Tenable recently worked with Synacktiv to perform security testing for Nessus, as part of an ongoing initiative to proactively address security issues. During the test, their team found two issues that may impact a Nessus vulnerability scanner. Both issues require user authentication to exploit: CVE-2016-82012 - Stored XSS CVE-2016-82013 - XML External Entity (XXE) Expansion DoS Note that the CVSS score reflects the higher of the two issues (XXE). Further, Tenable strongly recommends that these products be installed on a subnet that is not Internet addressable.
Vulmon