Rapid7 Velociraptor < 0.74.3 Privilege Escalation

The version of Rapid7 Velociraptor installed on the remote host is prior to 0.74.3. It is, therefore, affected by privilege escalation vulnerability: - Velociraptor allows collection of VQL queries packaged into Artifacts from endpoints. These artifacts can be used to do anything and usually run...

Rapid7 Velociraptor Incorrect Default Permissions Vulnerability

Rapid7 Velociraptor contains an incorrect default permissions vulnerability that can lead to arbitrary command execution and endpoint takeover. To successfully exploit this vulnerability the user must already have access to collect artifacts from the endpoint...

SUSE CVE-2025-6264

Velociraptor allows collection of VQL queries packaged into Artifacts from endpoints. These artifacts can be used to do anything and usually run with elevated permissions. To limit access to some dangerous artifact, Velociraptor allows for those to require high permissions like EXECVE to launch...

Velociraptor vulnerable to privilege escalation via UpdateConfig artifact

Velociraptor allows collection of VQL queries packaged into Artifacts from endpoints. These artifacts can be used to do anything and usually run with elevated permissions. To limit access to some dangerous artifact, Velociraptor allows for those to require high permissions like EXECVE to launch...

GHSA-GPFC-MPH4-QM24 Velociraptor vulnerable to privilege escalation via UpdateConfig artifact

Velociraptor allows collection of VQL queries packaged into Artifacts from endpoints. These artifacts can be used to do anything and usually run with elevated permissions. To limit access to some dangerous artifact, Velociraptor allows for those to require high permissions like EXECVE to launch...

CVE-2025-6264

Velociraptor allows collection of VQL queries packaged into Artifacts from endpoints. These artifacts can be used to do anything and usually run with elevated permissions. To limit access to some dangerous artifact, Velociraptor allows for those to require high permissions like EXECVE to launch...

CVE-2025-6264

Velociraptor allows collection of VQL queries packaged into Artifacts from endpoints. These artifacts can be used to do anything and usually run with elevated permissions. To limit access to some dangerous artifact, Velociraptor allows for those to require high permissions like EXECVE to launch...

Velociraptor 安全漏洞

Velociraptor is a Velocidex open source tool for collecting host-based state information using Velociraptor Query Language VQL queries. A security vulnerability exists in Velociraptor that stems from the failure of the Admin.Client.UpdateClientConfig artifact to enforce additional privileges, whi...

PT-2025-26266

Name of the Vulnerable Software and Affected Versions Velociraptor affected versions not specified Description The issue concerns the Velociraptor's artifact collection feature, which allows users to collect and execute VQL queries packaged into artifacts from endpoints. These artifacts typically...

CVE-2024-23724: Ghost CMS Stored XSS Leading to Owner Takeover

The post CVE-2024-23724: Ghost CMS Stored XSS Leading to Owner Takeover appeared first on Rhino Security Labs...

DarkGate: New password stealer & cryptomining malware hits Windows devices

By Waqas "DarkGate" malware uses Akamai, AWS DNS records and multiple payloads for cryptomining, credential theft and endpoint takeover. A sophisticated malware campaign has been identified by an enSilo researcher that hasn’t been detected before and is quite advanced than many of the malware...