Aggregates CVE and security vulnerability intelligence across all Tenable-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk ssrf, vendor risk sql injection, and vendor risk path handling and related problems; some flaws may lead to vendor impact file overwrite and vendor impact unauthorized access.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-47358 | Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced within those templates via hashicorp/go-getter with all default detectors enabled, including FileDetector. An unauthenticated remote attacker can upload an ARM template containing a templateLink.uri or parametersLink.uri fiel | [email protected] | 9.2 | 0.04% | 2026-05-19 | 2026-05-20 |
| CVE-2026-47357 | Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the remote_url parameter in the remote directory scan endpoint (POST /v1/{iac}/{iacVersion}/{cloud}/remote/dir/scan) when running in server mode. An unauthenticated remote attacker can supply an attacker-controlled HTTP URL as remote_url with remote_type set to "http". The URL is passed directly to hashicorp/go-getter (v1.7.5) without validation. Go-getter's HttpGetter supports the X-Terraform-Get response heade | [email protected] | 9.2 | 0.03% | 2026-05-19 | 2026-05-20 |
| CVE-2026-47356 | Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the webhook_url parameter in the file scan endpoint (POST /v1/{iac}/{iacVersion}/{cloud}/local/file/scan) when running in server mode. An unauthenticated remote attacker can supply an arbitrary URL as the webhook_url multipart form parameter. After scanning the uploaded file, Terrascan sends an HTTP POST request to the attacker-controlled URL containing the full scan results as a JSON body, with the attacker-sup | [email protected] | 8.7 | 0.04% | 2026-05-19 | 2026-05-20 |
| CVE-2026-2698 | An improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope. | [email protected] | 5.7 | 0.03% | 2026-02-23 | 2026-02-26 |
| CVE-2026-2697 | An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter. | [email protected] | 2.1 | 0.09% | 2026-02-23 | 2026-04-29 |
| CVE-2026-2026 | A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks. | [email protected] | 5.4 | 0.01% | 2026-02-13 | 2026-02-24 |
| CVE-2025-36630 | In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege. | [email protected] | 8.4 | 0.06% | 2025-07-02 | 2025-10-15 |
| CVE-2025-36632 | In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege. | [email protected] | 7.8 | 0.06% | 2025-06-16 | 2025-10-21 |
| CVE-2025-36633 | In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could arbitrarily delete local system files with SYSTEM privilege, potentially leading to local privilege escalation. | [email protected] | 8.8 | 0.01% | 2025-06-13 | 2025-10-23 |
| CVE-2025-36631 | In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege. | [email protected] | 8.4 | 0.07% | 2025-06-13 | 2025-10-23 |
| CVE-2025-24917 | In Tenable Network Monitor versions prior to 6.5.1 on a Windows host, it was found that a non-administrative user could stage files in a local directory to run arbitrary code with SYSTEM privileges, potentially leading to local privilege escalation. | [email protected] | 7.8 | 0.01% | 2025-05-23 | 2025-10-23 |
| CVE-2025-24916 | When installing Tenable Network Monitor to a non-default location on a Windows host, Tenable Network Monitor versions prior to 6.5.1 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. | [email protected] | 7.0 | 0.01% | 2025-05-23 | 2025-10-23 |
| CVE-2024-9158 | A stored cross site scripting vulnerability exists in Nessus Network Monitor where an authenticated, privileged local attacker could inject arbitrary code into the NNM UI via the local CLI. | [email protected] | 8.4 | 0.25% | 2024-09-30 | 2024-10-07 |
| CVE-2024-3232 | A formula injection vulnerability exists in Tenable Identity Exposure where an authenticated remote attacker with administrative privileges could manipulate application form fields in order to trick another administrator into executing CSV payloads. - CVE-2024-3232 | [email protected] | 7.6 | 1.94% | 2024-07-16 | 2025-10-22 |
| CVE-2024-5759 | An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required privileges | [email protected] | 5.4 | 0.64% | 2024-06-12 | 2024-11-21 |
| CVE-2024-1891 | A stored cross site scripting vulnerability exists in Tenable Security Center where an authenticated, remote attacker could inject HTML code into a web application scan result page. | [email protected] | 3.5 | 0.21% | 2024-06-12 | 2024-11-21 |
| CVE-2024-1683 | A DLL injection vulnerability exists where an authenticated, low-privileged local attacker could modify application files on the TIE Secure Relay host, which could allow for overriding of the configuration and running of new Secure Relay services. | [email protected] | 7.3 | 0.03% | 2024-02-23 | 2024-12-17 |
| CVE-2024-1471 | An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Repository parameters, which could lead to HTML redirection attacks. | [email protected] | 5.9 | 0.16% | 2024-02-14 | 2024-11-21 |
| CVE-2024-1367 | A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters, which could lead to the execution of arbitrary code on the Security Center host. | [email protected] | 7.2 | 5.10% | 2024-02-14 | 2024-11-21 |
| CVE-2024-0971 | A SQL injection vulnerability exists where an authenticated, low-privileged remote attacker could potentially alter scan DB content. | [email protected] | 6.5 | 0.12% | 2024-02-07 | 2024-11-21 |