41 matches found
CVE-2026-6482
The Rapid7 Insight Agent versions 4.1.0.2 is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard...
EUVD-2026-23376
The Rapid7 Insight Agent versions 4.1.0.2 is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard...
CVE-2026-6482
The Rapid7 Insight Agent versions 4.1.0.2 is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard...
CVE-2026-6482 Local Privilege Escalation via OpenSSL configuration file in Insight Agent
The Rapid7 Insight Agent versions 4.1.0.2 is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard...
Rapid7 Insight Agent 安全漏洞
Rapid7 Insight Agent is a lightweight software developed by Rapid7 Corporation in the United States. This software is designed to collect data from IT assets. Versions of Rapid7 Insight Agent starting from 4.1.0.2 contain security vulnerabilities. These vulnerabilities stem from the agent service...
PT-2026-33413
The Rapid7 Insight Agent versions 4.1.0.2 is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard...
EUVD-2026-20505
An eval injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions could theoretically allow an attacker to achieve remote code execution as root via a crafted beacon response. Because the Agent uses mutual TLS mTLS to verify commands from the Rapid7 Platform, it is...
CVE-2026-4837 Eval Injection in Rapid7 Insight Agent
An eval injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions could theoretically allow an attacker to achieve remote code execution as root via a crafted beacon response. Because the Agent uses mutual TLS mTLS to verify commands from the Rapid7 Platform, it is...
CVE-2026-4837
CVE-2026-4837 concerns an eval() injection in the beaconing logic of the Rapid7 Insight Agent for Linux. Reported across multiple sources, it could theoretically allow remote code execution as root via a crafted beacon response. The internal mechanism relies on mutual TLS (mTLS) to verify command...
PT-2026-31327
Name of the Vulnerable Software and Affected Versions Rapid7 Insight Agent versions affected versions not specified Description A flaw exists in the beaconing logic of the Rapid7 Insight Agent for Linux, potentially allowing an attacker to execute code remotely as root through a crafted beacon...
Rapid7 Insight Agent 安全漏洞
Rapid7 Insight Agent is a lightweight software developed by Rapid7 Corporation in the United States. This software is capable of collecting data from IT assets. Rapid7 Insight Agent has a security vulnerability, which stems from an eval function injection, potentially leading to remote code...
EUVD-2019-15204
Malware in sbrugna...
EUVD-2021-33913
Malicious code in bioql PyPI...
EUVD-2023-33779
Malicious code in bioql PyPI...
EUVD-2022-15432
Malicious code in bioql PyPI...
EUVD-2021-33921
Malicious code in bioql PyPI...
Rapid7 Insight Agent 安全漏洞
Rapid7 Insight Agent is a lightweight software from Rapid7 USA. The software is capable of collecting data from IT assets. Rapid7 Insight Agent has a security vulnerability that stems from the use of a key that does not follow the principle of least privilege by default, allowing a local attacker...
CVE-2023-2273
Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write...
Path traversal
Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write...
CVE-2023-2273 Rapid7 Insight Agent Directory Traversal
Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write...