Lucene search
K

21 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-14345

Malware in sbrugna...

7.5CVSS7.6AI score0.01028EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-14338

Malware in sbrugna...

7.8CVSS7.6AI score0.00875EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-14341

Malware in sbrugna...

7.8CVSS7.7AI score0.0093EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-15823

Malicious code in bioql PyPI...

4.6CVSS6.6AI score0.00159EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/01 6:25 p.m.6 views

CVE-2025-11195

Rapid7 AppSpider Pro versions below 7.5.021 suffer from a project name validation vulnerability, whereby an attacker can change the project name directly in the configuration file to a name that already exists. This issue stems from a lack of effective verification of the uniqueness of project...

3.3CVSS6.8AI score0.00084EPSS
Exploits0References1
CVE
CVE
added 2025/09/25 2:41 p.m.14 views

CVE-2025-36857

CVE-2025-36857 — Rapid7 Appspider Pro versions prior to 7.5.021 suffer a broken access control in the configuration file loading mechanism. The issue allows a standard user to place custom configuration files in other users’ or projects’ directories, and since files are loaded in alphabetical ord...

3.3CVSS6.4AI score0.00118EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/25 12:0 a.m.6 views

PT-2025-39395

Name of the Vulnerable Software and Affected Versions Rapid7 Appspider Pro versions prior to 7.5.021 Description The application has a broken access control issue in how it loads configuration files. Standard users can add custom configuration files, which are loaded alphabetically and can overri...

3.3CVSS6.6AI score0.00118EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/22 9:5 a.m.9 views

CVE-2025-4951

Editions of Rapid7 AppSpider Pro before version 7.5.018 is vulnerable to a stored cross-site scripting vulnerability in the "ScanName" field. Despite the application preventing the inclusion of special characters within the "ScanName" field, this could be bypassed by modifying the configuration...

4.6CVSS5.8AI score0.00159EPSS
Exploits0References1
NVD
NVD
added 2025/05/20 9:15 a.m.14 views

CVE-2025-4951

Editions of Rapid7 AppSpider Pro before version 7.5.018 is vulnerable to a stored cross-site scripting vulnerability in the "ScanName" field. Despite the application preventing the inclusion of special characters within the "ScanName" field, this could be bypassed by modifying the configuration...

4.6CVSS0.00159EPSS
Exploits0References1
CVE
CVE
added 2025/05/20 8:39 a.m.36 views

CVE-2025-4951

CVE-2025-4951 affects Rapid7 AppSpider Pro prior to version 7.5.018. A stored cross-site scripting vulnerability exists in the ScanName field; the app prevents special characters but this can be bypassed by directly modifying the configuration file. Impact described: stored XSS risk in ScanName w...

4.6CVSS5.8AI score0.00159EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/20 8:39 a.m.9 views

CVE-2025-4951

Editions of Rapid7 AppSpider Pro before version 7.5.018 is vulnerable to a stored cross-site scripting vulnerability in the "ScanName" field. Despite the application preventing the inclusion of special characters within the "ScanName" field, this could be bypassed by modifying the configuration...

4.6CVSS4.4AI score0.00159EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/20 8:39 a.m.22 views

CVE-2025-4951

Editions of Rapid7 AppSpider Pro before version 7.5.018 is vulnerable to a stored cross-site scripting vulnerability in the "ScanName" field. Despite the application preventing the inclusion of special characters within the "ScanName" field, this could be bypassed by modifying the configuration...

4.6CVSS0.00159EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/20 12:0 a.m.10 views

Rapid7 AppSpider Pro 安全漏洞

Rapid7 AppSpider Pro is a dynamic application security testing solution from Rapid7, Inc. that allows you to scan Web and mobile applications for vulnerabilities. A security vulnerability exists in Rapid7 AppSpider Pro versions prior to 7.5.018, which stems from a ScanName field stored cross-site...

4.6CVSS6.4AI score0.00159EPSS
Exploits0References1
CNVD
CNVD
added 2017/05/16 12:0 a.m.4 views

Rapid7 AppSpider Pro 'FLAnalyzer.exe' Buffer Overflow Vulnerability

AppSpider is a DAST solution designed to help application security personnel test applications as part of DevOps and as part of a scheduled scanning program. A buffer overflow vulnerability in the FLAnalyzer.exe component of Rapid7 AppSpider Pro can be exploited by an attacker to cause a denial o...

7.5CVSS7.2AI score0.01028EPSS
Exploits0References1
CNVD
CNVD
added 2017/05/16 12:0 a.m.4 views

Rapid7 AppSpider Pro DLL Preloading Vulnerability (CNVD-2017-10390)

AppSpider is a DAST solution designed to help application security personnel test applications as part of DevOps and as part of a scheduled scanning program. A DLL preloading vulnerability exists in the Rapid7 AppSpider Pro installer, which can be exploited by an attacker to load a malicious DLL...

7.8CVSS6.9AI score0.0093EPSS
Exploits0References1
NVD
NVD
added 2017/05/03 4:59 p.m.20 views

CVE-2017-5240

Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component. A malicious or malformed Flash source file can cause a denial of service condition when parsed by this component, causing the application to crash...

7.5CVSS7.7AI score0.01028EPSS
Exploits0References1
NVD
NVD
added 2017/05/03 4:59 p.m.18 views

CVE-2017-5236

Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer...

7.8CVSS7.6AI score0.0093EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/05/03 4:0 p.m.23 views

CVE-2017-5240

Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component. A malicious or malformed Flash source file can cause a denial of service condition when parsed by this component, causing the application to crash...

7.7AI score0.01028EPSS
Exploits0References1
CVE
CVE
added 2017/05/03 4:0 p.m.49 views

CVE-2017-5236

Rapid7 AppSpider Pro installers prior to version 6.14.060 are affected by a DLL preloading vulnerability. The installer can load a malicious DLL from its current working directory, enabling tampering during installation. CNVD-2017-10390 confirms this flaw; CVE-2017-5236 notes the affected pre-6.1...

7.8CVSS7.5AI score0.0093EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2017/03/02 8:59 p.m.16 views

Code injection

Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer...

6.8CVSS7.5AI score0.00875EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder