Vulnerabilidades en Rapid7
100 resultadosCVE-2016-9757—In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user interface, any authenticated user who has the capability to create tags caEPSS 0.6%CVE-2018-5559LOWIn Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always encrypted-at-rest connection data could returnEPSS 0.6%CVE-2021-3535MEDIUMRapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console's Filtered Asset Search fEPSS 0.6%CVE-2021-3619LOWRapid7 Velociraptor Notebooks Authenticated Persistent XSSEPSS 0.6%CVE-2026-8660HIGHOS Command Injection in Rapid7 InsightConnect Ping PluginEPSS 0.6%CVE-2026-8592HIGHOS Command Injection in Rapid7 InsightConnect AWK PluginEPSS 0.6%CVE-2026-8666HIGHOS Command Injection in Rapid7 InsightConnect Traceroute PluginEPSS 0.6%CVE-2026-8665HIGHOS Command Injection in Rapid7 InsightConnect Translate PluginEPSS 0.6%CVE-2023-0242HIGHInsufficient permission check in the VQL copy() functionEPSS 0.5%CVE-2019-5640LOWRapid7 Nexpose Information Disclosure after logoutEPSS 0.5%CVE-2017-5243—The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key excEPSS 0.5%CVE-2021-31868MEDIUMRapid7 Nexpose Security Console Ticket Access Authentication VulnerabilityEPSS 0.5%CVE-2025-14728MEDIUMRapid7 Velociraptor Directory Traversal VulnerabilityEPSS 0.5%CVE-2023-5950HIGHRapid7 Velociraptor Reflected XSS EPSS 0.5%CVE-2022-0237MEDIUMRapid7 Insight Agent Privilege EscalationEPSS 0.5%CVE-2023-1699MEDIUMRapid7 Nexpose Forced BrowsingEPSS 0.4%CVE-2026-5329HIGHRapid7 Velociraptor Improper Input Validation in Client Message HandlerEPSS 0.4%CVE-2022-35630—Unsafe HTML Injection in Artifact Collection ReportEPSS 0.4%CVE-2022-35632—XSS in User InterfaceEPSS 0.4%CVE-2026-4837MEDIUMEval Injection in Rapid7 Insight AgentEPSS 0.4%