Tenable

By the Year

In 2026 there have been 1 vulnerability in Tenable with an average score of 8.8 out of ten. Last year, in 2025 Tenable had 5 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Tenable in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 4.50.

Recent Tenable Security Vulnerabilities

CVE	Date	Vulnerability	Products
CVE-2025-36640	Jan 13, 2026	A vulnerability has been identified in the installation/uninstallation of the Nessus Agent Tray App on Windows Hosts A vulnerability has been identified in the installation/uninstallation of the Nessus Agent Tray App on Windows Hosts which could lead to escalation of privileges.	Nessus Agent
CVE-2025-36636	Oct 08, 2025	Tenable Security Center <6.7.0 Improper Access Control (Authenticated) In Tenable Security Center versions prior to 6.7.0, an improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope.	Security Center
CVE-2025-36630	Jul 02, 2025	Tenable Nessus <10.8.5 - Arbitrary Local File Overwrite via Log (SYSTEM PrivEsc) In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.	Nessus
CVE-2025-36625	Apr 18, 2025	Nessus <=10.8.3 Log Entry Manipulation via HTTP In Nessus versions prior to 10.8.4, a non-authenticated attacker could alter Nessus logging entries by manipulating http requests to the application.	Nessus
CVE-2025-24914	Apr 18, 2025	Nessus<10.8.4 Windows SUBDIR insecure perms => LPE When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. - CVE-2025-24914	Nessus
CVE-2025-24915	Mar 21, 2025	LPE in Nessus Agent <10.8.3 on Windows via insecure non-default install When installing Nessus Agent to a non-default location on a Windows host, Nessus Agent versions prior to 10.8.3 did not enforce secure permissions for sub-directories.  This could allow for local privilege escalation if users had not secured the directories in the non-default installation location.	Nessus Agent
CVE-2024-12174	Dec 09, 2024	Tenable Security Center: Improper Certificate Validation in SMTP Server Communication An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged attacker could intercept email messages sent from Security Center via a rogue SMTP server.	Security Center
CVE-2024-9158	Sep 30, 2024	Nessus NNM Stored XSS via CLI Injection A stored cross site scripting vulnerability exists in Nessus Network Monitor where an authenticated, privileged local attacker could inject arbitrary code into the NNM UI via the local CLI.	Nessus Network Monitor
CVE-2024-5759	Jun 12, 2024	Tenable Security Center: Improper Privilege Management (CVE-2024-5759) An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required privileges	Security Center
CVE-2024-1891	Jun 12, 2024	Tenable Security Center Stored XSS in Scan Result Page A stored cross site scripting vulnerability exists in Tenable Security Center where an authenticated, remote attacker could inject HTML code into a web application scan result page.	Security Center
CVE-2024-3292	May 17, 2024	Local Authenticated Race Condition in Windows Nessus Agent Allows Arbitrary Code Execution A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus Agent host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host. - CVE-2024-3292	Nessus Agent
CVE-2024-3289	May 17, 2024	Nessus Windows LPE via insecure subdir permissions before 10.7.3 When installing Nessus to a directory outside of the default location on a Windows host, Nessus versions prior to 10.7.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location.	Nessus
CVE-2024-3290	May 17, 2024	Nessus Windows Auth Local Race Condition Enables Arbitrary Code Exec A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host	Nessus
CVE-2024-3291	May 17, 2024	Nessus Agent <10.6.4 Windows LPE via insecure install path perms When installing Nessus Agent to a directory outside of the default location on a Windows host, Nessus Agent versions prior to 10.6.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location.	Nessus Agent
CVE-2024-2390	Mar 18, 2024	Priv Esc via Nessus Plugin CVE-2024-2390 As a part of Tenables vulnerability disclosure program, a vulnerability in a Nessus plugin was identified and reported. This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.	Nessus
CVE-2024-1683	Feb 23, 2024	DLL Injection in TIE Secure Relay Host allows local file overwrite A DLL injection vulnerability exists where an authenticated, low-privileged local attacker could modify application files on the TIE Secure Relay host, which could allow for overriding of the configuration and running of new Secure Relay services.	Identity Exposure
CVE-2024-1471	Feb 14, 2024	Security Center Repo Params HTML Injection -> Redirection An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Repository parameters, which could lead to HTML redirection attacks.	Security Center
CVE-2024-1367	Feb 14, 2024	Security Center App: CLI Injection via Logging Params (CVE-2024-1367) A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters, which could lead to the execution of arbitrary code on the Security Center host.	Security Center
CVE-2024-0971	Feb 07, 2024	SQLi in Authenticated Scan DB of Vulnerable Scanner A SQL injection vulnerability exists where an authenticated, low-privileged remote attacker could potentially alter scan DB content.	Nessus
CVE-2024-0955	Feb 07, 2024	Nessus Stored XSS via Proxy Settings: Remote Script Exec (CVE-2024-0955) A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution of remote arbitrary scripts.	Nessus
CVE-2023-6178	Nov 20, 2023	Arbitrary File Write via Nessus Rule Variables (Tenable) An arbitrary file write vulnerability exists where an authenticated attacker with privileges on the managing application could alter Nessus Rules variables to overwrite arbitrary files on the remote host, which could lead to a denial of service condition.	Nessus
CVE-2023-6062	Nov 20, 2023	Nessus remote authenticated file write via rule var overwrite An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus Rules variables to overwrite arbitrary files on the remote host, which could lead to a denial of service condition.	Nessus
CVE-2023-5624	Oct 26, 2023	Nessus Network Monitor BlindSQLi via Improper Input Validation Under certain conditions, Nessus Network Monitor was found to not properly enforce input validation. This could allow an admin user to alter parameters that could potentially allow a blindSQL injection.	Nessus Network Monitor
CVE-2023-5623	Oct 26, 2023	NNM ACL Misconfiguration Allows Local Privilege Escalation to SYSTEM NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location	Nessus Network Monitor
CVE-2023-5622	Oct 26, 2023	Nessus Network Monitor PrivEsc via Crafted File Replace on Windows Under certain conditions, Nessus Network Monitor could allow a low privileged user to escalate privileges to NT AUTHORITY\SYSTEM on Windows hosts by replacing a specially crafted file.	Nessus Network Monitor
CVE-2023-3253	Aug 29, 2023	Improper Auth: Low-Priv Authenticated Attacker Views All Users An improper authorization vulnerability exists where an authenticated, low privileged remote attacker could view a list of all the users available in the application.	Nessus
CVE-2023-3252	Aug 29, 2023	Arbitrary File Write via Logging Variables (CVE-2023-3252) An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges could alter logging variables to overwrite arbitrary files on the remote host with log data, which could lead to a denial of service condition.	Nessus
CVE-2023-3251	Aug 29, 2023	Nessus <10.6.0 Pass-Back Vulnerability (SMTP Credentials Exposure) A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application.This issue affects Nessus: before 10.6.0.	Nessus
CVE-2023-2005	Jun 26, 2023	Privilege Escalation via Binary Placement in Tenable Nessus Plugin Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 . This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.	Nessus Tenable Io Securitycenter And others...
CVE-2022-4313	Mar 15, 2023	Tenable Scan Policy Config PrivEsc to Execute Arbitrary Commands A vulnerability was reported where through modifying the scan variables, an authenticated user in Tenable products, that has Scan Policy Configuration roles, could manipulate audit policy variables to execute arbitrary commands on credentialed scan targets.	Nessus Plugin Feed
CVE-2023-0524	Feb 01, 2023	Privilege Escalation via Env Var Abuse in Tenable Plugin As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. We have resolved the issue and also made several defense-in-depth fixes alongside. While the probability of successful exploitation is low, Tenable is committed to securing our customers environments and our products. The updates have been distributed via the Tenable plugin feed in feed serial numbers equal to or greater than #202212212055.	Nessus Tenable Io Tenable Sc And others...
CVE-2023-0476	Jan 26, 2023	Tenable.sc LDAP Injection via Blind LDAP in Active Directory A LDAP injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could generate data in Active Directory using the application account through blind LDAP injection.	Tenable Sc
CVE-2023-24493	Jan 26, 2023	Formula Injection in Tenable.sc Report Export A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could leverage the reporting system to export reports containing formulas, which would then require a victim to approve and execute on a host.	Tenable Sc
CVE-2023-24494	Jan 26, 2023	Stored XSS in Tenable.sc via Improper Input Validation A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session.	Tenable Sc
CVE-2023-24495	Jan 26, 2023	SSRF in Tenable.sc via Improper Session Input Validation A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. A privileged, authenticated remote attacker could interact with external and internal services covertly.	Tenable Sc
CVE-2023-0101	Jan 20, 2023	Privilege Escalation in Nessus 8.10.1-8.15.8 & 10.0.0-10.4.1 via Crafted File A privilege escalation vulnerability was identified in Nessus versions 8.10.1 through 8.15.8 and 10.0.0 through 10.4.1. An authenticated attacker could potentially execute a specially crafted file to obtain root or NT AUTHORITY / SYSTEM privileges on the Nessus host.	Nessus
CVE-2022-3499	Oct 31, 2022	Agent-Node linking key disclosure (CVE-2022-3499) An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a scenario where unauthorized disclosure of agent logs and data is present.	Nessus
CVE-2022-33757	Oct 25, 2022	Nessus Web UI Priv Esc: Read Debug Log Without Rights An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to reach the Nessus instance.	Nessus
CVE-2022-28291	Oct 17, 2022	Credential Disclosure via Process Dump in Nessus Ess/Pro Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the nessusd process in cleartext via process dumping. The affected products are all versions of Nessus Essentials and Professional. The vulnerability allows an attacker to access credentials stored in Nessus scanners, potentially compromising its customers network of assets.	Nessus
CVE-2022-32973	Jun 21, 2022	An authenticated attacker could create an audit file An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges.	Nessus
CVE-2022-32974	Jun 21, 2022	An authenticated attacker could read arbitrary files An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials.	Nessus
CVE-2022-24828	Apr 13, 2022	Composer is a dependency manager for the PHP programming language Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control the `$file` or `$identifier` argument. This leads to a vulnerability on packagist.org for example where the composer.json's `readme` field can be used as a vector for injecting parameters into hg/Mercurial via the `$file` argument, or git via the `$identifier` argument if you allow arbitrary data there (Packagist does not, but maybe other integrators do). Composer itself should not be affected by the vulnerability as it does not call `getFileContent` with arbitrary data into `$file`/`$identifier`. To the best of our knowledge this was not abused, and the vulnerability has been patched on packagist.org and Private Packagist within a day of the vulnerability report.	Tenable Sc
CVE-2022-24785	Apr 04, 2022	Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.	Tenable Sc
CVE-2022-0778	Mar 15, 2022	The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).	Nessus
CVE-2022-23990	Jan 26, 2022	Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.	Nessus
CVE-2022-23852	Jan 24, 2022	Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.	Nessus
CVE-2022-0130	Jan 14, 2022	Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remote code execution vulnerability which could Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remote code execution vulnerability which could allow a remote, unauthenticated attacker to execute code under special circumstances. An attacker would first have to stage a specific file type in the web server root of the Tenable.sc host prior to remote exploitation.	Tenable Sc
CVE-2022-22824	Jan 10, 2022	defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.	Nessus
CVE-2022-22825	Jan 10, 2022	lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.	Nessus
CVE-2022-22823	Jan 10, 2022	build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.	Nessus