Nmap vulnerabilities
5 known vulnerabilities affecting nmap/nmap.
Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2013-4885P3MEDIUMCVSS 6.8PoC≤ 6.25v2.1+79 more2013-10-26
CVE-2013-4885 [MEDIUM] CVE-2013-4885: The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is
The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences.
nvdosv
CVE-2018-15173P3HIGHCVSS 7.5≤ 7.702018-08-08
CVE-2018-15173 [HIGH] CVE-2018-15173: Nmap through 7.70, when the -sV option is used, allows remote attackers to cause a denial of service
Nmap through 7.70, when the -sV option is used, allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted TCP-based service.
nvd
CVE-2017-18594P3HIGHCVSS 7.5v7.702019-08-29
CVE-2017-18594 [HIGH] CWE-415 CVE-2017-18594: nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an
nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse.
nvdosv
CVE-2026-58058P4MEDIUMCVSS 6.5≤ 7.992026-06-28
CVE-2026-58058 [MEDIUM] CWE-191 CVE-2026-58058: Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6_ge
Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6_get_data_primitive (libnetutil/netutil.cc), so the pointer advances past the buffer and the remaining-length computation underflows to a large value. A scanned target or on-path attacker returning a crafted IPv6 response with a truncated extension heade
nvd
CVE-2018-1000161P4MEDIUMCVSS 5.7v6.49v7.00+10 more2018-04-18
CVE-2018-1000161 [MEDIUM] CWE-22 CVE-2018-1000161: nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Tra
nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against a malicious web site. This vulnerability appears t
nvdosv