Lucene search
K

31 matches found

CNNVD
CNNVD
added 2026/04/09 12:0 a.m.9 views

Rapid7 Velociraptor 安全漏洞

Rapid7 Velociraptor is a digital forensics and incident response platform provided by Rapid7, Inc. Versions of Rapid7 Velociraptor prior to 0.76.2 contained security vulnerabilities. These vulnerabilities stemmed from improper input validation in the client monitoring message processor running on...

8.5CVSS6.1AI score0.0046EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/29 12:0 a.m.7 views

Rapid7 Velociraptor 安全漏洞

Rapid7 Velociraptor is a digital forensics and incident response platform from US-based Rapid7. A security vulnerability exists in Rapid7 Velociraptor versions prior to 0.75.6 that stems from insufficient directory name cleanup on Linux servers, which could lead to directory traversal and file...

6.8CVSS5.8AI score0.00471EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.6 views

Rapid7 Velociraptor Installed (macOS)

Binary data rapid7velociraptormacosinstalled.nbin...

7AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/11/04 12:0 a.m.8 views

Rapid7 Velociraptor Installed (Windows)

Binary data rapid7velociraptorwininstalled.nbin...

7AI score
Exploits0References1
CISA
CISA
added 2025/10/22 12:0 p.m.166 views

CISA Adds Five Known Exploited Vulnerabilities to Catalog

Updated October 22, 2025 CISA is continually collaborating with partners across government and the private sector. Through this collaboration, CISA has determined that CVE-2025-6264 has not been exploited and there is insufficient evidence to keep this CVE on the KEV and that the best course of...

10CVSS9.7AI score0.1938EPSS
Exploits6References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2023-0385

Malicious code in bioql PyPI...

4.3CVSS4.9AI score0.00744EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-33163

Malicious code in bioql PyPI...

8.6CVSS6.6AI score0.00165EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:6 a.m.10 views

CVE-2023-5950

Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user's web browser. This vulnerability is fixed in...

8.6CVSS6.1AI score0.00465EPSS
Exploits0References1
NVD
NVD
added 2024/11/07 11:15 a.m.16 views

CVE-2024-10526

Rapid7 Velociraptor MSI Installer versions below 0.73.3 suffer from a vulnerability whereby it creates the installation directory with WRITEDACL permission to the BUILTIN\Users group. This allows local users who are not administrators to grant themselves the Full Control permission on...

8.6CVSS0.00165EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/07 10:18 a.m.21 views

CVE-2024-10526 Rapid7 Velociraptor Local Privilege Escalation In Windows Velociraptor Service

Rapid7 Velociraptor MSI Installer versions below 0.73.3 suffer from a vulnerability whereby it creates the installation directory with WRITEDACL permission to the BUILTIN\Users group. This allows local users who are not administrators to grant themselves the Full Control permission on...

8.6CVSS0.00165EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/07 12:0 a.m.3 views

Rapid7 Velociraptor MSI Installer 安全漏洞

Rapid7 Velociraptor MSI Installer is a unique, advanced, open source endpoint monitoring, digital forensics, and cyber response platform from Rapid7 USA. A security vulnerability exists in Rapid7 Velociraptor MSI Installer prior to version 0.73.3 that originates from the execution of arbitrary co...

8.6CVSS7.2AI score0.00165EPSS
Exploits0References1
Rapid7 Blog
Rapid7 Blog
added 2023/11/10 6:56 p.m.37 views

CVE-2023-5950 Rapid7 Velociraptor Reflected XSS

This advisory covers a specific issue identified in Velociraptor and disclosed by a security code review. We want to thank Mathias Kujala for working with the Velociraptor team to identify and rectify this issue. It has been fixed as of Version 0.7.0-4, released November 6, 2023. CVSS · HIGH ·...

5.8CVSS6.8AI score0.00465EPSS
Exploits0
NVD
NVD
added 2023/11/06 3:15 p.m.20 views

CVE-2023-5950

Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user's web browser. This vulnerability is fixed...

8.6CVSS8.2AI score0.00465EPSS
Exploits0References1
Prion
Prion
added 2023/11/06 3:15 p.m.20 views

Cross site scripting

Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user's web browser. This vulnerability is fixed...

5.8CVSS6.4AI score0.00465EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/06 2:30 p.m.13 views

CVE-2023-5950 Rapid7 Velociraptor Reflected XSS

Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user's web browser. This vulnerability is fixed...

8.6CVSS6.1AI score0.00465EPSS
Exploits0References1
CVE
CVE
added 2023/11/06 2:30 p.m.85 views

CVE-2023-5950

CVE-2023-5950 – Rapid7 Velociraptor : Reported as a reflected cross-site scripting vulnerability in Velociraptor versions prior to 0.7.0-4, enabling attackers to inject JS via the error path. A fix is available in version 0.7.0-04, with patches also provided for 0.6.9 (0.6.9-1). Several connected...

8.6CVSS6.9AI score0.00465EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/11/06 2:30 p.m.26 views

CVE-2023-5950 Rapid7 Velociraptor Reflected XSS

Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user's web browser. This vulnerability is fixed...

8.6CVSS8.4AI score0.00465EPSS
Exploits0References1
OSV
OSV
added 2023/11/06 2:30 p.m.15 views

CVE-2023-5950 Rapid7 Velociraptor Reflected XSS

Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user's web browser. This vulnerability is fixed...

8.6CVSS6.4AI score0.00465EPSS
Exploits0References3
Prion
Prion
added 2023/04/21 12:15 p.m.16 views

Input validation

Due to insufficient validation in the PE and OLE parsers in Rapid7's Velociraptor versions earlier than 0.6.8 allows attacker to crash Velociraptor during parsing of maliciously malformed files. For this attack to succeed, the attacker needs to be able to introduce malicious files to the system a...

5CVSS5.2AI score0.00384EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/19 12:30 a.m.24 views

Velociraptor subject to Path Traversal

Rapid7 Velociraptor did not properly sanitize the client ID parameter to the CreateCollection API, allowing a directory traversal in where the collection task could be written. It was possible to provide a client id of "../clients/server" to schedule the collection for the server as a server...

4.3CVSS5AI score0.00744EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder