Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Tenable Network Security, Inc.

#5ac1ecc2-367a-4d16-a0b2-35d495ddd0be
PolicyEmail

Short Name

tenable

Program Role

CNA

Top Level Root

MITRE Corporation

Security Advisories

View Advisories

Domain

tenable.com

Country

USA

Scope

Tenable products and third-party products it researches not covered by another CNA.
Reported CVEsVendorsProductsReports
558Vulnerabilities found

CVE-2025-2284
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-7.5||HIGH
EPSS-5.67% / 92.05%
||
7 Day CHG~0.00%
Published-13 Mar, 2025 | 16:35
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Santesoft Sante PACS Server Access of Uninitialized Pointer DoS

A denial-of-service vulnerability exists in the "GetWebLoginCredentials" function in "Sante PACS Server.exe".

Action-Not Available
Vendor-Santesoft LTD
Product-Sante PACS Server
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2025-2265
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-7.8||HIGH
EPSS-0.14% / 3.75%
||
7 Day CHG~0.00%
Published-13 Mar, 2025 | 16:33
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Santesoft Sante PACS Server HTTP.db SHA1 Hash Truncation

The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the hash contains a zero byte

Action-Not Available
Vendor-Santesoft LTD
Product-Sante PACS Server
CWE ID-CWE-916
Use of Password Hash With Insufficient Computational Effort
CVE-2025-2264
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-7.5||HIGH
EPSS-38.66% / 98.40%
||
7 Day CHG~0.00%
Published-13 Mar, 2025 | 16:29
Updated-03 Apr, 2025 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Santesoft Sante PACS Server Path Traversal Information Disclosure

A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed.

Action-Not Available
Vendor-Santesoft LTD
Product-sante_pacs_serverSante PACS Server
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-2263
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.85% / 53.73%
||
7 Day CHG~0.00%
Published-13 Mar, 2025 | 16:25
Updated-03 Apr, 2025 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Santesoft Sante PACS Server Stack-based Buffer Overflow

During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer overflow exists if a long encrypted username or password is supplied by an unauthenticated remote attacker.

Action-Not Available
Vendor-Santesoft LTD
Product-sante_pacs_serverSante PACS Server
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-0760
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-2.7||LOW
EPSS-0.16% / 5.91%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 23:31
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored Credential Disclosure Vulnerability

A Credential Disclosure vulnerability exists where an administrator could extract the stored SMTP account credentials due to lack of encryption.

Action-Not Available
Vendor-Tenable, Inc.
Product-Tenable Identity Exposure
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-1091
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 14.12%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 23:27
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Broken Authorization Schema

A Broken Authorization schema exists where any authenticated user could download IOA script and configuration files if the URL is known.

Action-Not Available
Vendor-Tenable, Inc.
Product-Tenable Identity Exposure
CWE ID-CWE-862
Missing Authorization
CVE-2024-11322
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-7.5||HIGH
EPSS-0.60% / 44.33%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 14:03
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CyberPower PowerPanel Business Unauthenticated Restart DoS

A denial-of-service vulnerability exists in CyberPower PowerPanel Business (PPB) 4.11.0. An unauthenticated remote attacker can restart the ppbd.exe process via the PowerPanel Business Service Watchdog service listening on TCP port 2003. The attacker can repeatedly restart ppbd.exe to render it unavailable.

Action-Not Available
Vendor-C4.yberPower
Product-PowerPanel Business
CWE ID-CWE-287
Improper Authentication
CVE-2024-12174
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-2.7||LOW
EPSS-0.18% / 7.45%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 21:38
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged attacker could intercept email messages sent from Security Center via a rogue SMTP server.

Action-Not Available
Vendor-Tenable, Inc.
Product-Security Center
CWE ID-CWE-295
Improper Certificate Validation
CVE-2024-12015
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-7.7||HIGH
EPSS-0.51% / 39.96%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:23
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection in WordPress Project Manager Plugin

The 'Project Manager' WordPress Plugin is affected by an authenticated SQL injection vulnerability in the 'orderby' parameter in the '/pm/v2/activites' route.

Action-Not Available
Vendor-weDevs Pte. Ltd.
Product-WP Project Managerwp_project_manager
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-9410
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.33% / 24.34%
||
7 Day CHG~0.00%
Published-04 Oct, 2024 | 13:23
Updated-22 Nov, 2024 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ada.cx SSRF via Sentry Misconfiguration

Ada.cx's Sentry configuration allowed for blind server-side request forgeries (SSRF) through the use of a data scraping endpoint.

Action-Not Available
Vendor-Ada (Ada Support Inc.)
Product-adaAda.cx Sentry Componentada.cx_sentry
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-9158
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-8.4||HIGH
EPSS-0.31% / 22.52%
||
7 Day CHG~0.00%
Published-30 Sep, 2024 | 16:24
Updated-07 Oct, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XSS

A stored cross site scripting vulnerability exists in Nessus Network Monitor where an authenticated, privileged local attacker could inject arbitrary code into the NNM UI via the local CLI.

Action-Not Available
Vendor-Tenable, Inc.
Product-nessus_network_monitorNessus Network Monitor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-9148
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-9.6||CRITICAL
EPSS-0.58% / 43.64%
||
7 Day CHG+0.01%
Published-24 Sep, 2024 | 13:13
Updated-26 Sep, 2024 | 13:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Flowise Stored Cross-Site Scripting

Flowise < 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed < 2.0.0.

Action-Not Available
Vendor-FlowiseAIflowiseai
Product-FlowiseChatEmbedflowise
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-8752
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-9.3||CRITICAL
EPSS-11.76% / 95.56%
||
7 Day CHG~0.00%
Published-16 Sep, 2024 | 15:42
Updated-20 Sep, 2024 | 22:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WebIQ 2.15.9 Runtime on Windows - Directory Traversal Vulnerability

The Windows version of WebIQ 2.15.9 is affected by a directory traversal vulnerability that allows remote attackers to read any file on the system.

Action-Not Available
Vendor-smart-hmiSmart HMIbeijerelectronicsMicrosoft Corporation
Product-webiqwindowsWebIQwebiq
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-8260
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.32% / 23.94%
||
7 Day CHG~0.00%
Published-30 Aug, 2024 | 12:22
Updated-19 Sep, 2024 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OPA SMB Force-Authentication

A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library’s functions.

Action-Not Available
Vendor-openpolicyagentStyraMicrosoft Corporation
Product-windowsopen_policy_agentOPA
CWE ID-CWE-294
Authentication Bypass by Capture-replay
CVE-2024-8181
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-9.8||CRITICAL
EPSS-46.11% / 98.66%
||
7 Day CHG~0.00%
Published-27 Aug, 2024 | 13:10
Updated-06 Sep, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Flowise Authentication Bypass

An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality.

Action-Not Available
Vendor-flowiseaiFlowiseAIflowiseai
Product-flowiseFlowiseflowise
CWE ID-CWE-287
Improper Authentication
CVE-2024-8182
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-7.5||HIGH
EPSS-13.90% / 96.08%
||
7 Day CHG~0.00%
Published-27 Aug, 2024 | 13:09
Updated-30 Aug, 2024 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Flowise Denial of Service

An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the “/api/v1/get-upload-file” api endpoint.

Action-Not Available
Vendor-flowiseaiFlowiseAIflowiseai
Product-flowiseFlowiseflowise
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-7790
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.32% / 23.67%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 13:49
Updated-25 Mar, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DevikaAI Stored Cross-Site Scripting

A stored cross site scripting vulnerabilities exists in DevikaAI from commit 6acce21fb08c3d1123ef05df6a33912bf0ee77c2 onwards via improperly decoded user input.

Action-Not Available
Vendor-stitionaiDevikiastitionai
Product-devikaDevikaAIdevika
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-7297
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-8.8||HIGH
EPSS-21.35% / 97.30%
||
7 Day CHG~0.00%
Published-30 Jul, 2024 | 16:13
Updated-27 Mar, 2026 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Langflow Privilege Escalation

Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request on the '/api/v1/users' endpoint.

Action-Not Available
Vendor-
Product-
CWE ID-CWE-913
Improper Control of Dynamically-Managed Code Resources
CVE-2024-3232
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-7.6||HIGH
EPSS-0.47% / 37.24%
||
7 Day CHG~0.00%
Published-16 Jul, 2024 | 17:02
Updated-22 Oct, 2025 | 20:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Formula Injection Vulnerability

A formula injection vulnerability exists in Tenable Identity Exposure where an authenticated remote attacker with administrative privileges could manipulate application form fields in order to trick another administrator into executing CSV payloads. - CVE-2024-3232

Action-Not Available
Vendor-Tenable, Inc.
Product-identity_exposureTenable Identity Exposureidentity_exposure
CWE ID-CWE-1236
Improper Neutralization of Formula Elements in a CSV File
CVE-2024-5759
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.30% / 22.22%
||
7 Day CHG~0.00%
Published-12 Jun, 2024 | 16:00
Updated-01 Aug, 2024 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper privilege management

An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required privileges

Action-Not Available
Vendor-Tenable, Inc.
Product-security_centerSecurity Centersecurity_center
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-1891
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-3.5||LOW
EPSS-0.30% / 21.92%
||
7 Day CHG~0.00%
Published-12 Jun, 2024 | 15:56
Updated-23 Aug, 2024 | 16:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored Cross Site Scripting

A stored cross site scripting vulnerability exists in Tenable Security Center where an authenticated, remote attacker could inject HTML code into a web application scan result page.

Action-Not Available
Vendor-Tenable, Inc.
Product-security_centerSecurity Centersecurity_center
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-4323
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-9.8||CRITICAL
EPSS-28.31% / 97.88%
||
7 Day CHG~0.00%
Published-20 May, 2024 | 12:06
Updated-05 May, 2025 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fluent Bit Memory Corruption Vulnerability

A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution.

Action-Not Available
Vendor-treasuredataFluent Bittreasuredata
Product-fluent_bitFluent Bitfluent_bit
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-3292
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-8.2||HIGH
EPSS-0.17% / 6.58%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 17:17
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Race Condition

A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus Agent host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host. - CVE-2024-3292

Action-Not Available
Vendor-Tenable, Inc.
Product-Nessus Agentnessus_agent
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2024-3291
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-7.8||HIGH
EPSS-0.18% / 7.13%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 16:59
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Escalation

When installing Nessus Agent to a directory outside of the default location on a Windows host, Nessus Agent versions prior to 10.6.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location.

Action-Not Available
Vendor-Tenable, Inc.
Product-Nessus Agentnessus_agent
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2024-3290
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-8.2||HIGH
EPSS-0.18% / 8.20%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 16:54
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Race Condition

A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host

Action-Not Available
Vendor-Tenable, Inc.
Product-Nessusnessus
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2024-3289
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-7.8||HIGH
EPSS-0.18% / 8.32%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 16:50
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When installing Nessus to a directory outside of the default location on a Windows host, Nessus versions prior to 10.7.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location.

Action-Not Available
Vendor-Tenable, Inc.
Product-Nessusnessus
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2024-4860
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.38% / 30.12%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 09:11
Updated-25 Mar, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The 'WordPress RSS Aggregator' WordPress Plugin, versions < 4.23.9 are affected by a Cross-Site Scripting (XSS) vulnerability due to the lack of sanitization of the  'notice_id'  GET parameter.

Action-Not Available
Vendor-rebelcode
Product-rss_aggregator
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-4859
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-5.7||MEDIUM
EPSS-0.40% / 32.12%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 09:05
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Solidus <= 4.3.4 is affected by a Stored Cross-Site Scripting vulnerability in the order tracking URL.

Action-Not Available
Vendor-solidus
Product-solidus
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-32739
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-7.5||HIGH
EPSS-5.41% / 91.72%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 14:58
Updated-23 Oct, 2025 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CyberPower PowerPanel Enterprise SQL Injection

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_ptask_verbose" function within MCUDBHelper.

Action-Not Available
Vendor-Cyber Power Systems, Inc.
Product-powerpanelCyberPower PowerPanel Enterprisepowerpanel_enterprise
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-32738
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-7.5||HIGH
EPSS-4.52% / 90.37%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 14:58
Updated-23 Oct, 2025 | 12:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CyberPower PowerPanel Enterprise SQL Injection

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_ptask_lean" function within MCUDBHelper.

Action-Not Available
Vendor-Cyber Power Systems, Inc.
Product-powerpanelCyberPower PowerPanel Enterprisepowerpanel_enterprise
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-32737
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-7.5||HIGH
EPSS-5.41% / 91.72%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 14:57
Updated-23 Oct, 2025 | 12:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CyberPower PowerPanel Enterprise SQL Injection

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_contract_result" function within MCUDBHelper.

Action-Not Available
Vendor-Cyber Power Systems, Inc.
Product-powerpanelCyberPower PowerPanel Enterprisepowerpanel_enterprise
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-32736
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-7.5||HIGH
EPSS-5.41% / 91.72%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 14:57
Updated-23 Oct, 2025 | 12:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CyberPower PowerPanel Enterprise SQL Injection

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_utask_verbose" function within MCUDBHelper.

Action-Not Available
Vendor-Cyber Power Systems, Inc.
Product-powerpanelCyberPower PowerPanel Enterprisepowerpanel_enterprise
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-32735
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-9.8||CRITICAL
EPSS-6.77% / 93.19%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 14:54
Updated-23 Oct, 2025 | 12:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CyberPower PowerPanel Enterprise Missing Authentication

An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application.

Action-Not Available
Vendor-Cyber Power Systems, Inc.
Product-powerpanelCyberPower PowerPanel Enterprisepowerpanel_enterprise
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-4549
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-7.5||HIGH
EPSS-1.11% / 61.92%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 13:54
Updated-17 Jun, 2025 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Delta Electronics DIAEnergie SQL Injection

A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-diaenergieDIAEnergiediaenergie
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-4548
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-9.8||CRITICAL
EPSS-29.43% / 97.95%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 13:51
Updated-27 Jun, 2025 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Delta Electronics DIAEnergie SQL Injection

An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-diaenergieDIAEnergiediaenergie
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-4547
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.90% / 77.11%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 13:48
Updated-27 Jun, 2025 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Delta Electronics DIAEnergie Unauthenticated SQL Injection

A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-diaenergieDIAEnergiediaenergie
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-31851
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-8.6||HIGH
EPSS-2.91% / 85.30%
||
7 Day CHG~0.00%
Published-05 Apr, 2024 | 17:43
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A path traversal vulnerability exists in the Java version of CData Sync < 23.4.8843 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions.

Action-Not Available
Vendor-CData Software, Inc.
Product-Syncsync
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-31850
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-8.6||HIGH
EPSS-3.04% / 85.90%
||
7 Day CHG~0.00%
Published-05 Apr, 2024 | 17:42
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A path traversal vulnerability exists in the Java version of CData Arc < 23.4.8839 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions.

Action-Not Available
Vendor-CData Software, Inc.
Product-Arcarc
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-31849
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-9.8||CRITICAL
EPSS-6.08% / 92.53%
||
7 Day CHG~0.00%
Published-05 Apr, 2024 | 17:40
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A path traversal vulnerability exists in the Java version of CData Connect < 23.4.8846 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.

Action-Not Available
Vendor-CData Software, Inc.
Product-Connectconnect
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-31848
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-9.8||CRITICAL
EPSS-8.15% / 94.16%
||
7 Day CHG~0.00%
Published-05 Apr, 2024 | 17:39
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A path traversal vulnerability exists in the Java version of CData API Server < 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.

Action-Not Available
Vendor-CData Software, Inc.
Product-API Serverapi_server
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-2390
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-7.8||HIGH
EPSS-0.19% / 9.44%
||
7 Day CHG~0.00%
Published-18 Mar, 2024 | 15:37
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Privilege Escalation

As a part of Tenable’s vulnerability disclosure program, a vulnerability in a Nessus plugin was identified and reported. This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.

Action-Not Available
Vendor-Tenable, Inc.
Product-Nessus AgentNessusnessus_agentnessus
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-0801
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-7.5||HIGH
EPSS-41.84% / 98.52%
||
7 Day CHG~0.00%
Published-13 Mar, 2024 | 19:04
Updated-14 Oct, 2025 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated DoS in Arcserve Unified Data Protection

A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in ASNative.dll.

Action-Not Available
Vendor-Arcserve, LLC
Product-udpUnified Data Protectionudp
CWE ID-CWE-75
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
CVE-2024-0800
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-8.8||HIGH
EPSS-1.03% / 59.67%
||
7 Day CHG~0.00%
Published-13 Mar, 2024 | 19:03
Updated-16 Dec, 2025 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication Bypass via wizardLogin in Arcserve Unified Data Protection

A path traversal vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.servlet.ImportNodeServlet.

Action-Not Available
Vendor-Arcserve, LLC
Product-udpUnified Data Protectionarcserve_unified_data_protection
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-0799
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-9.8||CRITICAL
EPSS-4.34% / 90.03%
||
7 Day CHG~0.00%
Published-13 Mar, 2024 | 18:57
Updated-16 Dec, 2025 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication Bypass via wizardLogin in Arcserve Unified Data Protection

An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin() function within wizardLogin.

Action-Not Available
Vendor-Arcserve, LLC
Product-udpUnified Data Protectionarcserve_unified_data_protection
CWE ID-CWE-287
Improper Authentication
CVE-2024-1899
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.80% / 52.11%
||
7 Day CHG~0.00%
Published-26 Feb, 2024 | 18:45
Updated-18 Sep, 2025 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Showdownjs Denial of Service

An issue in the anchors subparser of Showdownjs versions <= 2.1.0 could allow a remote attacker to cause denial of service conditions.

Action-Not Available
Vendor-showdownjsShowdownjsshowdownjs
Product-showdownShowdownshowdown
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2024-1683
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-7.3||HIGH
EPSS-0.31% / 22.79%
||
7 Day CHG~0.00%
Published-23 Feb, 2024 | 00:02
Updated-17 Dec, 2024 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DLL Injection in Tenable Identity Exposure Secure Relay

A DLL injection vulnerability exists where an authenticated, low-privileged local attacker could modify application files on the TIE Secure Relay host, which could allow for overriding of the configuration and running of new Secure Relay services.

Action-Not Available
Vendor-Tenable, Inc.
Product-identity_exposureTenable Identity Exposure Secure Relay
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-1471
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.41% / 32.51%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 21:39
Updated-19 Nov, 2024 | 16:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTML Injection Vulnerability

An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Repository parameters, which could lead to HTML redirection attacks.

Action-Not Available
Vendor-Tenable, Inc.
Product-security_centerSecurity Center
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-1367
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-7.2||HIGH
EPSS-1.56% / 72.20%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 21:35
Updated-02 May, 2025 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command Injection Vulnerability in Tenable Security Center

A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters, which could lead to the execution of arbitrary code on the Security Center host.

Action-Not Available
Vendor-Tenable, Inc.
Product-security_centerSecurity Center
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-0971
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.78% / 51.42%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 23:38
Updated-01 Aug, 2024 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A SQL injection vulnerability exists where an authenticated, low-privileged remote attacker could potentially alter scan DB content.

Action-Not Available
Vendor-Tenable, Inc.
Product-nessusNessus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-0955
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.56% / 42.58%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 23:34
Updated-01 Aug, 2024 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored XSS vulnerability

A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution of remote arbitrary scripts.

Action-Not Available
Vendor-Tenable, Inc.
Product-nessusNessus
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 11
  • 12
  • Next