Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Rapid7 — Vulnerabilities & Security Advisories 84

Browse all 84 CVE security advisories affecting Rapid7. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Rapid7:NexposeVelociraptorInsight AgentAppSpider ProMetasploit FrameworkMetasploit ProInsightVMMetasploitInsightCloudSecAppSpiderInsight PlatformKomandMetasploit (Pro, Express, and Community editions)Nexpose hardware applianceNexpose Virtual ApplianceNexpose/InsightVM Security ConsoleInsightAppSecRapid7 NexposeInsight CollectorMinervaInsightVM/NexposeVulnerability Management
CVE IDTitleCVSSSeverityPublished
CVE-2026-6482 Local Privilege Escalation via OpenSSL configuration file in Insight Agent — Insight AgentCWE-829 7.8AIHighAI2026-04-17
CVE-2026-6290 Velociraptor Query() Plugin Misapplies Permissions To Orgs — VelociraptorCWE-863 8.0 High2026-04-15
CVE-2026-4482 Insight Agent Private Key Information Disclosure via Inherited File Permissions — Insight AgentCWE-732 7.1 -2026-04-10
CVE-2026-5329 Rapid7 Velociraptor Improper Input Validation in Client Message Handler — VelociraptorCWE-20 8.5 High2026-04-09
CVE-2026-4837 Eval Injection in Rapid7 Insight Agent — Insight AgentCWE-95 6.6 Medium2026-04-08
CVE-2026-1568 Rapid7 InsightVM Signature Validation Vulnerability — Vulnerability ManagementCWE-347 9.6 Critical2026-02-03
CVE-2026-1814 Rapid7 Nexpose Insecure Java Keystore Password Generation — InsightVM/NexposeCWE-331 9.1AICriticalAI2026-02-03
CVE-2025-14728 Rapid7 Velociraptor Directory Traversal Vulnerability — VelociraptorCWE-22 6.8 Medium2025-12-29
CVE-2025-11195 Rapid7 AppSpider Project Name Validation Bypass — AppSpider ProCWE-20 3.3 Low2025-09-30
CVE-2025-36857 Rapid7 Appspider Broken Access Control Vulnerability — Appspider ProCWE-276 3.3 Low2025-09-25
CVE-2025-6264 Velociraptor priviledge escalation via UpdateConfig artifact — VelociraptorCWE-276 5.5 Medium2025-06-20
CVE-2025-4951 Rapid7 AppSpider Pro 安全漏洞 — AppSpider ProCWE-79 4.6 Medium2025-05-20
CVE-2025-0914 Velociraptor Shell Plugin Prevent_execve Bypass — VelociraptorCWE-281 3.8 Low2025-02-27
CVE-2024-11401 Rapid7 Insight Platform Privilege Escalation Vulnerability — Insight PlatformCWE-862 8.1 -2024-12-11
CVE-2024-10526 Rapid7 Velociraptor Local Privilege Escalation In Windows Velociraptor Service — VelociraptorCWE-552 7.8AIHighAI2024-11-07
CVE-2024-8042 Rapid7 Insight Platform Unauthorized Empty Group Creation — Insight PlatformCWE-862 2.4 Low2024-09-09
CVE-2024-6504 Rapid7 InsightVM Protection Mechanism Failure — InsightVMCWE-770 4.3 Medium2024-07-18
CVE-2024-3185 Rapid7 Insight Agent Sensitive Key Exposed To Local Users — Insight AgentCWE-1284 6.8 Medium2024-04-23
CVE-2024-0394 Rapid7 Minerva Armor Privilege Escalation — MinervaCWE-862 7.8 High2024-04-03
CVE-2024-2745 Rapid7 InsightVM Sensitive Information Exposure via URL — InsightVMCWE-598 3.3 Low2024-04-02
CVE-2023-5950 Rapid7 Velociraptor Reflected XSS — VelociraptorCWE-79 8.6 High2023-11-06
CVE-2023-2273 Rapid7 Insight Agent Directory Traversal — Insight AgentCWE-22 5.8 Medium2023-04-26
CVE-2023-2226 Velociraptor crashes while parsing some malformed PE or OLE files. — VelociraptorCWE-125 3.3 Low2023-04-21
CVE-2023-1699 Rapid7 Nexpose Forced Browsing — NexposeCWE-425 4.3 Medium2023-03-30
CVE-2021-3844 Rapid7 InsightVM Insufficient Session Expiration — InsightVMCWE-613 5.7 Medium2023-03-24
CVE-2023-1306 Rapid7 InsightCloudSec resource.db() method access — InsightCloudSecCWE-94 8.8 -2023-03-21
CVE-2023-1305 Rapid7 InsightCloudSec box object access — InsightCloudSecCWE-653 8.1 -2023-03-21
CVE-2023-1304 Rapid7 InsightCloudSec getattr() method access — InsightCloudSecCWE-94 8.8 -2023-03-21
CVE-2023-0681 Rapid7 Nexpose Uncontrolled URL Redirect — NexposeCWE-601 4.3 Medium2023-03-20
CVE-2023-0599 Rapid7 Metasploit Pro Stored XSS — Metasploit ProCWE-79 6.1 Medium2023-02-01

This page lists every published CVE security advisory associated with Rapid7. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.