📦

nessus

Vendor: tenable

Actively Exploited 0 CISA KEV List

PoC / Exploits 9 Code Available

Total RCEs 4 Remote Access

Total CVEs 312 Total Indexed

Avg. EPSS 0.86% Exploit Prob.

Latest CVE CVE-2025-36630 Jul 02

Security Vulnerability Index

Page 7 / 32

5.4 CVSS

CVE-2016-9260

Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to handling of .nessus files.

EPSS: 0.25%

Severity: MEDIUM

Jan 31, 2017

6.5 CVSS

CVE-2016-4055

The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."

EPSS: 2.71%

Severity: MEDIUM

Jan 23, 2017

5.4 CVSS

CVE-2017-5179

Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

EPSS: 0.23%

Severity: MEDIUM

Jan 05, 2017

5.0 CVSS

CVE-2014-4980

The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter.

EPSS: 0.47%

Severity: MEDIUM

Jul 23, 2014

6.9 CVSS

CVE-2014-2848

A race condition in the wmi_malware_scan.nbin plugin before 201402262215 for Nessus 5.2.1 allows local users to gain privileges by replacing the dissolvable agent executable in the Windows temp directory with a Trojan horse program.

EPSS: 0.03%

Severity: MEDIUM

Apr 11, 2014

Displaying 5 of 312 Total Entries

5 6 7 8 9 ... 32

Total 32 Sections