Tenable: Security Vulnerabilities
An improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope.
CVSS Score
5.7
EPSS Score
0.0
Published
2026-02-23
An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter.
CVSS Score
5.3
EPSS Score
0.001
Published
2026-02-23
A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-02-13
In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.
CVSS Score
8.4
EPSS Score
0.001
Published
2025-07-02
In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-06-16
In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could arbitrarily delete local system files with SYSTEM privilege, potentially leading to local privilege escalation.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-06-13
In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.
CVSS Score
8.4
EPSS Score
0.001
Published
2025-06-13
In Tenable Network Monitor versions prior to 6.5.1 on a Windows host, it was found that a non-administrative user could stage files in a local directory to run arbitrary code with SYSTEM privileges, potentially leading to local privilege escalation.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-05-23
When installing Tenable Network Monitor to a non-default location on a Windows host, Tenable Network Monitor versions prior to 6.5.1 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location.
CVSS Score
7.0
EPSS Score
0.0
Published
2025-05-23
A stored cross site scripting vulnerability exists in Nessus Network Monitor where an authenticated, privileged local attacker could inject arbitrary code into the NNM UI via the local CLI.
CVSS Score
8.4
EPSS Score
0.003
Published
2024-09-30
Page 1