Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Rapid7 — Vulnerabilities & Security Advisories 87

Browse all 87 CVE security advisories affecting Rapid7. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Rapid7 operates primarily as a provider of security analytics and vulnerability management solutions, focusing on helping organizations identify, prioritize, and remediate security risks. Historically, its software products have exhibited vulnerabilities typical of complex enterprise applications, including remote code execution, cross-site scripting, and privilege escalation flaws. These issues often stem from improper input validation or insecure default configurations within its InsightVM and Metasploit frameworks. While the company maintains a robust security posture and actively patches disclosed issues, the high volume of recorded CVEs reflects the extensive attack surface inherent in its comprehensive toolset. Notable incidents have generally been resolved through prompt updates, though the frequency of findings underscores the challenges of securing large-scale, feature-rich security platforms. Continuous monitoring and strict access controls remain critical for mitigating these persistent risks.

Found 17 results / 87Clear Filters
Top products by Rapid7: Velociraptor Nexpose Insight Agent AppSpider Pro Metasploit Pro Metasploit Framework InsightVM Metasploit InsightCloudSec AppSpider Insight Platform Komand Metasploit (Pro, Express, and Community editions) Nexpose hardware appliance Nexpose Virtual Appliance Nexpose/InsightVM Security Console InsightAppSec Rapid7 Nexpose Insight Collector Minerva InsightVM/Nexpose Vulnerability Management
CVE IDTitleCVSSSeverityPublished
CVE-2026-6863 HTTP Filestore Endpoints Misapply Permissions Across Organizations — VelociraptorCWE-863 6.8 Medium2026-05-06
CVE-2026-6948 Unbounded Memory Allocation in VQLResponse Result-Set Writer — VelociraptorCWE-770 4.9 Medium2026-05-03
CVE-2026-6290 Velociraptor Query() Plugin Misapplies Permissions To Orgs — VelociraptorCWE-863 8.0 High2026-04-15
CVE-2026-5329 Rapid7 Velociraptor Improper Input Validation in Client Message Handler — VelociraptorCWE-20 8.5 High2026-04-09
CVE-2025-14728 Rapid7 Velociraptor Directory Traversal Vulnerability — VelociraptorCWE-22 6.8 Medium2025-12-29
CVE-2025-6264 Velociraptor priviledge escalation via UpdateConfig artifact — VelociraptorCWE-276 5.5 Medium2025-06-20
CVE-2025-0914 Velociraptor Shell Plugin Prevent_execve Bypass — VelociraptorCWE-281 3.8 Low2025-02-27
CVE-2024-10526 Rapid7 Velociraptor Local Privilege Escalation In Windows Velociraptor Service — VelociraptorCWE-552 7.8AIHighAI2024-11-07
CVE-2023-5950 Rapid7 Velociraptor Reflected XSS — VelociraptorCWE-79 8.6 High2023-11-06
CVE-2023-2226 Velociraptor crashes while parsing some malformed PE or OLE files. — VelociraptorCWE-125 3.3 Low2023-04-21
CVE-2023-0290 Rapid7 Velociraptor directory traversal in client ID parameter — VelociraptorCWE-22 4.3 -2023-01-18
CVE-2023-0242 Insufficient permission check in the VQL copy() function — VelociraptorCWE-269 8.8 -2023-01-18
CVE-2022-35632 XSS in User Interface — VelociraptorCWE-79 4.8 -2022-07-29
CVE-2022-35631 Filesystem race on temporary files — VelociraptorCWE-377 5.5 -2022-07-29
CVE-2022-35630 Unsafe HTML Injection in Artifact Collection Report — VelociraptorCWE-79 5.4 -2022-07-29
CVE-2022-35629 Velociraptor Client ID Spoofing — VelociraptorCWE-287 4.3 -2022-07-29
CVE-2021-3619 Rapid7 Velociraptor Notebooks Authenticated Persistent XSS — VelociraptorCWE-79 3.5 Low2021-08-17

This page lists every published CVE security advisory associated with Rapid7. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.