Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Research

The leader in vulnerability and exposure research

Tenable Research is the source of all Tenable solutions. By providing exposure intelligence, security advisories and alerts, data science insights and zero-day research, Tenable helps organizations secure their modern attack surface.

Contact us

Research alerts

Today's landscape
CVE-2025-5777: Public PoC exploits for CitrixBleed 2 are available. Patching strongly advised as well as reviewing IOCs for potential compromise.
CVE-2025-54309: A zero-day vulnerability in CrushFTP is under active exploitation, granting remote attackers admin access. Patching is strongly advised as soon as possible.
CVE-2025-25257: Exploitation has been observed and multiple proof-of-concept exploits exist for a critical flaw in Fortinet's FortiWeb. Patching is strongly advised.
CVE-2025-47812: This vulnerability in Wing FTP Server is under active exploitation and was assigned the maximum CVSS score of 10. Immediate patching is recommended
CVE-2025-20337: While no exploitation has been observed yet, immediate patching is recommended as Cisco devices have been targeted in the past and this flaw carries a maximum CVSS score of 10
CVE-2025-47811: Public PoC code is available for this flaw and when chained with other publicly disclosed vulnerabilities also affecting Wing FTP Server, it can be abused to achieve RCE
CVE-2025-49533: Adobe classified this vulnerability as Priority 1, which it considers to be at higher risk for being targeted in the wild. Monitoring for further intel.
CVE-2025-49535: Adobe classified this vulnerability as Priority 1, which it considers to be at higher risk for being targeted in the wild. Monitoring for further intel.

Meet Tenable research

Vulnerability intelligence

Tenable Research develops detections for vulnerabilities and exposures across the modern attack surface supporting cloud, IT IoT, OT, web apps and identity assets. New detections are released within 24 hours of high profile issues.

View the content psortal See latest plugins pipeline

Audits & compliance

Tenable Research creates compliance audits against published standards and baselines (e.g. CIS Benchmarks, DISA STIGs) and across more than 25 security frameworks (e.g. HIPAA, NIST 800-53).

View the audit portal Download audit files

Security response

The Security Response Team (SRT) tracks the threat and vulnerability landscapes to provide critical analysis and inform rapid detection coverage across Tenable solutions.

See latest security advisories

Zero-Day research

The team includes "white hat" researchers that analyze popular software platforms to proactively identify vulnerabilities and exposures to better protect customers.

See latest zero-day research

Attack path research

Tenable Research monitors the threat landscape and builds new attack techniques in support of Tenable Attack Path Analysis to uncover all potential attack paths that could impact organizations.

View attack path techniques

Asset management

Tenable Research develops asset identification and configuration audit plugins to identify operating systems, devices, applications and service identifications.

Search plugins

Tenable research alliance

The Tenable Research Alliance Program is an intelligence sharing initiative among leading technology organizations to help protect customers before attackers become aware of exposures through formal vendor announcements.

Learn about the tenable research alliance program
Tenable One

Tenable Research develops detections for vulnerabilities and exposures across the modern attack surface supporting cloud, IT IoT, OT, web apps and identity assets. New detections are released within 24 hours of high profile issues.

View the content portal See latest plugins pipeline
Tenable One

Tenable Research creates compliance audits against published standards and baselines (e.g. CIS Benchmarks, DISA STIGs) and across more than 25 security frameworks (e.g. HIPAA, NIST 800-53).

View the audit portal Download audit files
Tenable One

The Security Response Team (SRT) tracks the threat and vulnerability landscapes to provide critical analysis and inform rapid detection coverage across Tenable solutions.

See latest security advisories
Tenable One

The team includes "white hat" researchers that analyze popular software platforms to proactively identify vulnerabilities and exposures to better protect customers.

See latest zero-day research
Tenable One

Tenable Research monitors the threat landscape and builds new attack techniques in support of Tenable Attack Path Analysis to uncover all potential attack paths that could impact organizations.

View attack path techniques
Tenable One

Tenable Research develops asset identification and configuration audit plugins to identify operating systems, devices, applications and service identifications.

Search plugins
Tenable One

The Tenable Research Alliance Program is an intelligence sharing initiative among leading technology organizations to help protect customers before attackers become aware of exposures through formal vendor announcements.

Learn about the tenable research alliance program

Research insights

AI apps - getting pervasive


As of Aug '24, EMEA ranked first with 22% of AI-related scans resulting in a detection while in APAC it was about 5% and the Americas stood at 18% of scans.

Small organizations can easily see 100 detections while larger ones 30,000-plus a day!

Know your AI exposure


During a 75-day period between late June and early September, Tenable found over 9 million instances of AI applications on more than 1 million hosts

Check out our Tenable VM AI detections here

Tenable One Platform Research

900 Million for Identity, 400 Million for OT, 16 Billion for WAS - data points used by Tenable researchers to cover exposures across the Tenable One Platform

Did you know?

If a vulnerability is exploited / PoC exists, then that CVE is remediated 2.2x faster than those without known exploits, on average.

Critical CVEs are remediated 33% more than the average CVE in the first week of patch availability

Scheduled patch releases help



Microsoft Patch Tuesday vulnerabilities are remediated 30% faster, on average, than other vulnerabilities, and reach about a 50% remediation rate around 20 days after Patch Tuesday each month

Explore research resources

CISA known exploited vulnerabilities (KEV) coverage

Research release highlights

Content portal

Plugins pipeline

Recent publications

Research blog

July 16, 2025

OCI, Oh My: Remote Code Execution on Oracle Cloud Shell and Code Editor Integrated Services
July 9, 2025

How Tenable Research Discovered a Critical Remote Code Execution Vulnerability on Anthropic MCP Inspector
July 9, 2025

AI Security: Web Flaws Resurface in Rush to Use MCP Servers
June 17, 2025

GerriScary: Hacking the Supply Chain of Popular Google Products (ChromiumOS, Chromium, Bazel, Dart & More)
More research blogs

Research special operations

July 18, 2025

CVE-2025-54309: CrushFTP Zero-Day Vulnerability Exploited In The Wild
July 15, 2025

Oracle July 2025 Critical Patch Update Addresses 165 CVEs
July 8, 2025

Microsoft’s July 2025 Patch Tuesday Addresses 128 CVEs (CVE-2025-49719)
June 27, 2025

CVE-2025-5777, CVE-2025-6543: Frequently Asked Questions About CitrixBleed 2 and Citrix NetScaler Exploitation
More research special operations

Webinars and reports

Report: Tenable Cloud Risk Report 2024

Report: Auditing Pimcore Enterprise Platform

Report: 2024 Cloud Security Outlook - Navigating Barriers and Setting Priorities

Webinar: Tenable Cloud Security Outlook 2024

Report: How Generative AI Is Changing Security Research

Tenable 2022 Threat Landscape Report

Report: Managing Risk in the Metaverse

Report: Router Vulnerability Present for a Decade - Why IoT Supply Chain Is to Blame

Tenable Research @ Medium

CVE-2024–8182 : Accidental Discovery of an Unauthenticated DoS

While reviewing some LLM related products with the team, we came across FlowiseAI.FlowiseAI is an open-source tool for building conversational AI appl…Joshua Martinelle
September 13, 2024

IoT firmware emulation and device fingerprinting challenges

Gathering information on a device could be tricky if you don’t have direct access to exposed services like SNMP, HTTP, FTP, or any other ports or pr…Gabriel Compan
August 6, 2024

Using conflicting objects in Active Directory to gain privileges

SummaryActive Directory (AD) uses a multi-master replication model to have a decentralized infrastructure. As long as one domain controller (DC) is up…Antoine Cauchois
July 31, 2024

Solidus — Code Review

Solidus — Code ReviewAs a Research Engineer at Tenable, we have several periods during the year to work on a subject of our choice, as long as …Joshua Martinelle
June 10, 2024

Stealthy Persistence with “Directory Synchronization Accounts” Role in Entra ID

SummaryThe “Directory Synchronization Accounts” Entra role is very powerful (allowing privilege escalation to the Global Administrator role) while…Clément Notin [Tenable]
June 3, 2024

WordPress : From vulnerability identification to compromising

WordPress Core is the most popular web Content Management System (CMS). This free and open-source CMS written in PHP allows developers to develop web …Joshua Martinelle
May 29, 2024

Another Path to Exploiting CVE-2024-1212 in Progress Kemp LoadMaster

IntroRhino Labs discovered a pre-authentication command injection vulnerability in the Progress Kemp LoadMaster. LoadMaster is a load balancer product…Ben Smith
April 2, 2024

Stealthy Persistence & PrivEsc in Entra ID by using the Federated Auth Secondary Token-signing Cert.

Exploiting Entra ID for Stealthier Persistence and Privilege Escalation using the Federated Authentication’s Secondary Token-signing CertificateSumm…Clément Notin [Tenable]
January 31, 2024

Learn more about Tenable

Careers

Secure your spot
@ Tenable Research

Explore

Awards

See why customers
trust Tenable

Explore

Community

Learn, share, and
contribute

Explore
Try for free Buy now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose your subscription option:

Buy Now
Try for free Buy now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose your subscription option:

Buy Now
Try for free Buy now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose your subscription option:

Buy Now
Try for free Buy now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Request a demo of Tenable Security Center

Please fill out this form with your contact information.

A sales representative will contact you shortly to schedule a demo.

* Field is required

Request a demo of Tenable OT Security

Get the Operational Technology security you need.

Reduce the risk you don’t.

Request a demo

Don’t wait for an attack--eliminate risks before they’re exploited.

  • Uncover hidden weaknesses
  • Stop threats before they strike
  • Simplify security
  • Secure hybrid environments

Request a demo of Tenable Cloud Security

Exceptional unified cloud security awaits you!

We’ll show you exactly how Tenable Cloud Security helps you deliver multi-cloud asset discovery, prioritized risk assessments and automated compliance/audit reports.

See
Tenable One
in action

Exposure management for the modern attack surface.

See Tenable Attack Surface Management in action

Know the exposure of every asset on any platform.

Get a demo of Tenable Enclave Security

Please fill out the form with your contact information and a sales representative will contact you shortly to schedule a demo.

Try for free Buy now

Try Tenable Nessus Professional free

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
now available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select your license

Buy a multi-year license and save.

Add support and training
Buy Now
Renew an existing license Find a reseller
Try for free Buy now

Try Tenable Nessus Expert free

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select your license

Buy a multi-year license and save more.

Add support and training
Buy Now
Renew an existing license Find a reseller

Get a demo of Tenable Patch Management

Interested in streamlining security and IT collaboration and shortening the mean time to remediate with automation? Try Tenable Patch Management.