CVEs

On the Vulnerability Intelligence Overview page, the CVEs tab shows vulnerabilities from Tenable's database. All vulnerabilities appear by default, but you can refine the results with vulnerability categories and the query builder.

The table in the CVEs tab has the following columns, which you can show or hide as described in Interact with a Customizable Table.

Column

Description

CVE ID

Indicates the Common Vulnerability and Exposure (CVE) identifier for the vulnerability, as assigned by the CISA-sponsored CVE Program.

Name Indicates the informal name of the vulnerability (for example, Log4Shell). Not all vulnerabilities have a common name.

VPR

The Tenable-calculated Vulnerability Priority Rating (VPR) score from 0.1 to 10.

CVSS v2

Indicates the CVSS v2 score for the vulnerability. When not available from NVD, Tenable determines this score. To learn more, see CVSS vs. VPR.

CVSS v3

Indicates the CVSS v3 score for the vulnerability. When not available from NVD, Tenable determines this score. To learn more, see CVSS vs. VPR.

CVSS v4

Indicates the CVSS v4 score for the vulnerability. When not available from NVD, Tenable determines this score. To learn more, see CVSS vs. VPR.

EPSS

Indicates the likelihood that the vulnerability will be actively exploited, based on the third-party Exploit Prediction Scoring System (EPSS).

Exploit Maturity

The highest level of exploit maturity for the vulnerability: Unproven, PoC, Functional, or High. Drawn from Tenable’s research, as well as key external sources.

First Discovered

Indicates the date the vulnerability was first identified.

First Exploited

Indicates the date of the vulnerability’s first-known exploitation.

POC

Indicates the date the vulnerability’s first proof of concept was discovered.

Plugins

Lists the IDs for the Tenable plugins that detected the vulnerability.