VYPR

Securitycenter

by Tenable

CVEs (15)

  • CVE-2026-2630HigFeb 17, 2026
    risk 0.57cvss 8.8epss 0.01

    A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbitrary code on the underlying server where Tenable Security Center is hosted.

  • CVE-2018-1154HigAug 2, 2018
    risk 0.57cvss 8.8epss 0.01

    In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of username aliases via brute force, ultimately facilitating unauthorized access. Server response output has been unified to correct this…

  • CVE-2017-11508HigNov 2, 2017
    risk 0.57cvss 8.8epss 0.01

    SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could exploit this vulnerability by entering a crafted SQL query into the…

  • CVE-2026-2697MedFeb 23, 2026
    risk 0.41cvss 6.3epss 0.00

    An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter.

  • CVE-2018-1155MedAug 2, 2018
    risk 0.35cvss 5.4epss 0.01

    In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area. Properly updated input validation techniques have been implemented to…

  • CVE-2025-36636MedOct 8, 2025
    risk 0.28cvss 4.3epss 0.00

    In Tenable Security Center versions prior to 6.7.0, an improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope.

  • CVE-2024-12174LowDec 9, 2024
    risk 0.18cvss 2.7epss 0.00

    An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged attacker could intercept email messages sent from Security Center via a rogue SMTP server.

  • CVE-2007-2584May 10, 2007
    risk 0.04cvss epss 0.10

    Buffer overflow in the IsOldAppInstalled function in the McSubMgr.McSubMgr Subscription Manager ActiveX control (MCSUBMGR.DLL) in McAfee SecurityCenter before 6.0.25 and 7.x before 7.2.147 allows remote attackers to execute arbitrary code via a crafted argument.

  • CVE-2026-2698Feb 23, 2026
    risk 0.00cvss epss 0.00

    An improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope.

  • CVE-2024-5759Jun 12, 2024
    risk 0.00cvss epss 0.00

    An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required privileges

  • CVE-2024-1891Jun 12, 2024
    risk 0.00cvss epss 0.00

    A stored cross site scripting vulnerability exists in Tenable Security Center where an authenticated, remote attacker could inject HTML code into a web application scan result page.

  • CVE-2024-1471Feb 14, 2024
    risk 0.00cvss epss 0.00

    An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Repository parameters, which could lead to HTML redirection attacks.

  • CVE-2024-1367Feb 14, 2024
    risk 0.00cvss epss 0.02

    A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters, which could lead to the execution of arbitrary code on the Security Center host.

  • CVE-2023-2005Jun 26, 2023
    risk 0.00cvss epss 0.00

    Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 . This vulnerability could allow…

  • CVE-2013-5911Sep 24, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in devform.php in Tenable SecurityCenter 4.6 through 4.7 allows remote attackers to inject arbitrary web script or HTML via the message parameter.