Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Rapid7 — Vulnerabilities & Security Advisories 86

Browse all 86 CVE security advisories affecting Rapid7. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Rapid7 operates primarily as a provider of security analytics and vulnerability management solutions, focusing on helping organizations identify, prioritize, and remediate security risks. Historically, its software products have exhibited vulnerabilities typical of complex enterprise applications, including remote code execution, cross-site scripting, and privilege escalation flaws. These issues often stem from improper input validation or insecure default configurations within its InsightVM and Metasploit frameworks. While the company maintains a robust security posture and actively patches disclosed issues, the high volume of recorded CVEs reflects the extensive attack surface inherent in its comprehensive toolset. Notable incidents have generally been resolved through prompt updates, though the frequency of findings underscores the challenges of securing large-scale, feature-rich security platforms. Continuous monitoring and strict access controls remain critical for mitigating these persistent risks.

Top products by Rapid7: Velociraptor Nexpose Insight Agent AppSpider Pro Metasploit Framework Metasploit Pro InsightVM Metasploit InsightCloudSec AppSpider Insight Platform Komand Metasploit (Pro, Express, and Community editions) Nexpose hardware appliance Nexpose Virtual Appliance Nexpose/InsightVM Security Console InsightAppSec Rapid7 Nexpose Insight Collector Minerva InsightVM/Nexpose Vulnerability Management
CVE IDTitleCVSSSeverityPublished
CVE-2026-6863 HTTP Filestore Endpoints Misapply Permissions Across Organizations — VelociraptorCWE-863 6.8 Medium2026-05-06
CVE-2026-6948 Unbounded Memory Allocation in VQLResponse Result-Set Writer — VelociraptorCWE-770 4.9 Medium2026-05-03
CVE-2026-6482 Local Privilege Escalation via OpenSSL configuration file in Insight Agent — Insight AgentCWE-829 7.8AIHighAI2026-04-17
CVE-2026-6290 Velociraptor Query() Plugin Misapplies Permissions To Orgs — VelociraptorCWE-863 8.0 High2026-04-15
CVE-2026-4482 Insight Agent Private Key Information Disclosure via Inherited File Permissions — Insight AgentCWE-732 7.1 -2026-04-10
CVE-2026-5329 Rapid7 Velociraptor Improper Input Validation in Client Message Handler — VelociraptorCWE-20 8.5 High2026-04-09
CVE-2026-4837 Eval Injection in Rapid7 Insight Agent — Insight AgentCWE-95 6.6 Medium2026-04-08
CVE-2026-1568 Rapid7 InsightVM Signature Validation Vulnerability — Vulnerability ManagementCWE-347 9.6 Critical2026-02-03
CVE-2026-1814 Rapid7 Nexpose Insecure Java Keystore Password Generation — InsightVM/NexposeCWE-331 9.1AICriticalAI2026-02-03
CVE-2025-14728 Rapid7 Velociraptor Directory Traversal Vulnerability — VelociraptorCWE-22 6.8 Medium2025-12-29
CVE-2025-11195 Rapid7 AppSpider Project Name Validation Bypass — AppSpider ProCWE-20 3.3 Low2025-09-30
CVE-2025-36857 Rapid7 Appspider Broken Access Control Vulnerability — Appspider ProCWE-276 3.3 Low2025-09-25
CVE-2025-6264 Velociraptor priviledge escalation via UpdateConfig artifact — VelociraptorCWE-276 5.5 Medium2025-06-20
CVE-2025-4951 Rapid7 AppSpider Pro 安全漏洞 — AppSpider ProCWE-79 4.6 Medium2025-05-20
CVE-2025-0914 Velociraptor Shell Plugin Prevent_execve Bypass — VelociraptorCWE-281 3.8 Low2025-02-27
CVE-2024-11401 Rapid7 Insight Platform Privilege Escalation Vulnerability — Insight PlatformCWE-862 8.1 -2024-12-11
CVE-2024-10526 Rapid7 Velociraptor Local Privilege Escalation In Windows Velociraptor Service — VelociraptorCWE-552 7.8AIHighAI2024-11-07
CVE-2024-8042 Rapid7 Insight Platform Unauthorized Empty Group Creation — Insight PlatformCWE-862 2.4 Low2024-09-09
CVE-2024-6504 Rapid7 InsightVM Protection Mechanism Failure — InsightVMCWE-770 4.3 Medium2024-07-18
CVE-2024-3185 Rapid7 Insight Agent Sensitive Key Exposed To Local Users — Insight AgentCWE-1284 6.8 Medium2024-04-23
CVE-2024-0394 Rapid7 Minerva Armor Privilege Escalation — MinervaCWE-862 7.8 High2024-04-03
CVE-2024-2745 Rapid7 InsightVM Sensitive Information Exposure via URL — InsightVMCWE-598 3.3 Low2024-04-02
CVE-2023-5950 Rapid7 Velociraptor Reflected XSS — VelociraptorCWE-79 8.6 High2023-11-06
CVE-2023-2273 Rapid7 Insight Agent Directory Traversal — Insight AgentCWE-22 5.8 Medium2023-04-26
CVE-2023-2226 Velociraptor crashes while parsing some malformed PE or OLE files. — VelociraptorCWE-125 3.3 Low2023-04-21
CVE-2023-1699 Rapid7 Nexpose Forced Browsing — NexposeCWE-425 4.3 Medium2023-03-30
CVE-2021-3844 Rapid7 InsightVM Insufficient Session Expiration — InsightVMCWE-613 5.7 Medium2023-03-24
CVE-2023-1306 Rapid7 InsightCloudSec resource.db() method access — InsightCloudSecCWE-94 8.8 -2023-03-21
CVE-2023-1305 Rapid7 InsightCloudSec box object access — InsightCloudSecCWE-653 8.1 -2023-03-21
CVE-2023-1304 Rapid7 InsightCloudSec getattr() method access — InsightCloudSecCWE-94 8.8 -2023-03-21

This page lists every published CVE security advisory associated with Rapid7. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.