Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Rapid7 — Vulnerabilities & Security Advisories 86

Browse all 86 CVE security advisories affecting Rapid7. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Rapid7 operates primarily as a provider of security analytics and vulnerability management solutions, focusing on helping organizations identify, prioritize, and remediate security risks. Historically, its software products have exhibited vulnerabilities typical of complex enterprise applications, including remote code execution, cross-site scripting, and privilege escalation flaws. These issues often stem from improper input validation or insecure default configurations within its InsightVM and Metasploit frameworks. While the company maintains a robust security posture and actively patches disclosed issues, the high volume of recorded CVEs reflects the extensive attack surface inherent in its comprehensive toolset. Notable incidents have generally been resolved through prompt updates, though the frequency of findings underscores the challenges of securing large-scale, feature-rich security platforms. Continuous monitoring and strict access controls remain critical for mitigating these persistent risks.

Found 9 results / 86Clear Filters
Top products by Rapid7: Velociraptor Nexpose Insight Agent AppSpider Pro Metasploit Framework Metasploit Pro InsightVM Metasploit InsightCloudSec AppSpider Insight Platform Komand Metasploit (Pro, Express, and Community editions) Nexpose hardware appliance Nexpose Virtual Appliance Nexpose/InsightVM Security Console InsightAppSec Rapid7 Nexpose Insight Collector Minerva InsightVM/Nexpose Vulnerability Management
CVE IDTitleCVSSSeverityPublished
CVE-2026-6482 Local Privilege Escalation via OpenSSL configuration file in Insight Agent — Insight AgentCWE-829 7.8AIHighAI2026-04-17
CVE-2026-4482 Insight Agent Private Key Information Disclosure via Inherited File Permissions — Insight AgentCWE-732 7.1 -2026-04-10
CVE-2026-4837 Eval Injection in Rapid7 Insight Agent — Insight AgentCWE-95 6.6 Medium2026-04-08
CVE-2024-3185 Rapid7 Insight Agent Sensitive Key Exposed To Local Users — Insight AgentCWE-1284 6.8 Medium2024-04-23
CVE-2023-2273 Rapid7 Insight Agent Directory Traversal — Insight AgentCWE-22 5.8 Medium2023-04-26
CVE-2022-0237 Rapid7 Insight Agent Privilege Escalation — Insight AgentCWE-264 4.0 Medium2022-03-17
CVE-2021-4016 Rapid7 Insight Agent Improper Access Control — Insight AgentCWE-284 4.0 Medium2022-01-21
CVE-2021-4007 Rapid7 Insight Agent Privilege Escalation — Insight AgentCWE-427 7.8 High2021-12-14
CVE-2019-5629 Rapid7 Insight Agent 权限许可和访问控制问题漏洞 — Insight AgentCWE-427 8.4 -2019-07-13

This page lists every published CVE security advisory associated with Rapid7. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.