CVE-2026-1568

Rapid7 InsightVM versions before 8.34.0 contain a signature verification issue on the Assertion Consumer Service ACS cloud endpoint that could allow an attacker to gain unauthorized access to InsightVM accounts setup via "Security Console" installations, resulting in full account takeover. The...

Rapid7 InsightVM 安全漏洞

Rapid7 InsightVM is a vulnerability scanning and management application developed by Rapid7, Inc. Versions of Rapid7 InsightVM prior to 8.34.0 contain security vulnerabilities. These vulnerabilities stem from issues with signature verification at the cloud point of the consumer service. As a...

EUVD-2021-27087

Malware in sbrugna...

EUVD-2019-15216

Malware in sbrugna...

EUVD-2019-15190

Malware in sbrugna...

EUVD-2023-12710

Malicious code in bioql PyPI...

EUVD-2024-47588

Malicious code in bioql PyPI...

CVE-2021-3844

Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user account's current session...

CVE-2024-6504

Rapid7 InsightVM Console exposure (CVE-2024-6504) affects versions prior to 6.6.261. The root cause is a protection mechanism failure that allows an attacker with network access to the Console to overload or crash it by sending repeated invalid REST requests to port 443, triggering an exception h...

CVE-2024-6504 Rapid7 InsightVM Protection Mechanism Failure

Rapid7 InsightVM Console versions below 6.6.260 suffer from a protection mechanism failure whereby an attacker with network access to the InsightVM Console can cause it to overload or crash by sending repeated invalid REST requests in a short timeframe, to the Console's port 443 causing the conso...

PT-2024-37675 · Rapid7 · Rapid7 Insightvm Console

Name of the Vulnerable Software and Affected Versions: Rapid7 InsightVM Console versions prior to 6.6.261 Description: The issue is related to a protection mechanism failure, where an attacker with network access can cause the console to overload or crash by sending repeated invalid REST requests...

Rapid7 InsightVM 安全漏洞

Rapid7 InsightVM is a vulnerability scanning and management application from Rapid7 USA. A security vulnerability exists in Rapid7 InsightVM versions prior to 6.6.244. The vulnerability stems from a sensitive information exposure vulnerability on the login page in maintenance mode, whereby when...

Manage Enterprise Risk at Scale with a Unified, Holistic Approach

The rapid pace of technological change and the attendant rise of cyber threats in both speed and number leave most organizations at a disadvantage. Historically, many firms faced this challenge simply by purchasing more technology in the hopes that the latest threat protection software would keep...

CVE-2021-3844

Rapid7 InsightVM is affected by an insufficient session expiration flaw when an administrator performs a security-related edit on an existing, logged-in user. The issue can allow the attacker who originally captured the credentials to remain logged in after the password or related edit, potential...

CVE-2021-3844 Rapid7 InsightVM Insufficient Session Expiration

Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user account's current session...

CVE-2021-3844 Rapid7 InsightVM Insufficient Session Expiration

Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user account's current session...

Rapid7 InsightVM 代码问题漏洞

Rapid7 InsightVM is a vulnerability scanning and management application from Rapid7 USA. Rapid7 InsightVM suffers from a security vulnerability that stems from an insufficient session expiration when an administrator performs security-related edits on an existing logged-in user...

CVE-2023-0681 Rapid7 Nexpose Uncontrolled URL Redirect

Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redirect vulnerability, whereby an attacker has the ability to redirect the user to a site of the attacker’s choice using the ‘page’ parameter of the ‘data/console/redirect’ component of the application. This issue was resolved in t...

Rapid7 InsightVM 输入验证错误漏洞

Rapid7 InsightVM is a vulnerability scanning and management application from Rapid7 USA. A security vulnerability exists in Rapid7 InsightVM version 6.6.178 and earlier, which stems from the presence of an open redirection vulnerability that can be exploited by an attacker to redirect users to a...

CVE-2019-5641 Rapid7 InsightVM Information Disclosure after Logout

Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user...