cbcvebase.

Tenable Nessus vulnerabilities

70 known vulnerabilities affecting tenable/nessus.

Total CVEs
70
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL4HIGH28MEDIUM36LOW2

Vulnerabilities

Page 4 of 4
CVE-2014-4980P4MEDIUMCVSS 5.0v5.2.3v5.2.4+3 more2014-07-23
CVE-2014-4980 [MEDIUM] CWE-200 CVE-2014-4980: The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter.
nvd
CVE-2014-2848P4MEDIUMCVSS 6.9v5.2.12014-04-11
CVE-2014-2848 [MEDIUM] CWE-362 CVE-2014-2848: A race condition in the wmi_malware_scan.nbin plugin before 201402262215 for Nessus 5.2.1 allows loc A race condition in the wmi_malware_scan.nbin plugin before 201402262215 for Nessus 5.2.1 allows local users to gain privileges by replacing the dissolvable agent executable in the Windows temp directory with a Trojan horse program.
nvd
CVE-2023-3253P4MEDIUMCVSS 4.3fixed in 10.6.02023-08-29
CVE-2023-3253 [MEDIUM] CWE-863 CVE-2023-3253: An improper authorization vulnerability exists where an authenticated, low privileged remote attack An improper authorization vulnerability exists where an authenticated, low privileged remote attacker could view a list of all the users available in the application.
nvd
CVE-2024-0955P4MEDIUMCVSS 4.8fixed in 10.7.02024-02-07
CVE-2024-0955 [MEDIUM] CWE-20 CVE-2024-0955: A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privil A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution of remote arbitrary scripts.
nvd
CVE-2026-57588P4LOWCVSS 3.3fixed in 10.12.1vprior to 10.12.12026-06-25
CVE-2026-57588 [LOW] CWE-89 CVE-2026-57588: A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file tha A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data.
nvd
CVE-2016-1000029P4MEDIUMCVSS 4.8fixed in 6.8.02019-12-27
CVE-2016-1000029 [MEDIUM] CWE-79 CVE-2016-1000029: Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nes Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would potentially impact other admins (Tenable IDs 5218 and 5269).
nvd
CVE-2025-36625P4MEDIUMCVSS 4.3fixed in 10.8.42025-04-18
CVE-2025-36625 [MEDIUM] CWE-117 CVE-2025-36625: In Nessus versions prior to 10.8.4, a non-authenticated attacker could alter Nessus logging entries In Nessus versions prior to 10.8.4, a non-authenticated attacker could alter Nessus logging entries by manipulating http requests to the application.
nvd
CVE-2016-1000028P4MEDIUMCVSS 4.8fixed in 6.8.02019-12-27
CVE-2016-1000028 [MEDIUM] CWE-79 CVE-2016-1000028: Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nes Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would only potentially impact other admins. (Tenable ID 5198).
nvd
CVE-2017-7849P4MEDIUMCVSS 5.5v6.10.0v6.10.1+3 more2017-04-19
CVE-2017-7849 [MEDIUM] CWE-732 CVE-2017-7849: Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when running in Agent Mode.
nvd
CVE-2019-3962P4LOWCVSS 3.3fixed in 8.5.0vAll versions prior to 8.5.02019-07-01
CVE-2019-3962 [LOW] CWE-79 CVE-2019-3962: Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may allow an authenticated, local a Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may allow an authenticated, local attacker to exploit this vulnerability by convincing another targeted Nessus user to view a malicious URL and use Nessus to send fraudulent messages. Successful exploitation could allow the authenticated adversary to inject arbitrary text into the feed statu
nvd
Tenable Nessus vulnerabilities | cvebase