Every CVE whose affected-product data names Tenable Nessus Agent, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2025-36633 — CVSS 8.8 (high): In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could arbitrarily delete local…
CVE-2025-36631 — CVSS 8.4 (high): In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local…
CVE-2025-36632 — CVSS 7.8 (high): In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM…
CVE-2020-5793 — CVSS 7.8 (high): A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated…
CVE-2021-3450 — CVSS 7.4 (high): The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by…
CVE-2021-20118 — CVSS 6.7 (medium): Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local…
CVE-2023-5847 — CVSS 6.7 (medium): Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate…
CVE-2021-20117 — CVSS 6.7 (medium): Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local…
CVE-2021-20077 — CVSS 6.7 (medium): Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial…
CVE-2019-16168 — CVSS 6.5 (medium): In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a…
CVE-2026-2026 — CVSS 6.1 (medium): A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized…