Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rapid7 metasploit vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-7355
Cross-site Scripting (XSS) vulnerability in the 'notes' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target store an XSS sequence in the Metasploit Pro console, which will trigger when th...
Rapid7 Metasploit
Rapid7 Metasploit 4.17.1
2 Github repositories
3.3
CVSSv3
CVE-2019-5642
Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is in...
Rapid7 Metasploit
Rapid7 Metasploit 4.16.0
5.4
CVSSv3
CVE-2020-7354
Cross-site Scripting (XSS) vulnerability in the 'host' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target to store an XSS sequence in the Metasploit Pro console, which will trigger when ...
Rapid7 Metasploit
Rapid7 Metasploit 4.17.1
2 Github repositories
7.1
CVSSv3
CVE-2017-5231
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmd_download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directo...
Rapid7 Metasploit
6.5
CVSSv3
CVE-2017-15084
The web UI in Rapid7 Metasploit prior to 4.14.1-20170828 allows logout CSRF, aka R7-2017-22.
Rapid7 Metasploit
1 EDB exploit
7.3
CVSSv3
CVE-2019-5624
Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in the Zip import function of Metasploit. Exploiting this vulnerability can allow an malicious user to execute arbitrary code i...
Rapid7 Metasploit
1 Github repository
7.5
CVSSv3
CVE-2019-5645
By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When evaluated, this malicious handler can either prevent new HTTP handler sessions from being established, or cause a resource...
Rapid7 Metasploit
7.8
CVSSv3
CVE-2020-7384
Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine.
Rapid7 Metasploit
2 Github repositories
4.8
CVSSv3
CVE-2023-0599
Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser a...
Rapid7 Metasploit
7.8
CVSSv3
CVE-2020-7350
Rapid7 Metasploit Framework versions prior to 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer's hostname or service name. An attacker can create a specially-crafted hostn...
Rapid7 Metasploit
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
unprivileged
privilege escalation
CVE-2024-57040
morning
CVE-2025-24801
CVE-2025-24813
CVE-2025-29930
CVE-2024-10442
smartos
CVE-2025-0694
cryptolib
mbconnect24
local users
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »
Vulmon