CVE-2026-7373

Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows a user to gain SYSTEM level control of a Windows host. When started the metasploitPostgreSQL service would start the postgres.exe child process which would in turn load an OpenSSL configuration file from a stat...

EUVD-2026-30498

Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the metasploitPostgreSQL service the subsequent postgres.exe service attempts to load an OpenSSL configuration file from a non-existent directo...

EUVD-2020-28481

Malware in sbrugna...

EUVD-2020-28482

Malware in sbrugna...

EUVD-2023-12637

Malicious code in bioql PyPI...

CVE-2023-0599

Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another...

CVE-2023-0599 Rapid7 Metasploit Pro Stored XSS

Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another...

Rapid7 Metasploit Pro 跨站脚本漏洞

Rapid7 Metasploit Pro is a suite of penetration testing software from the US-based Rapid7. A security vulnerability exists in Rapid7 Metasploit Pro 4.21.2 and prior versions, which stems from insufficient JavaScript request string cleanup, and can be exploited by an attacker to execute HTML and...

Rapid7 Metasploit Pro Cross-Site Scripting Vulnerability (CNVD-2021-39049)

Rapid7 Metasploit Pro is a suite of penetration testing software from the US company Rapid7. A cross-site scripting vulnerability exists in Rapid7 Metasploit Pro. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this...

Rapid7 Metasploit Pro Cross-Site Scripting Vulnerability

Rapid7 Metasploit Pro is a suite of penetration testing software from the US company Rapid7. A cross-site scripting vulnerability exists in Rapid7 Metasploit Pro. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this...

CVE-2020-7354

Cross-site Scripting XSS vulnerability in the 'host' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target to store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record...

Cross site scripting

Cross-site Scripting XSS vulnerability in the 'notes' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record o...

Cross site scripting

Cross-site Scripting XSS vulnerability in the 'host' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target to store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record...

CVE-2020-7355

CVE-2020-7355 is a stored XSS vulnerability in Rapid7 Metasploit Pro’s discovered scan asset notes field. The issue allows an attacker to inject a script via a specially crafted network service, triggering when a user views the scanned host record in the Metasploit Pro interface. Affected: Metasp...

CVE-2019-5642

Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to...

Design/Logic Flaw

Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to...

Rapid7 Cross-Site Request Forgery Vulnerability

Rapid7 Metasploit Pro is a suite of penetration testing software from the US company Rapid7. A cross-site request forgery vulnerability exists in the Web UI in versions prior to Rapid7 Metasploit 4.14.1-20170828. A remote attacker could exploit this vulnerability to cause a denial of service forc...

Rapid7 Metasploit Pro DLL Loading Remote Code Execution Vulnerability

Metasploit Pro is a powerful guided penetration testing platform. A DLL loading remote code execution vulnerability exists in Rapid7 Metasploit Pro prior version 4.13.0-2017022101, which can be exploited by a remote attacker to execute arbitrary code in the context of an affected application...