP files to affected sites and achieve Remote Code Execution, granted they can discover or enumerate the upload path.
CVE-2024-58335
medium
OpenXRechnungToolbox through 2024-10-05-3.0.0 before 6c50e89 allows XXE because the disallow-doctype-decl feature is not enabled in visualization/VisualizerImpl.java.
CVE-2025-66445
high
Authorization bypass vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component) and Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00.
CVE-2025-66444
high
Cross-site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component) and Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00.
CVE-2025-13773
critical
The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.8.0 via the 'WooCommerce_Delivery_Notes::update' function. This is due to missing capability check in the 'WooCommerce_Delivery_Notes::update' function, PHP enabled in Dompdf, and missing escape in the 'template.php' file. This makes it possible for unauthenticated attackers to execute code on the server.
CVE-2025-68695
No Score
Rejected reason: Not used
CVE-2025-68694
No Score
Rejected reason: Not used
Updated ›
CVE-2025-68695
No Score
Rejected reason: Not used
CVE-2025-68694
No Score
Rejected reason: Not used
CVE-2025-68693
No Score
Rejected reason: Not used
CVE-2025-68692
No Score
Rejected reason: Not used
CVE-2025-68691
No Score
Rejected reason: Not used
CVE-2025-68690
No Score
Rejected reason: Not used
CVE-2025-68689
No Score
Rejected reason: Not used
CVE-2025-68688
No Score
Rejected reason: Not used
CVE-2025-68687
No Score
Rejected reason: Not used
CVE-2025-66445
high
Authorization bypass vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component) and Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00.