Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rapid7 vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2019-5640
Rapid7 Nexpose versions before 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage...
Rapid7 Nexpose
5.3
CVSSv3
CVE-2019-5641
Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous ...
Rapid7 Insightvm
7.5
CVSSv3
CVE-2019-5645
By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When evaluated, this malicious handler can either prevent new HTTP handler sessions from being established, or cause a resource...
Rapid7 Metasploit
7.1
CVSSv3
CVE-2019-5647
The Chrome Plugin for Rapid7 AppSpider can incorrectly keep browser sessions active after recording a macro, even after a restart of the Chrome browser. This behavior could make future session hijacking attempts easier, since the user could believe a session was closed when it wa...
Rapid7 Appspider
6.5
CVSSv3
CVE-2019-5615
Users with Site-level permissions can access files containing the username-encrypted passwords of Security Console Global Administrators and clear-text passwords for restoring backups, as well as the salt for those passwords. Valid credentials are required to access these files a...
Rapid7 Insightvm
4.9
CVSSv3
CVE-2018-5559
In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always encrypted-at-rest connection data could return some configurations of connection data without obscuring sensitive data from the API response sent over an encrypted channel. This issue do...
Rapid7 Komand
4.8
CVSSv3
CVE-2021-3619
Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentication persistent cross-site scripting (XSS) issue, where an authenticated user could abuse MIME filetype sniffing to embed executable code on a malicious upload. This issue was fixed in version 0.6.0. Note that ...
Rapid7 Velociraptor
8.8
CVSSv3
CVE-2022-0757
Rapid7 Nexpose versions 6.6.93 and previous versions are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow a logged-in, authenticated malicious user to manipulate the "ANY" and "OR"...
Rapid7 Nexpose
5.3
CVSSv3
CVE-2022-3913
Rapid7 Nexpose and InsightVM versions 6.6.82 up to and including 6.6.177 fail to validate the certificate of the update server when downloading updates. This failure could allow an attacker in a privileged position on the network to provide their own HTTPS endpoint, or intercept ...
Rapid7 Nexpose
7.8
CVSSv3
CVE-2020-7381
In Rapid7 Nexpose installer versions before 6.6.40, the Nexpose installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called d...
Rapid7 Nexpose
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »