rapid7

Top products

The 15 most recently published vulnerabilities affecting rapid7.

• CVE-2026-8795A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in client_info.json inside a collection ZIP is in...7.8Jun 9, 2026
• CVE-2026-6863HTTP Filestore Endpoints Misapply Permissions Across Organizations6.8May 6, 2026
• CVE-2026-7572Velociraptor EVTX Parser — Process Crash via Crafted .evtx File4.4May 6, 2026
• CVE-2026-7573GetUserRoles API endpoint allows any authenticated user to enumerate ACL policies across all organizations5.0May 6, 2026
• CVE-2026-6948Unbounded Memory Allocation in VQLResponse Result-Set Writer4.9May 3, 2026
• CVE-2026-6482Local Privilege Escalation via OpenSSL configuration file in Insight Agent7.8Apr 17, 2026
• CVE-2026-6290Velociraptor Query() Plugin Misapplies Permissions To Orgs8.0Apr 15, 2026
• CVE-2026-4482Insight Agent Private Key Information Disclosure via Inherited File Permissions5.5Apr 10, 2026
• CVE-2026-5329Rapid7 Velociraptor Improper Input Validation in Client Message Handler8.5Apr 9, 2026
• CVE-2026-4837Eval Injection in Rapid7 Insight Agent6.6Apr 8, 2026
• CVE-2026-1568Rapid7 InsightVM Signature Validation Vulnerability9.6Feb 3, 2026
• CVE-2025-14728Rapid7 Velociraptor Directory Traversal Vulnerability6.8Dec 29, 2025
• CVE-2025-11195Rapid7 AppSpider Project Name Validation Bypass3.3Sep 30, 2025
• CVE-2025-36857Rapid7 Appspider Broken Access Control Vulnerability3.3Sep 25, 2025
• CVE-2025-6264Velociraptor priviledge escalation via UpdateConfig artifact5.5Jun 20, 2025