VYPR

Vendor CVEs

Rapid7

All CVEs

101 total · sorted by risk
  • CVE-2017-17411CriDec 21, 2017
    risk 0.74cvss 9.8epss 0.88

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper…

  • CVE-2016-7547CriApr 12, 2017
    risk 0.74cvss 9.8epss 0.93

    A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface.

  • CVE-2017-13696CriJan 24, 2018
    risk 0.73cvss 9.8epss 0.80

    A buffer overflow vulnerability lies in the web server component of Dup Scout Enterprise 9.9.14, Disk Savvy Enterprise 9.9.14, Sync Breeze Enterprise 9.9.16, and Disk Pulse Enterprise 9.9.16 where an attacker can craft a malicious GET request and exploit the web server…

  • CVE-2017-17560CriDec 12, 2017
    risk 0.73cvss 9.8epss 0.73

    An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on…

  • CVE-2022-3365CriJan 28, 2025
    risk 0.67cvss 9.8epss 0.02

    Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a default password when the user does not set a password, the Remote Mouse Server by Emote Interactive can be abused by attackers to inject OS commands over theproduct's custom control…

  • CVE-2025-2611CriAug 5, 2025
    risk 0.64cvss epss 0.06

    The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results in unauthenticated remote code execution in the session handling. Versions…

  • CVE-2026-1568CriFeb 3, 2026
    risk 0.62cvss 9.6epss 0.00

    Rapid7 InsightVM versions before 8.34.0 contain a signature verification issue on the Assertion Consumer Service (ACS) cloud endpoint that could allow an attacker to gain unauthorized access to InsightVM accounts setup via "Security Console" installations, resulting in full…

  • CVE-2017-5264HigDec 14, 2017
    risk 0.60cvss 8.8epss 0.03

    Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack.

  • CVE-2017-17692HigDec 21, 2017
    risk 0.58cvss 7.5epss 0.79

    Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the innerHTML property.

  • CVE-2024-10526HigNov 7, 2024
    risk 0.56cvss epss 0.00

    Rapid7 Velociraptor MSI Installer versions below 0.73.3 suffer from a vulnerability whereby it creates the installation directory with WRITE_DACL permission to the BUILTIN\\Users group. This allows local users who are not administrators to grant themselves the Full Control…

  • CVE-2026-7373HigMay 15, 2026
    risk 0.55cvss epss 0.00

    Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows a user to gain SYSTEM level control of a Windows host. When started the metasploitPostgreSQL service would start the postgres.exe child process which would in turn load an OpenSSL…

  • CVE-2017-5243HigJun 6, 2017
    risk 0.55cvss 8.5epss 0.01

    The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. As a result, it falls back to allowing ALL algorithms supported by the relevant version of OpenSSH and…

  • CVE-2026-6290HigApr 15, 2026
    risk 0.52cvss 8.0epss 0.00

    Velociraptor versions prior to 0.76.3 contain a vulnerability in the query() plugin which allows access to all orgs with the user's current ACL token. This allows an authenticated GUI user with access in one org, to use the query() plugin, in a notebook cell, to run VQL queries…

  • CVE-2026-6482HigApr 17, 2026
    risk 0.51cvss 7.8epss 0.00

    The Rapid7 Insight Agent (versions > 4.1.0.2) is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that…

  • CVE-2024-0394HigApr 3, 2024
    risk 0.51cvss 7.8epss 0.00

    Rapid7 Minerva Armor versions below 4.5.5 suffer from a privilege escalation vulnerability whereby an authenticated attacker can elevate privileges and execute arbitrary code with SYSTEM privilege.  The vulnerability is caused by the product's implementation of…

  • CVE-2017-5236HigMay 3, 2017
    risk 0.51cvss 7.8epss 0.01

    Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.

  • CVE-2017-5235HigMar 2, 2017
    risk 0.51cvss 7.8epss 0.01

    Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.

  • CVE-2017-5234HigMar 2, 2017
    risk 0.51cvss 7.8epss 0.01

    Rapid7 Insight Collector installers prior to version 1.0.16 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.

  • CVE-2017-5233HigMar 2, 2017
    risk 0.51cvss 7.8epss 0.01

    Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.

  • CVE-2017-5232HigMar 2, 2017
    risk 0.51cvss 7.8epss 0.01

    All editions of Rapid7 Nexpose installers prior to version 6.4.24 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.

  • CVE-2017-5240HigMay 3, 2017
    risk 0.49cvss 7.5epss 0.01

    Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component. A malicious or malformed Flash source file can cause a denial of service condition when parsed by this component, causing the application to crash.

  • CVE-2026-5329HigApr 9, 2026
    risk 0.48cvss 8.5epss 0.00

    Rapid7 Velociraptor versions prior to 0.76.2 contain an improper input validation vulnerability in the client monitoring message handler on the Velociraptor server (primarily Linux) that allows an authenticated remote attacker to write to arbitrary internal server queues via a…

  • CVE-2017-5230HigMar 2, 2017
    risk 0.47cvss 7.2epss 0.01

    The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of 'r@p1d7k3y5t0r3' which is not modifiable by the user. The keystore provides storage for saved scan credentials in an otherwise secure location on disk.

  • CVE-2017-5231HigMar 2, 2017
    risk 0.46cvss 7.1epss 0.01

    All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmd_download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary…

  • CVE-2017-5229HigMar 2, 2017
    risk 0.46cvss 7.1epss 0.01

    All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the…

  • CVE-2017-5228HigMar 2, 2017
    risk 0.46cvss 7.1epss 0.01

    All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the…

  • CVE-2017-15084MedOct 6, 2017
    risk 0.45cvss 6.5epss 0.01

    The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22.

  • CVE-2026-8795HigJun 9, 2026
    risk 0.44cvss 7.8epss 0.00

    A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in client_info.json inside a collection ZIP is inserted into a YAML template via Go's text/template without escaping. An attacker…

  • CVE-2026-1814MedFeb 3, 2026
    risk 0.44cvss epss 0.00

    Rapid7 Nexpose versions 6.4.50 and later are vulnerable to an insufficient entropy issue in the CredentialsKeyStorePassword.generateRandomPassword() method. When updating legacy keystore passwords, the application generates a new password with insufficient length (7-12…

  • CVE-2024-3185MedApr 23, 2024
    risk 0.44cvss 6.8epss 0.00

    A key used in logging.json does not follow the least privilege principle by default and is exposed to local users in the Rapid7 Platform. This allows an attacker with local access to a machine with the logging.json file to use that key to authenticate to the platform with high…

  • CVE-2026-4837MedApr 8, 2026
    risk 0.43cvss 6.6epss 0.00

    An eval() injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions could theoretically allow an attacker to achieve remote code execution as root via a crafted beacon response. Because the Agent uses mutual TLS (mTLS) to verify commands from the…

  • CVE-2026-4482MedApr 10, 2026
    risk 0.36cvss 5.5epss 0.00

    The installer certificate files in the …/bootstrap/common/ssl folder do not seem to have restricted permissions on Windows systems (users have read and execute access). For the client.key file in particular, this could potentially lead to exploits, as this exposes agent…

  • CVE-2016-9757MedDec 20, 2016
    risk 0.35cvss 5.4epss 0.01

    In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user interface, any authenticated user who has the capability to create tags can inject cross-site scripting (XSS) elements in the tag name field. Once this tag is viewed in the Tag Detail page of the Rapid7 Nexpose…

  • CVE-2024-11401MedDec 11, 2024
    risk 0.34cvss epss 0.00

    Rapid7 Insight Platform versions prior to November 13th 2024, suffer from a privilege escalation vulnerability whereby, due to a lack of authorization checks, an attacker can successfully update the password policy in the platform settings as a standard user by crafting an API…

  • CVE-2026-7573MedMay 6, 2026
    risk 0.33cvss 5.0epss 0.00

    An authorization bypass (CWE-639) in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy (roles and permissions) for any user across all organizations by supplying…

  • CVE-2026-7572MedMay 6, 2026
    risk 0.29cvss 4.4epss 0.00

    An off-by-one error (CWE-193) in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial of Service (DoS) via a process crash by providing a specially crafted .evtx…

  • CVE-2017-5244LowJun 15, 2017
    risk 0.23cvss 3.5epss 0.01

    Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This could have allowed an attacker to stop currently-running…

  • CVE-2020-7350Apr 22, 2020
    risk 0.08cvss epss 0.05

    Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer's hostname or service name. An attacker can create a specially-crafted hostname or…

  • CVE-2019-5645Sep 1, 2020
    risk 0.06cvss epss 0.42

    By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When evaluated, this malicious handler can either prevent new HTTP handler sessions from being established, or cause a…

  • CVE-2020-7384Oct 29, 2020
    risk 0.05cvss epss 0.31

    Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine.

  • CVE-2012-6493Feb 4, 2014
    risk 0.03cvss epss 0.02

    Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console before 5.5.4 allows remote attackers to hijack the authentication of unspecified victims for requests that delete scan data and sites via a request to data/site/delete.

  • CVE-2026-9153Jun 25, 2026
    risk 0.00cvss epss 0.00

    Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to read arbitrary files via the expression parameter due to insufficient input validation.

  • CVE-2026-9154Jun 25, 2026
    risk 0.00cvss epss 0.00

    Arbitrary File Write vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to write attacker-controlled content to arbitrary file paths via the expression parameter.

  • CVE-2026-9155Jun 25, 2026
    risk 0.00cvss epss 0.01

    OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the expression parameter due to insufficient input validation.

  • CVE-2026-8659Jun 25, 2026
    risk 0.00cvss epss 0.01

    OS Command Injection vulnerability in Rapid7 InsightConnect SQLmap Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the api_host or api_port parameters during connection configuration due to insufficient input validation.

  • CVE-2026-8663Jun 24, 2026
    risk 0.00cvss epss 0.01

    OS Command Injection vulnerability in Rapid7 InsightConnect RPM Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the repo, key, or name parameters due to insufficient input sanitization in shell command construction.

  • CVE-2025-14728Dec 29, 2025
    risk 0.00cvss epss 0.00

    Rapid7 Velociraptor versions before 0.75.6 contain a directory traversal issue on Linux servers that allows a rogue client to upload a file which is written outside the datastore directory. Velociraptor is normally only allowed to write in the datastore directory. The issue…

  • CVE-2025-11195Sep 30, 2025
    risk 0.00cvss epss 0.00

    Rapid7 AppSpider Pro versions below 7.5.021 suffer from a project name validation vulnerability, whereby an attacker can change the project name directly in the configuration file to a name that already exists. This issue stems from a lack of effective verification of the…

  • CVE-2025-36857Sep 25, 2025
    risk 0.00cvss epss 0.00

    Rapid7 Appspider Pro versions below 7.5.021, suffer from a broken access control vulnerability in the application's configuration file loading mechanism, whereby an attacker can place files in directories belonging to other users or projects. Affected versions allow standard…

  • CVE-2025-6264Jun 20, 2025
    risk 0.00cvss epss 0.01

    Velociraptor allows collection of VQL queries packaged into Artifacts from endpoints. These artifacts can be used to do anything and usually run with elevated permissions.  To limit access to some dangerous artifact, Velociraptor allows for those to require high permissions…

Page 1 of 3