Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

velociraptor — Vulnerabilities & Security Advisories 19

All 19 CVE vulnerabilities found in velociraptor, with AI-generated Chinese analysis, references, and POCs.

Vendor: Rapid7

CVE IDTitleCVSSSeverityPublished
CVE-2026-6863 HTTP Filestore Endpoints Misapply Permissions Across Organizations CWE-863 6.8 Medium2026-05-06
CVE-2026-7572 Velociraptor EVTX Parser — Process Crash via Crafted .evtx File CWE-193 4.4 Medium2026-05-06
CVE-2026-7573 GetUserRoles API endpoint allows any authenticated user to enumerate ACL policies across all organizations CWE-639 5.0 Medium2026-05-06
CVE-2026-6948 Unbounded Memory Allocation in VQLResponse Result-Set Writer CWE-770 4.9 Medium2026-05-03
CVE-2026-6290 Velociraptor Query() Plugin Misapplies Permissions To Orgs CWE-863 8.0 High2026-04-15
CVE-2026-5329 Rapid7 Velociraptor Improper Input Validation in Client Message Handler CWE-20 8.5 High2026-04-09
CVE-2025-14728 Rapid7 Velociraptor Directory Traversal Vulnerability CWE-22 6.8 Medium2025-12-29
CVE-2025-6264 Velociraptor priviledge escalation via UpdateConfig artifact CWE-276 5.5 Medium2025-06-20
CVE-2025-0914 Velociraptor Shell Plugin Prevent_execve Bypass CWE-281 3.8 Low2025-02-27
CVE-2024-10526 Rapid7 Velociraptor Local Privilege Escalation In Windows Velociraptor Service CWE-552 7.8AIHighAI2024-11-07
CVE-2023-5950 Rapid7 Velociraptor Reflected XSS CWE-79 8.6 High2023-11-06
CVE-2023-2226 Velociraptor crashes while parsing some malformed PE or OLE files. CWE-125 3.3 Low2023-04-21
CVE-2023-0290 Rapid7 Velociraptor directory traversal in client ID parameter CWE-22 4.3 -2023-01-18
CVE-2023-0242 Insufficient permission check in the VQL copy() function CWE-269 8.8 -2023-01-18
CVE-2022-35632 XSS in User Interface CWE-79 4.8 -2022-07-29
CVE-2022-35631 Filesystem race on temporary files CWE-377 5.5 -2022-07-29
CVE-2022-35630 Unsafe HTML Injection in Artifact Collection Report CWE-79 5.4 -2022-07-29
CVE-2022-35629 Velociraptor Client ID Spoofing CWE-287 4.3 -2022-07-29
CVE-2021-3619 Rapid7 Velociraptor Notebooks Authenticated Persistent XSS CWE-79 3.5 Low2021-08-17

All 19 known CVE vulnerabilities affecting velociraptor with full Chinese analysis, references, and POCs where available.