Rapid7 Completes BSI C5 Type 2 Examination: Stronger Cloud Security for DACH Organizations

If you're a security leader operating in Germany, Austria, or Switzerland, you already know that compliance isn't a checkbox. It's a competitive differentiator. Rapid7 has completed BSI C5 Type 2 attestation for the Rapid7 Command Platform, including Threat Command, and it's a milestone worth...

CVE-2026-2668

A vulnerability was found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This affects an unknown function of the file /dm/dispatch/user/add of the component User Handler. The manipulation results in improper access controls. The attack may be launched remotely. The...

CVE-2026-2667 Rongzhitong Visual Integrated Command and Dispatch Platform api access control

A vulnerability has been found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. The impacted element is an unknown function of the file /dispatch/api?cmd=userinfo. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit h...

Defend Smarter, Not Harder: The Power of Curated Vulnerability Intelligence

Let’s be honest, we as an industry spend far too long responding to issues that simply don’t matter. Chasing down false positives, reviewing threat intelligence reports that bear no relation to our sector, and more recently reviewing vulnerability advisories of systems not deployed within the...

Rapid7: 7 years of recognition in Gartner® Magic Quadrant™ for SIEM

We’re proud to share that Rapid7 has been recognized in the 2025 Gartner Magic Quadrant for Security Information and Event Management SIEM. This is the seventh year we have been positioned in this report, which means we’ve been recognized in every report following the launch of our SIEM offering,...

EUVD-2024-32295

Malicious code in bioql PyPI...

CVE-2024-3720

A vulnerability has been found in Tianwell Fire Intelligent Command Platform 1.1.1.1 and classified as critical. This vulnerability affects unknown code of the file /mfsNotice/page of the component API Interface. The manipulation of the argument gsdwid leads to sql injection. The attack can be...

What’s New in Rapid7 Products & Services: Q4 2024 in Review

This quarter at Rapid7 we continued to make investments across our Command Platform to provide security professionals with a holistic, actionable view of their entire attack surface - from Exposure Management to Detection and Response. Below, we’ve highlighted key releases and updates from the...

What’s New in Rapid7 Products & Services: Q3 2024 in Review

This was one of the most exciting quarters at Rapid7 as we announced the next chapter in our mission to give customers command of their attack surface: the Rapid7 Command Platform, our unified threat exposure and detection and response platform. With this, we introduced two exciting new products:...

Rapid7 Recognized in Forrester’s 2024 Attack Surface Management (ASM) Wave Report

This week, Rapid7 was recognized as a Contender in Forrester’s report, The Forrester WaveTM: Attack Surface Management ASM Solutions Q3 2024. We’re proud to have been selected for inclusion in the report, which to us reflects a continued dedication to enabling customers to: Monitor 100% of their...

Introducing the Rapid7 Command Platform

Integrated Security Operations for the Next-Generation Attack Surface As cybercrime and attack surfaces have sprawled, Rapid7 has been able to grow with our customers because we are relentlessly focused on relevance. The way we see it, relevance doesn’t mean aligning to market definitions of...

CVE-2024-3720

A vulnerability has been found in Tianwell Fire Intelligent Command Platform 1.1.1.1 and classified as critical. This vulnerability affects unknown code of the file /mfsNotice/page of the component API Interface. The manipulation of the argument gsdwid leads to sql injection. The attack can be...

CVE-2024-3720 Tianwell Fire Intelligent Command Platform API Interface page sql injection

A vulnerability has been found in Tianwell Fire Intelligent Command Platform 1.1.1.1 and classified as critical. This vulnerability affects unknown code of the file /mfsNotice/page of the component API Interface. The manipulation of the argument gsdwid leads to sql injection. The attack can be...

CVE-2024-3720

The CVE-2024-3720 entry details a SQL injection in Tianwell Fire Intelligent Command Platform (version 1.1.1.1) affecting the API Interface component via the /mfsNotice/page path. The root cause is manipulation of the gsdwid parameter, enabling remote exploitation and data exposure/impact as desc...

CVE-2024-3720 Tianwell Fire Intelligent Command Platform API Interface page sql injection

A vulnerability has been found in Tianwell Fire Intelligent Command Platform 1.1.1.1 and classified as critical. This vulnerability affects unknown code of the file /mfsNotice/page of the component API Interface. The manipulation of the argument gsdwid leads to sql injection. The attack can be...

Tianwell Fire Intelligent Command Platform 安全漏洞

Tianwell Fire Intelligent Command Platform is a firefighting intelligent command platform from Tianwell, China. A security vulnerability exists in Tianwell Fire Intelligent Command Platform version 1.1.1.1, which stems from an incorrect operation of the parameter gsdwid that can lead to SQL...

Information leakage vulnerability in the integrated management platform for synthetic command and operations

Ltd. was founded in 2011, is one of the manufacturers of police equipment and commercial display systems in China. An information leakage vulnerability exists in the synthetic command and operations integrated management platform, which can be exploited by attackers to obtain sensitive informatio...