Filtered by vendor Rapid7
Subscribe
Total
78 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-6493 | 1 Rapid7 | 1 Nexpose | 2026-04-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console before 5.5.4 allows remote attackers to hijack the authentication of unspecified victims for requests that delete scan data and sites via a request to data/site/delete. | |||||
| CVE-2026-6482 | 1 Rapid7 | 1 Insight Agent | 2026-04-28 | N/A | 7.8 HIGH |
| The Rapid7 Insight Agent (versions > 4.1.0.2) is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard users. By planting a crafted openssl.cnf file an attacker can trick the high-privilege service into executing arbitrary commands. This effectively permits an unprivileged user to bypass security controls and achieve a full host compromise under the agent’s SYSTEM level access. | |||||
| CVE-2026-5329 | 1 Rapid7 | 1 Velociraptor | 2026-04-28 | N/A | 8.5 HIGH |
| Rapid7 Velociraptor versions prior to 0.76.2 contain an improper input validation vulnerability in the client monitoring message handler on the Velociraptor server (primarily Linux) that allows an authenticated remote attacker to write to arbitrary internal server queues via a crafted monitoring message with a malicious queue name. The server handler that receives client monitoring messages does not sufficiently validate the queue name supplied by the client, allowing a rogue client to write arbitrary messages to privileged internal queues. This may lead to remote code execution on the Velociraptor server. Rapid7 Hosted Velociraptor instances are not affected by this vulnerability. | |||||
| CVE-2026-6290 | 1 Rapid7 | 1 Velociraptor | 2026-04-23 | N/A | 8.0 HIGH |
| Velociraptor versions prior to 0.76.3 contain a vulnerability in the query() plugin which allows access to all orgs with the user's current ACL token. This allows an authenticated GUI user with access in one org, to use the query() plugin, in a notebook cell, to run VQL queries on other orgs which they may not have access to. The user's permissions in the other org are the same as the permissions they have in the org containing the notebook. | |||||
| CVE-2025-14728 | 2 Linux, Rapid7 | 2 Linux Kernel, Velociraptor | 2026-02-20 | N/A | 6.8 MEDIUM |
| Rapid7 Velociraptor versions before 0.75.6 contain a directory traversal issue on Linux servers that allows a rogue client to upload a file which is written outside the datastore directory. Velociraptor is normally only allowed to write in the datastore directory. The issue occurs due to insufficient sanitization of directory names which end with a ".", only encoding the final "." AS "%2E". Although files can be written to incorrect locations, the containing directory must end with "%2E". This limits the impact of this vulnerability, and prevents it from overwriting critical files. | |||||
| CVE-2025-4951 | 1 Rapid7 | 1 Appspider Pro | 2025-12-11 | N/A | 4.6 MEDIUM |
| Editions of Rapid7 AppSpider Pro before version 7.5.018 is vulnerable to a stored cross-site scripting vulnerability in the "ScanName" field. Despite the application preventing the inclusion of special characters within the "ScanName" field, this could be bypassed by modifying the configuration file directly. This is fixed as of version 7.5.018 | |||||
| CVE-2025-36857 | 1 Rapid7 | 1 Appspider Pro | 2025-12-11 | N/A | 3.3 LOW |
| Rapid7 Appspider Pro versions below 7.5.021, suffer from a broken access control vulnerability in the application's configuration file loading mechanism, whereby an attacker can place files in directories belonging to other users or projects. Affected versions allow standard users to add custom configuration files. These files, which are loaded in alphabetical order, can override or change the settings of the original configuration files, creating a security vulnerability. This issue stems from improper directory access management. This vulnerability was remediated in version 7.5.021 of the product. | |||||
| CVE-2025-6264 | 1 Rapid7 | 1 Velociraptor | 2025-10-23 | N/A | 5.5 MEDIUM |
| Velociraptor allows collection of VQL queries packaged into Artifacts from endpoints. These artifacts can be used to do anything and usually run with elevated permissions. To limit access to some dangerous artifact, Velociraptor allows for those to require high permissions like EXECVE to launch. The Admin.Client.UpdateClientConfig is an artifact used to update the client's configuration. This artifact did not enforce an additional required permission, allowing users with COLLECT_CLIENT permissions (normally given by the "Investigator" role) to collect it from endpoints and update the configuration. This can lead to arbitrary command execution and endpoint takeover. To successfully exploit this vulnerability the user must already have access to collect artifacts from the endpoint (i.e. have the COLLECT_CLIENT given typically by the "Investigator' role). | |||||
| CVE-2025-11195 | 1 Rapid7 | 1 Appspider Pro | 2025-10-08 | N/A | 3.3 LOW |
| Rapid7 AppSpider Pro versions below 7.5.021 suffer from a project name validation vulnerability, whereby an attacker can change the project name directly in the configuration file to a name that already exists. This issue stems from a lack of effective verification of the uniqueness of project names when editing them outside the application in affected versions. This vulnerability was remediated in version 7.5.021 of the product. | |||||
| CVE-2024-6504 | 1 Rapid7 | 1 Insightvm | 2025-09-05 | N/A | 4.3 MEDIUM |
| Rapid7 InsightVM Console versions below 6.6.260 suffer from a protection mechanism failure whereby an attacker with network access to the InsightVM Console can cause it to overload or crash by sending repeated invalid REST requests in a short timeframe, to the Console's port 443 causing the console to enter an exception handling logging loop, exhausting the CPU. There is no indication that an attacker can use this method to escalate privilege, acquire unauthorized access to data, or gain control of protected resources. This issue is fixed in version 6.6.261. | |||||
| CVE-2017-5236 | 1 Rapid7 | 1 Appspider Pro | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. | |||||
| CVE-2017-5231 | 1 Rapid7 | 1 Metasploit | 2025-04-20 | 5.1 MEDIUM | 7.1 HIGH |
| All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmd_download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance. | |||||
| CVE-2017-5240 | 1 Rapid7 | 1 Appspider Pro | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component. A malicious or malformed Flash source file can cause a denial of service condition when parsed by this component, causing the application to crash. | |||||
| CVE-2017-5243 | 1 Rapid7 | 1 Nexpose | 2025-04-20 | 6.8 MEDIUM | 8.5 HIGH |
| The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. As a result, it falls back to allowing ALL algorithms supported by the relevant version of OpenSSH and makes the installations vulnerable to a range of MITM, downgrade, and decryption attacks. | |||||
| CVE-2017-5229 | 1 Rapid7 | 1 Metasploit | 2025-04-20 | 5.1 MEDIUM | 7.1 HIGH |
| All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance. | |||||
| CVE-2017-5264 | 1 Rapid7 | 1 Nexpose | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack. | |||||
| CVE-2017-5234 | 1 Rapid7 | 1 Insight Collector | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| Rapid7 Insight Collector installers prior to version 1.0.16 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. | |||||
| CVE-2017-5233 | 1 Rapid7 | 1 Appspider Pro | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. | |||||
| CVE-2017-5235 | 1 Rapid7 | 1 Metasploit | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. | |||||
| CVE-2017-5244 | 1 Rapid7 | 1 Metasploit | 2025-04-20 | 3.5 LOW | 3.5 LOW |
| Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This could have allowed an attacker to stop currently-running Metasploit tasks by getting an authenticated user to execute JavaScript. As of Metasploit 4.14.0 (Update 2017061301), the routes for stopping tasks only allow POST requests, which validate the presence of a secret token to prevent CSRF attacks. | |||||