This page lists publicly disclosed CVE vulnerabilities affecting tenable security_center (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-2698 | An improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope. | [email protected] | 5.7 | 0.21% | 2026-02-23 | 2026-06-17 |
| CVE-2026-2697 | An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter. | [email protected] | 2.1 | 0.21% | 2026-02-23 | 2026-06-17 |
| CVE-2024-5759 | An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required privileges | [email protected] | 5.4 | 0.30% | 2024-06-12 | 2026-06-17 |
| CVE-2024-1891 | A stored cross site scripting vulnerability exists in Tenable Security Center where an authenticated, remote attacker could inject HTML code into a web application scan result page. | [email protected] | 3.5 | 0.30% | 2024-06-12 | 2026-06-17 |
| CVE-2024-1471 | An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Repository parameters, which could lead to HTML redirection attacks. | [email protected] | 5.9 | 0.41% | 2024-02-14 | 2026-06-17 |
| CVE-2024-1367 | A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters, which could lead to the execution of arbitrary code on the Security Center host. | [email protected] | 7.2 | 1.56% | 2024-02-14 | 2026-06-17 |