Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rapid7 security vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-6493
Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console prior to 5.5.4 allows remote malicious users to hijack the authentication of unspecified victims for requests that delete scan data and sites via a request to data/site/delete.
Rapid7 Nexpose
Rapid7 Nexpose 5.5.1
Rapid7 Nexpose 5.4.12
Rapid7 Nexpose 5.4.11
Rapid7 Nexpose 5.4.10
Rapid7 Nexpose 5.4.5
Rapid7 Nexpose 5.4.4
Rapid7 Nexpose 5.4.3
Rapid7 Nexpose 5.4.2
Rapid7 Nexpose 5.4.9
Rapid7 Nexpose 5.4.7
Rapid7 Nexpose 5.4
Rapid7 Nexpose 5.4.8
Rapid7 Nexpose 5.4.6
Rapid7 Nexpose 5.4.1
1 EDB exploit
6.1
CVSSv3
CVE-2012-6494
Rapid7 Nexpose prior to 5.5.4 contains a session hijacking vulnerability which allows remote malicious users to capture a user's session and gain unauthorized access.
Rapid7 Nexpose
6.1
CVSSv3
CVE-2021-3535
Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console's Filtered Asset Search feature. A specific search criterion and operator combination in Filtered Asset Search could have allowed a user to pass code through th...
Rapid7 Nexpose
8.8
CVSSv3
CVE-2019-5630
A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 up to and including 6.5.68. This issue allows malicious users to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a cross-domain pre-flig...
Rapid7 Nexpose
5.4
CVSSv3
CVE-2021-31868
Rapid7 Nexpose version 6.6.95 and previous versions allows authenticated users of the Security Console to view and edit any ticket in the legacy ticketing feature, regardless of the assignment of the ticket. This issue was resolved in version 6.6.96, released on August 4, 2021.
Rapid7 Nexpose
7.8
CVSSv3
CVE-2020-7381
In Rapid7 Nexpose installer versions before 6.6.40, the Nexpose installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called d...
Rapid7 Nexpose
4.8
CVSSv3
CVE-2021-3619
Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentication persistent cross-site scripting (XSS) issue, where an authenticated user could abuse MIME filetype sniffing to embed executable code on a malicious upload. This issue was fixed in version 0.6.0. Note that ...
Rapid7 Velociraptor
6.5
CVSSv3
CVE-2019-5615
Users with Site-level permissions can access files containing the username-encrypted passwords of Security Console Global Administrators and clear-text passwords for restoring backups, as well as the salt for those passwords. Valid credentials are required to access these files a...
Rapid7 Insightvm
8.8
CVSSv3
CVE-2019-5638
Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credent...
Rapid7 Nexpose
5.4
CVSSv3
CVE-2021-3844
Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user acc...
Rapid7 Insightvm
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »