Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Rapid7 — Vulnerabilities & Security Advisories 86

Browse all 86 CVE security advisories affecting Rapid7. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Rapid7 operates primarily as a provider of security analytics and vulnerability management solutions, focusing on helping organizations identify, prioritize, and remediate security risks. Historically, its software products have exhibited vulnerabilities typical of complex enterprise applications, including remote code execution, cross-site scripting, and privilege escalation flaws. These issues often stem from improper input validation or insecure default configurations within its InsightVM and Metasploit frameworks. While the company maintains a robust security posture and actively patches disclosed issues, the high volume of recorded CVEs reflects the extensive attack surface inherent in its comprehensive toolset. Notable incidents have generally been resolved through prompt updates, though the frequency of findings underscores the challenges of securing large-scale, feature-rich security platforms. Continuous monitoring and strict access controls remain critical for mitigating these persistent risks.

Top products by Rapid7: Velociraptor Nexpose Insight Agent AppSpider Pro Metasploit Framework Metasploit Pro InsightVM Metasploit InsightCloudSec AppSpider Insight Platform Komand Metasploit (Pro, Express, and Community editions) Nexpose hardware appliance Nexpose Virtual Appliance Nexpose/InsightVM Security Console InsightAppSec Rapid7 Nexpose Insight Collector Minerva InsightVM/Nexpose Vulnerability Management
CVE IDTitleCVSSSeverityPublished
CVE-2023-0681 Rapid7 Nexpose Uncontrolled URL Redirect — NexposeCWE-601 4.3 Medium2023-03-20
CVE-2023-0599 Rapid7 Metasploit Pro Stored XSS — Metasploit ProCWE-79 6.1 Medium2023-02-01
CVE-2022-3913 Rapid7 Nexpose Certificate Validation Issue — NexposeCWE-295 5.3 Medium2023-02-01
CVE-2023-0290 Rapid7 Velociraptor directory traversal in client ID parameter — VelociraptorCWE-22 4.3 -2023-01-18
CVE-2023-0242 Insufficient permission check in the VQL copy() function — VelociraptorCWE-269 8.8 -2023-01-18
CVE-2017-5242 Rapid7 Nexpose Virtual Appliance Duplicate SSH Host Key — Nexpose Virtual ApplianceCWE-321 7.7 -2023-01-12
CVE-2022-4261 Rapid7 Nexpose Update Validation Issue — NexposeCWE-494 4.4 Medium2022-12-07
CVE-2019-5641 Rapid7 InsightVM Information Disclosure after Logout — InsightVMCWE-200 3.3 Low2022-09-21
CVE-2022-35632 XSS in User Interface — VelociraptorCWE-79 4.8 -2022-07-29
CVE-2022-35631 Filesystem race on temporary files — VelociraptorCWE-377 5.5 -2022-07-29
CVE-2022-35630 Unsafe HTML Injection in Artifact Collection Report — VelociraptorCWE-79 5.4 -2022-07-29
CVE-2022-35629 Velociraptor Client ID Spoofing — VelociraptorCWE-287 4.3 -2022-07-29
CVE-2022-0758 Rapid7 Nexpose Reflected XSS — NexposeCWE-79 3.3 Low2022-03-17
CVE-2022-0757 Rapid7 Nexpose SQL Injection — NexposeCWE-89 5.5 Medium2022-03-17
CVE-2022-0237 Rapid7 Insight Agent Privilege Escalation — Insight AgentCWE-264 4.0 Medium2022-03-17
CVE-2021-4016 Rapid7 Insight Agent Improper Access Control — Insight AgentCWE-284 4.0 Medium2022-01-21
CVE-2021-4007 Rapid7 Insight Agent Privilege Escalation — Insight AgentCWE-427 7.8 High2021-12-14
CVE-2019-5640 Rapid7 Nexpose Information Disclosure after logout — NexposeCWE-200 3.3 Low2021-11-22
CVE-2021-31868 Rapid7 Nexpose Security Console Ticket Access Authentication Vulnerability — NexposeCWE-306 4.3 Medium2021-08-19
CVE-2021-3619 Rapid7 Velociraptor Notebooks Authenticated Persistent XSS — VelociraptorCWE-79 3.5 Low2021-08-17
CVE-2021-3535 Rapid7 Nexpose 跨站脚本漏洞 — Rapid7 NexposeCWE-79 4.3 Medium2021-06-16
CVE-2020-7385 Metasploit Framework 'drb_remote_codeexec' code execution — Metasploit FrameworkCWE-502 8.1 High2021-04-23
CVE-2020-7384 Client-Side Command Injection in Rapid7 Metasploit — MetasploitCWE-77 7.0 High2020-10-29
CVE-2020-7383 SQL Injection in Rapid7 Nexpose — NexposeCWE-89 6.5 Medium2020-10-14
CVE-2020-7358 Code Injection in Rapid7 AppSpider Pro Installer — AppSpiderCWE-427 5.8 Medium2020-09-18
CVE-2020-7382 Unquoted Path in Rapid7 Nexpose Installer — NexposeCWE-428 6.8 Medium2020-09-03
CVE-2020-7381 Code Injection in Rapid7 Nexpose Installer — NexposeCWE-94 5.8 Medium2020-09-03
CVE-2019-5645 Rapid7 Metasploit HTTP Handler Denial of Service — Metasploit FrameworkCWE-400 7.5 High2020-09-01
CVE-2020-7376 Rapid7 Metasploit Framework Relative Path Traversal in enum_osx module — Metasploit FrameworkCWE-23 7.1 High2020-08-24
CVE-2020-7377 Rapid7 Metasploit Framework Relative Path Traversal in telpho10_credential_dump module — Metasploit FrameworkCWE-23 8.1 High2020-08-24

This page lists every published CVE security advisory associated with Rapid7. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.