31 matches found
Rapid7 Velociraptor 安全漏洞
Rapid7 Velociraptor is a digital forensics and incident response platform provided by Rapid7, Inc. Versions of Rapid7 Velociraptor prior to 0.76.2 contained security vulnerabilities. These vulnerabilities stemmed from improper input validation in the client monitoring message processor running on...
Rapid7 Velociraptor 安全漏洞
Rapid7 Velociraptor is a digital forensics and incident response platform from US-based Rapid7. A security vulnerability exists in Rapid7 Velociraptor versions prior to 0.75.6 that stems from insufficient directory name cleanup on Linux servers, which could lead to directory traversal and file...
Rapid7 Velociraptor Installed (macOS)
Binary data rapid7velociraptormacosinstalled.nbin...
Rapid7 Velociraptor Installed (Windows)
Binary data rapid7velociraptorwininstalled.nbin...
CISA Adds Five Known Exploited Vulnerabilities to Catalog
Updated October 22, 2025 CISA is continually collaborating with partners across government and the private sector. Through this collaboration, CISA has determined that CVE-2025-6264 has not been exploited and there is insufficient evidence to keep this CVE on the KEV and that the best course of...
EUVD-2023-0385
Malicious code in bioql PyPI...
EUVD-2024-33163
Malicious code in bioql PyPI...
CVE-2023-5950
Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user's web browser. This vulnerability is fixed in...
CVE-2024-10526
Rapid7 Velociraptor MSI Installer versions below 0.73.3 suffer from a vulnerability whereby it creates the installation directory with WRITEDACL permission to the BUILTIN\Users group. This allows local users who are not administrators to grant themselves the Full Control permission on...
CVE-2024-10526 Rapid7 Velociraptor Local Privilege Escalation In Windows Velociraptor Service
Rapid7 Velociraptor MSI Installer versions below 0.73.3 suffer from a vulnerability whereby it creates the installation directory with WRITEDACL permission to the BUILTIN\Users group. This allows local users who are not administrators to grant themselves the Full Control permission on...
Rapid7 Velociraptor MSI Installer 安全漏洞
Rapid7 Velociraptor MSI Installer is a unique, advanced, open source endpoint monitoring, digital forensics, and cyber response platform from Rapid7 USA. A security vulnerability exists in Rapid7 Velociraptor MSI Installer prior to version 0.73.3 that originates from the execution of arbitrary co...
CVE-2023-5950 Rapid7 Velociraptor Reflected XSS
This advisory covers a specific issue identified in Velociraptor and disclosed by a security code review. We want to thank Mathias Kujala for working with the Velociraptor team to identify and rectify this issue. It has been fixed as of Version 0.7.0-4, released November 6, 2023. CVSS · HIGH ·...
CVE-2023-5950
Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user's web browser. This vulnerability is fixed...
Cross site scripting
Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user's web browser. This vulnerability is fixed...
CVE-2023-5950 Rapid7 Velociraptor Reflected XSS
Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user's web browser. This vulnerability is fixed...
CVE-2023-5950
CVE-2023-5950 – Rapid7 Velociraptor : Reported as a reflected cross-site scripting vulnerability in Velociraptor versions prior to 0.7.0-4, enabling attackers to inject JS via the error path. A fix is available in version 0.7.0-04, with patches also provided for 0.6.9 (0.6.9-1). Several connected...
CVE-2023-5950 Rapid7 Velociraptor Reflected XSS
Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user's web browser. This vulnerability is fixed...
CVE-2023-5950 Rapid7 Velociraptor Reflected XSS
Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user's web browser. This vulnerability is fixed...
Input validation
Due to insufficient validation in the PE and OLE parsers in Rapid7's Velociraptor versions earlier than 0.6.8 allows attacker to crash Velociraptor during parsing of maliciously malformed files. For this attack to succeed, the attacker needs to be able to introduce malicious files to the system a...
Velociraptor subject to Path Traversal
Rapid7 Velociraptor did not properly sanitize the client ID parameter to the CreateCollection API, allowing a directory traversal in where the collection task could be written. It was possible to provide a client id of "../clients/server" to schedule the collection for the server as a server...