Shodan
Vulnerabilities
Vulnerable Software
Tenable:  >> Nessus Agent  >> 6.10.6  Security Vulnerabilities
CVE-2026-2026
A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-02-13
CVE-2025-36632
In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-06-16
CVE-2025-36633
In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could arbitrarily delete local system files with SYSTEM privilege, potentially leading to local privilege escalation.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-06-13
CVE-2025-36631
In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.
CVSS Score
8.4
EPSS Score
0.0
Published
2025-06-13
CVE-2023-5847
Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts.
CVSS Score
6.7
EPSS Score
0.001
Published
2023-11-01
CVE-2021-20118
Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20117.
CVSS Score
6.7
EPSS Score
0.0
Published
2021-09-09
CVE-2021-20117
Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20118.
CVSS Score
6.7
EPSS Score
0.0
Published
2021-09-09
CVE-2019-16168
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
CVSS Score
6.5
EPSS Score
0.008
Published
2019-09-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved