Vendor CVEs
Tanium
All CVEs
47 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-9208 | Hig | 0.57 | 8.8 | 0.00 | May 27, 2026 | Tanium addressed an unauthorized code execution vulnerability in Connect. | ||
| CVE-2025-4371 | Med | 0.44 | 6.8 | 0.00 | Aug 18, 2025 | A potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that could allow an attacker with physical access to write arbitrary firmware updates to the device over a USB connection. | ||
| CVE-2026-9156 | Med | 0.42 | 6.5 | 0.00 | May 27, 2026 | Tanium addressed a denial of service vulnerability in Tanium Server. | ||
| CVE-2025-60934 | Med | 0.40 | 6.1 | 0.00 | Oct 21, 2025 | Multiple stored cross-site scripting (XSS) vulnerabilities in the index.php component of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee Notes, title, or description… | ||
| CVE-2025-60933 | Med | 0.40 | 6.1 | 0.00 | Oct 21, 2025 | Multiple stored cross-site scripting (XSS) vulnerabilities in the Future Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name,… | ||
| CVE-2025-60932 | Med | 0.40 | 6.1 | 0.00 | Oct 21, 2025 | Multiple stored cross-site scripting (XSS) vulnerabilities in the Current Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step… | ||
| CVE-2026-6416 | Low | 0.18 | 2.7 | 0.00 | Apr 22, 2026 | Tanium addressed an uncontrolled resource consumption vulnerability in Interact. | ||
| CVE-2026-6408 | Low | 0.18 | 2.7 | 0.00 | Apr 22, 2026 | Tanium addressed an information disclosure vulnerability in Tanium Server. | ||
| CVE-2026-6392 | Low | 0.18 | 2.7 | 0.00 | Apr 22, 2026 | Tanium addressed an information disclosure vulnerability in Threat Response. | ||
| CVE-2026-2350 | 0.00 | — | 0.00 | Feb 19, 2026 | Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS. | |||
| CVE-2026-1292 | 0.00 | — | 0.00 | Feb 19, 2026 | Tanium addressed an insertion of sensitive information into log file vulnerability in Trends. | |||
| CVE-2026-2605 | 0.00 | — | 0.00 | Feb 19, 2026 | Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS. | |||
| CVE-2026-2408 | 0.00 | — | 0.00 | Feb 19, 2026 | Tanium addressed a use-after-free vulnerability in the Cloud Workloads Enforce client extension. | |||
| CVE-2026-2435 | 0.00 | — | 0.00 | Feb 19, 2026 | Tanium addressed a SQL injection vulnerability in Asset. | |||
| CVE-2026-1344 | 0.00 | — | 0.00 | Feb 17, 2026 | Tanium addressed an insecure file permissions vulnerability in Enforce Recovery Key Portal. | |||
| CVE-2025-15314 | 0.00 | — | 0.00 | Feb 9, 2026 | Tanium addressed an arbitrary file deletion vulnerability in end-user-cx. | |||
| CVE-2025-15313 | 0.00 | — | 0.00 | Feb 9, 2026 | Tanium addressed an arbitrary file deletion vulnerability in Tanium EUSS. | |||
| CVE-2025-15310 | 0.00 | — | 0.00 | Feb 9, 2026 | Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools. | |||
| CVE-2025-15318 | 0.00 | — | 0.00 | Feb 9, 2026 | Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools. | |||
| CVE-2025-15319 | 0.00 | — | 0.00 | Feb 9, 2026 | Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools. | |||
| CVE-2025-15315 | 0.00 | — | 0.00 | Feb 9, 2026 | Tanium addressed a local privilege escalation vulnerability in Tanium Module Server. | |||
| CVE-2025-15316 | 0.00 | — | 0.00 | Feb 9, 2026 | Tanium addressed a local privilege escalation vulnerability in Tanium Server. | |||
| CVE-2025-15317 | 0.00 | — | 0.00 | Feb 9, 2026 | Tanium addressed an uncontrolled resource consumption vulnerability in Tanium Server. | |||
| CVE-2025-15320 | 0.00 | — | 0.00 | Feb 6, 2026 | Tanium addressed a denial of service vulnerability in Tanium Client. | |||
| CVE-2025-15311 | 0.00 | — | 0.00 | Feb 5, 2026 | Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance. | |||
| CVE-2025-15312 | 0.00 | — | 0.00 | Feb 5, 2026 | Tanium addressed an improper output sanitization vulnerability in Tanium Appliance. | |||
| CVE-2025-15324 | 0.00 | — | 0.00 | Feb 5, 2026 | Tanium addressed a documentation issue in Engage. | |||
| CVE-2025-15329 | 0.00 | — | 0.00 | Feb 5, 2026 | Tanium addressed an information disclosure vulnerability in Threat Response. | |||
| CVE-2025-15332 | 0.00 | — | 0.00 | Feb 5, 2026 | Tanium addressed an information disclosure vulnerability in Threat Response. | |||
| CVE-2025-15321 | 0.00 | — | 0.00 | Feb 5, 2026 | Tanium addressed an improper input validation vulnerability in Tanium Appliance. | |||
| CVE-2025-15333 | 0.00 | — | 0.00 | Feb 5, 2026 | Tanium addressed an information disclosure vulnerability in Threat Response. | |||
| CVE-2025-15334 | 0.00 | — | 0.00 | Feb 5, 2026 | Tanium addressed an information disclosure vulnerability in Threat Response. | |||
| CVE-2025-15335 | 0.00 | — | 0.00 | Feb 5, 2026 | Tanium addressed an information disclosure vulnerability in Threat Response. | |||
| CVE-2025-15341 | 0.00 | — | 0.00 | Feb 5, 2026 | Tanium addressed an incorrect default permissions vulnerability in Benchmark. | |||
| CVE-2025-15340 | 0.00 | — | 0.00 | Feb 5, 2026 | Tanium addressed an incorrect default permissions vulnerability in Comply. | |||
| CVE-2025-15338 | 0.00 | — | 0.00 | Feb 5, 2026 | Tanium addressed an incorrect default permissions vulnerability in Partner Integration. | |||
| CVE-2025-15336 | 0.00 | — | 0.00 | Feb 5, 2026 | Tanium addressed an incorrect default permissions vulnerability in Performance. | |||
| CVE-2025-15323 | 0.00 | — | 0.00 | Feb 5, 2026 | Tanium addressed an improper certificate validation vulnerability in Tanium Appliance. | |||
| CVE-2025-15289 | 0.00 | — | 0.00 | Feb 5, 2026 | Tanium addressed an improper access controls vulnerability in Interact. | |||
| CVE-2025-15322 | 0.00 | — | 0.00 | Jan 30, 2026 | Tanium addressed an improper access controls vulnerability in Tanium Server. | |||
| CVE-2025-15288 | 0.00 | — | 0.00 | Jan 29, 2026 | Tanium addressed an improper access controls vulnerability in Interact. | |||
| CVE-2025-15344 | 0.00 | — | 0.00 | Jan 28, 2026 | Tanium addressed a SQL injection vulnerability in Asset. | |||
| CVE-2025-13225 | 0.00 | — | 0.00 | Nov 19, 2025 | Tanium addressed an arbitrary file deletion vulnerability in TanOS. | |||
| CVE-2024-13486 | 0.00 | — | 0.00 | May 15, 2025 | The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in… | |||
| CVE-2023-2819 | 0.00 | — | 0.00 | Jun 14, 2023 | A stored cross-site scripting vulnerability in the Sources UI in Proofpoint Threat Response/ Threat Response Auto Pull (PTR/TRAP) could allow an authenticated administrator on an adjacent network to replace the image file with an arbitrary MIME type. This could result in… | |||
| CVE-2022-47174 | 0.00 | — | 0.00 | May 25, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in WordPress Performance Team Performance Lab plugin <= 2.2.0 versions. | |||
| CVE-2019-7727 | 0.00 | — | 0.04 | Apr 23, 2019 | In NICE Engage through 6.5, the default configuration binds an unauthenticated JMX/RMI interface to all network interfaces, without restricting registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol by using the JMX connector. The… |
- risk 0.57cvss 8.8epss 0.00
Tanium addressed an unauthorized code execution vulnerability in Connect.
- risk 0.44cvss 6.8epss 0.00
A potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that could allow an attacker with physical access to write arbitrary firmware updates to the device over a USB connection.
- risk 0.42cvss 6.5epss 0.00
Tanium addressed a denial of service vulnerability in Tanium Server.
- risk 0.40cvss 6.1epss 0.00
Multiple stored cross-site scripting (XSS) vulnerabilities in the index.php component of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee Notes, title, or description…
- risk 0.40cvss 6.1epss 0.00
Multiple stored cross-site scripting (XSS) vulnerabilities in the Future Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name,…
- risk 0.40cvss 6.1epss 0.00
Multiple stored cross-site scripting (XSS) vulnerabilities in the Current Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step…
- risk 0.18cvss 2.7epss 0.00
Tanium addressed an uncontrolled resource consumption vulnerability in Interact.
- risk 0.18cvss 2.7epss 0.00
Tanium addressed an information disclosure vulnerability in Tanium Server.
- risk 0.18cvss 2.7epss 0.00
Tanium addressed an information disclosure vulnerability in Threat Response.
- CVE-2026-2350Feb 19, 2026risk 0.00cvss —epss 0.00
Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS.
- CVE-2026-1292Feb 19, 2026risk 0.00cvss —epss 0.00
Tanium addressed an insertion of sensitive information into log file vulnerability in Trends.
- CVE-2026-2605Feb 19, 2026risk 0.00cvss —epss 0.00
Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS.
- CVE-2026-2408Feb 19, 2026risk 0.00cvss —epss 0.00
Tanium addressed a use-after-free vulnerability in the Cloud Workloads Enforce client extension.
- CVE-2026-2435Feb 19, 2026risk 0.00cvss —epss 0.00
Tanium addressed a SQL injection vulnerability in Asset.
- CVE-2026-1344Feb 17, 2026risk 0.00cvss —epss 0.00
Tanium addressed an insecure file permissions vulnerability in Enforce Recovery Key Portal.
- CVE-2025-15314Feb 9, 2026risk 0.00cvss —epss 0.00
Tanium addressed an arbitrary file deletion vulnerability in end-user-cx.
- CVE-2025-15313Feb 9, 2026risk 0.00cvss —epss 0.00
Tanium addressed an arbitrary file deletion vulnerability in Tanium EUSS.
- CVE-2025-15310Feb 9, 2026risk 0.00cvss —epss 0.00
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.
- CVE-2025-15318Feb 9, 2026risk 0.00cvss —epss 0.00
Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools.
- CVE-2025-15319Feb 9, 2026risk 0.00cvss —epss 0.00
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.
- CVE-2025-15315Feb 9, 2026risk 0.00cvss —epss 0.00
Tanium addressed a local privilege escalation vulnerability in Tanium Module Server.
- CVE-2025-15316Feb 9, 2026risk 0.00cvss —epss 0.00
Tanium addressed a local privilege escalation vulnerability in Tanium Server.
- CVE-2025-15317Feb 9, 2026risk 0.00cvss —epss 0.00
Tanium addressed an uncontrolled resource consumption vulnerability in Tanium Server.
- CVE-2025-15320Feb 6, 2026risk 0.00cvss —epss 0.00
Tanium addressed a denial of service vulnerability in Tanium Client.
- CVE-2025-15311Feb 5, 2026risk 0.00cvss —epss 0.00
Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance.
- CVE-2025-15312Feb 5, 2026risk 0.00cvss —epss 0.00
Tanium addressed an improper output sanitization vulnerability in Tanium Appliance.
- CVE-2025-15324Feb 5, 2026risk 0.00cvss —epss 0.00
Tanium addressed a documentation issue in Engage.
- CVE-2025-15329Feb 5, 2026risk 0.00cvss —epss 0.00
Tanium addressed an information disclosure vulnerability in Threat Response.
- CVE-2025-15332Feb 5, 2026risk 0.00cvss —epss 0.00
Tanium addressed an information disclosure vulnerability in Threat Response.
- CVE-2025-15321Feb 5, 2026risk 0.00cvss —epss 0.00
Tanium addressed an improper input validation vulnerability in Tanium Appliance.
- CVE-2025-15333Feb 5, 2026risk 0.00cvss —epss 0.00
Tanium addressed an information disclosure vulnerability in Threat Response.
- CVE-2025-15334Feb 5, 2026risk 0.00cvss —epss 0.00
Tanium addressed an information disclosure vulnerability in Threat Response.
- CVE-2025-15335Feb 5, 2026risk 0.00cvss —epss 0.00
Tanium addressed an information disclosure vulnerability in Threat Response.
- CVE-2025-15341Feb 5, 2026risk 0.00cvss —epss 0.00
Tanium addressed an incorrect default permissions vulnerability in Benchmark.
- CVE-2025-15340Feb 5, 2026risk 0.00cvss —epss 0.00
Tanium addressed an incorrect default permissions vulnerability in Comply.
- CVE-2025-15338Feb 5, 2026risk 0.00cvss —epss 0.00
Tanium addressed an incorrect default permissions vulnerability in Partner Integration.
- CVE-2025-15336Feb 5, 2026risk 0.00cvss —epss 0.00
Tanium addressed an incorrect default permissions vulnerability in Performance.
- CVE-2025-15323Feb 5, 2026risk 0.00cvss —epss 0.00
Tanium addressed an improper certificate validation vulnerability in Tanium Appliance.
- CVE-2025-15289Feb 5, 2026risk 0.00cvss —epss 0.00
Tanium addressed an improper access controls vulnerability in Interact.
- CVE-2025-15322Jan 30, 2026risk 0.00cvss —epss 0.00
Tanium addressed an improper access controls vulnerability in Tanium Server.
- CVE-2025-15288Jan 29, 2026risk 0.00cvss —epss 0.00
Tanium addressed an improper access controls vulnerability in Interact.
- CVE-2025-15344Jan 28, 2026risk 0.00cvss —epss 0.00
Tanium addressed a SQL injection vulnerability in Asset.
- CVE-2025-13225Nov 19, 2025risk 0.00cvss —epss 0.00
Tanium addressed an arbitrary file deletion vulnerability in TanOS.
- CVE-2024-13486May 15, 2025risk 0.00cvss —epss 0.00
The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…
- CVE-2023-2819Jun 14, 2023risk 0.00cvss —epss 0.00
A stored cross-site scripting vulnerability in the Sources UI in Proofpoint Threat Response/ Threat Response Auto Pull (PTR/TRAP) could allow an authenticated administrator on an adjacent network to replace the image file with an arbitrary MIME type. This could result in…
- CVE-2022-47174May 25, 2023risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in WordPress Performance Team Performance Lab plugin <= 2.2.0 versions.
- CVE-2019-7727Apr 23, 2019risk 0.00cvss —epss 0.04
In NICE Engage through 6.5, the default configuration binds an unauthenticated JMX/RMI interface to all network interfaces, without restricting registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol by using the JMX connector. The…