Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rapid7 vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2019-5640
Rapid7 Nexpose versions before 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage...
Rapid7 Nexpose
5.4
CVSSv3
CVE-2021-31868
Rapid7 Nexpose version 6.6.95 and previous versions allows authenticated users of the Security Console to view and edit any ticket in the legacy ticketing feature, regardless of the assignment of the ticket. This issue was resolved in version 6.6.96, released on August 4, 2021.
Rapid7 Nexpose
4.8
CVSSv3
CVE-2021-3619
Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentication persistent cross-site scripting (XSS) issue, where an authenticated user could abuse MIME filetype sniffing to embed executable code on a malicious upload. This issue was fixed in version 0.6.0. Note that ...
Rapid7 Velociraptor
6.1
CVSSv3
CVE-2021-3535
Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console's Filtered Asset Search feature. A specific search criterion and operator combination in Filtered Asset Search could have allowed a user to pass code through th...
Rapid7 Nexpose
8.8
CVSSv3
CVE-2020-7385
By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance on the vulnerable Distributed Ruby class functions. Since Metasploit Framework ty...
Rapid7 Metasploit
7.8
CVSSv3
CVE-2020-7384
Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine.
Rapid7 Metasploit
3 Github repositories
8.1
CVSSv3
CVE-2020-7383
A SQL Injection issue in Rapid7 Nexpose version before 6.6.49 that may have allowed an authenticated user with a low permission level to access resources & make changes they should not have been able to access.
Rapid7 Nexpose
6.5
CVSSv3
CVE-2020-7358
In AppSpider installer versions before 7.2.126, the AppSpider installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called dur...
Rapid7 Appspider
7.8
CVSSv3
CVE-2020-7381
In Rapid7 Nexpose installer versions before 6.6.40, the Nexpose installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called d...
Rapid7 Nexpose
6.5
CVSSv3
CVE-2020-7382
Rapid7 Nexpose installer version before 6.6.40 contains an Unquoted Search Path which may allow an attacker on the local machine to insert an arbitrary file into the executable path. This issue affects: Rapid7 Nexpose versions before 6.6.40.
Rapid7 Nexpose
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »