VYPR

Appspider Pro

by Rapid7

CVEs (8)

  • CVE-2017-5236HigMay 3, 2017
    risk 0.51cvss 7.8epss 0.01

    Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.

  • CVE-2017-5233HigMar 2, 2017
    risk 0.51cvss 7.8epss 0.01

    Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.

  • CVE-2017-5240HigMay 3, 2017
    risk 0.49cvss 7.5epss 0.01

    Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component. A malicious or malformed Flash source file can cause a denial of service condition when parsed by this component, causing the application to crash.

  • CVE-2025-11195Sep 30, 2025
    risk 0.00cvss epss 0.00

    Rapid7 AppSpider Pro versions below 7.5.021 suffer from a project name validation vulnerability, whereby an attacker can change the project name directly in the configuration file to a name that already exists. This issue stems from a lack of effective verification of the…

  • CVE-2025-36857Sep 25, 2025
    risk 0.00cvss epss 0.00

    Rapid7 Appspider Pro versions below 7.5.021, suffer from a broken access control vulnerability in the application's configuration file loading mechanism, whereby an attacker can place files in directories belonging to other users or projects. Affected versions allow standard…

  • CVE-2025-4951May 20, 2025
    risk 0.00cvss epss 0.00

    Editions of Rapid7 AppSpider Pro before version 7.5.018 is vulnerable to a stored cross-site scripting vulnerability in the "ScanName" field. Despite the application preventing the inclusion of special characters within the "ScanName" field, this could be bypassed by modifying…

  • CVE-2020-7358Sep 18, 2020
    risk 0.00cvss epss 0.00

    In AppSpider installer versions prior to 7.2.126, the AppSpider installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called…

  • CVE-2019-5647Jan 22, 2020
    risk 0.00cvss epss 0.00

    The Chrome Plugin for Rapid7 AppSpider can incorrectly keep browser sessions active after recording a macro, even after a restart of the Chrome browser. This behavior could make future session hijacking attempts easier, since the user could believe a session was closed when it…