Known Vulnerabilities for products from Rapid7
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Rapid7".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-4837 json | Not Provided | 2026-04-08 | 2026-04-08 | |
| CVE-2023-5950 json | Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability ... | 6.1 - MEDIUM | 2023-11-06 | 2023-11-14 |
| CVE-2023-2273 json | Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsaniti... | 7.5 - HIGH | 2023-04-26 | 2023-05-04 |
| CVE-2023-2226 json | Due to insufficient validation in the PE and OLE parsers in Rapid7's Velociraptor versions earlier than 0.6.8 allows attacker... | 5.3 - MEDIUM | 2023-04-21 | 2023-05-03 |
| CVE-2023-1699 json | Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This vulnerability allows an attacker ... | 9.8 - CRITICAL | 2023-03-30 | 2023-11-07 |
| CVE-2023-1306 json | An authenticated attacker can leverage an exposed resource.db() accessor method to smuggle Python method calls via a Jinja te... | 8.8 - HIGH | 2023-03-21 | 2023-11-07 |
| CVE-2023-1305 json | An authenticated attacker can leverage an exposed “box” object to read and write arbitrary files from disk, provided thos... | 8.1 - HIGH | 2023-03-21 | 2023-11-07 |
| CVE-2023-1304 json | An authenticated attacker can leverage an exposed getattr() method via a Jinja template to smuggle OS commands and perform ot... | 8.8 - HIGH | 2023-03-21 | 2023-11-07 |
| CVE-2023-0681 json | Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redirect vulnerability, whereby an attacker has the ability ... | 6.1 - MEDIUM | 2023-03-20 | 2023-11-07 |
| CVE-2023-0599 json | Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of Jav... | 4.8 - MEDIUM | 2023-02-01 | 2023-11-07 |
| CVE-2023-0290 json | Rapid7 Velociraptor did not properly sanitize the client ID parameter to the CreateCollection API, allowing a directory trave... | 4.3 - MEDIUM | 2023-01-18 | 2023-11-07 |
| CVE-2023-0242 json | Rapid7 Velociraptor allows users to be created with different privileges on the server. Administrators are generally allowed ... | 8.8 - HIGH | 2023-01-18 | 2023-11-07 |
| CVE-2022-35632 json | The Velociraptor GUI contains an editor suggestion feature that can display the description field of a VQL function, plugin o... | 4.8 - MEDIUM | 2022-07-29 | 2022-08-04 |
| CVE-2022-35631 json | On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable file name with a symlink to ... | 5.5 - MEDIUM | 2022-07-29 | 2022-08-04 |
| CVE-2022-35630 json | A cross-site scripting (XSS) issue in generating a collection report made it possible for malicious clients to inject JavaScr... | 6.1 - MEDIUM | 2022-07-29 | 2022-08-04 |
| CVE-2022-35629 json | Due to a bug in the handling of the communication between the client and server, it was possible for one client, already regi... | 5.4 - MEDIUM | 2022-07-29 | 2023-07-21 |
| CVE-2022-4261 json | Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. This ... | 6.5 - MEDIUM | 2022-12-08 | 2023-11-07 |
| CVE-2022-3913 json | Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to validate the certificate of the update server when downl... | 5.3 - MEDIUM | 2023-02-01 | 2023-11-07 |
| CVE-2022-0758 json | Rapid7 Nexpose versions 6.6.129 and earlier suffer from a reflected cross site scripting vulnerability, within the shared sca... | 6.1 - MEDIUM | 2022-03-17 | 2022-03-24 |
| CVE-2022-0757 json | Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators ... | 8.8 - HIGH | 2022-03-17 | 2022-04-07 |
Known software with vulnerabilities from Rapid7
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Rapid7 | Appspider | 3.8.189 |
| Application | Rapid7 | Appspider Pro | - |
| Application | Rapid7 | Insightappsec | 2017.07.10 |
| Application | Rapid7 | Insightvm | 6.4.31 |
| Application | Rapid7 | Insight Agent | 2.5.2 |
| Application | Rapid7 | Insight Collector | 1.0.15 |
| Application | Rapid7 | Komand | 0.10.0 |
| Application | Rapid7 | Metasploit | 4.11.7 |
| Application | Rapid7 | Nexpose | 5.4 |