📦

nessus

Vendor: tenable

Actively Exploited 0 CISA KEV List

PoC / Exploits 9 Code Available

Total RCEs 4 Remote Access

Total CVEs 312 Total Indexed

Avg. EPSS 0.86% Exploit Prob.

Latest CVE CVE-2025-36630 Jul 02

Security Vulnerability Index

Page 6 / 32

5.4 CVSS

CVE-2018-1147

In Nessus before 7.1.0, a XSS vulnerability exists due to improper input validation. A remote authenticated attacker could create and upload a .nessus file, which may be viewed by an administrator allowing for the execution of arbitrary script code in a user's browser session. In other scenarios, XSS could also occur by altering variables from the Advanced Settings.

EPSS: 0.36%

Severity: MEDIUM

May 18, 2018

7.0 CVSS

CVE-2018-1141

When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location.

EPSS: 0.04%

Severity: HIGH

Mar 20, 2018

7.5 CVSS

CVE-2017-18214

Exploit Found

The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.

EPSS: 0.23%

Severity: HIGH

Mar 04, 2018

7.4 CVSS

CVE-2017-11506

When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection. This could allow man-in-the-middle attacks.

EPSS: 0.10%

Severity: HIGH

Aug 09, 2017

5.4 CVSS

CVE-2017-2122

Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

EPSS: 0.37%

Severity: MEDIUM

May 12, 2017

7.8 CVSS

CVE-2017-7850

Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode.

EPSS: 0.03%

Severity: HIGH

Apr 19, 2017

5.5 CVSS

CVE-2017-7849

Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when running in Agent Mode.

EPSS: 0.03%

Severity: MEDIUM

Apr 19, 2017

7.8 CVSS

CVE-2017-7199

Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode. Version 6.10.4 fixes this issue.

EPSS: 0.08%

Severity: HIGH

Mar 23, 2017

7.3 CVSS

CVE-2017-6543

Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system. This could be used to subsequently gain elevated privileges on the system (e.g., after a reboot). This issue only affects installations on Windows.

EPSS: 0.27%

Severity: HIGH

Mar 08, 2017

5.4 CVSS

CVE-2016-9259

Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

EPSS: 0.17%

Severity: MEDIUM

Feb 28, 2017

Displaying 10 of 312 Total Entries

4 5 6 7 8 ... 32

Total 32 Sections