Filtered by vendor Tenable
Subscriptions
Total
166 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-24915 | 1 Tenable | 1 Nessus Agent | 2026-02-26 | 7.8 High |
| When installing Nessus Agent to a non-default location on a Windows host, Nessus Agent versions prior to 10.8.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. | ||||
| CVE-2025-24914 | 1 Tenable | 1 Nessus | 2026-02-26 | 7.8 High |
| When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. - CVE-2025-24914 | ||||
| CVE-2025-24916 | 2 Microsoft, Tenable | 2 Windows, Nessus Network Monitor | 2026-02-26 | 7 High |
| When installing Tenable Network Monitor to a non-default location on a Windows host, Tenable Network Monitor versions prior to 6.5.1 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. | ||||
| CVE-2025-24917 | 2 Microsoft, Tenable | 2 Windows, Nessus Network Monitor | 2026-02-26 | 7.8 High |
| In Tenable Network Monitor versions prior to 6.5.1 on a Windows host, it was found that a non-administrative user could stage files in a local directory to run arbitrary code with SYSTEM privileges, potentially leading to local privilege escalation. | ||||
| CVE-2025-36633 | 2 Microsoft, Tenable | 2 Windows, Nessus Agent | 2026-02-26 | 8.8 High |
| In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could arbitrarily delete local system files with SYSTEM privilege, potentially leading to local privilege escalation. | ||||
| CVE-2026-2697 | 1 Tenable | 1 Security Center | 2026-02-26 | 6.3 Medium |
| An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter. | ||||
| CVE-2026-2698 | 1 Tenable | 1 Security Center | 2026-02-26 | 6.5 Medium |
| An improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope. | ||||
| CVE-2025-36640 | 2 Microsoft, Tenable | 2 Windows, Nessus Agent | 2026-02-26 | 8.8 High |
| A vulnerability has been identified in the installation/uninstallation of the Nessus Agent Tray App on Windows Hosts which could lead to escalation of privileges. | ||||
| CVE-2026-2630 | 1 Tenable | 1 Security Center | 2026-02-26 | 8.8 High |
| A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbitrary code on the underlying server where Tenable Security Center is hosted. | ||||
| CVE-2026-2026 | 2 Microsoft, Tenable | 3 Windows, Agent, Nessus Agent | 2026-02-24 | 6.1 Medium |
| A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks. | ||||
| CVE-2020-11023 | 8 Debian, Drupal, Fedoraproject and 5 more | 78 Debian Linux, Drupal, Fedora and 75 more | 2025-11-07 | 6.9 Medium |
| In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. | ||||
| CVE-2021-41184 | 7 Drupal, Fedoraproject, Jqueryui and 4 more | 36 Drupal, Fedora, Jquery Ui and 33 more | 2025-11-04 | 6.5 Medium |
| jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources. | ||||
| CVE-2022-24785 | 6 Debian, Fedoraproject, Momentjs and 3 more | 16 Debian Linux, Fedora, Moment and 13 more | 2025-11-03 | 7.5 High |
| Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js. | ||||
| CVE-2021-23358 | 5 Debian, Fedoraproject, Redhat and 2 more | 6 Debian Linux, Fedora, Acm and 3 more | 2025-11-03 | 3.3 Low |
| The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized. | ||||
| CVE-2019-11043 | 6 Canonical, Debian, Fedoraproject and 3 more | 26 Ubuntu Linux, Debian Linux, Fedora and 23 more | 2025-11-03 | 8.7 High |
| In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. | ||||
| CVE-2021-40438 | 11 Apache, Broadcom, Debian and 8 more | 45 Http Server, Brocade Fabric Operating System Firmware, Debian Linux and 42 more | 2025-10-27 | 9 Critical |
| A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. | ||||
| CVE-2025-36631 | 2 Microsoft, Tenable | 2 Windows, Nessus Agent | 2025-10-23 | 8.4 High |
| In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege. | ||||
| CVE-2024-3232 | 1 Tenable | 1 Identity Exposure | 2025-10-22 | 7.6 High |
| A formula injection vulnerability exists in Tenable Identity Exposure where an authenticated remote attacker with administrative privileges could manipulate application form fields in order to trick another administrator into executing CSV payloads. - CVE-2024-3232 | ||||
| CVE-2025-36632 | 2 Microsoft, Tenable | 2 Windows, Nessus Agent | 2025-10-21 | 7.8 High |
| In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege. | ||||
| CVE-2025-36630 | 2 Microsoft, Tenable | 2 Windows, Nessus | 2025-10-15 | 8.4 High |
| In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege. | ||||