1324 matches found
EUVD-2023-12710
Malicious code in bioql PyPI...
EUVD-2023-0385
Malicious code in bioql PyPI...
EUVD-2024-48899
Malicious code in bioql PyPI...
CVE-2025-11195
Rapid7 AppSpider Pro versions below 7.5.021 suffer from a project name validation vulnerability, whereby an attacker can change the project name directly in the configuration file to a name that already exists. This issue stems from a lack of effective verification of the uniqueness of project...
CVE-2025-11195
Rapid7 AppSpider Pro versions below 7.5.021 suffer from a project name validation vulnerability, whereby an attacker can change the project name directly in the configuration file to a name that already exists. This issue stems from a lack of effective verification of the uniqueness of project...
CVE-2025-11195
Rapid7 AppSpider Pro versions below 7.5.021 suffer from a project name validation vulnerability, whereby an attacker can change the project name directly in the configuration file to a name that already exists. This issue stems from a lack of effective verification of the uniqueness of project...
CVE-2025-11195 Rapid7 AppSpider Project Name Validation Bypass
Rapid7 AppSpider Pro versions below 7.5.021 suffer from a project name validation vulnerability, whereby an attacker can change the project name directly in the configuration file to a name that already exists. This issue stems from a lack of effective verification of the uniqueness of project...
Rapid7 AppSpider Pro 数据伪造问题漏洞
Rapid7 AppSpider Pro is a dynamic application security testing solution from Rapid7, Inc. that allows you to scan Web and mobile applications for vulnerabilities. A data forgery issue vulnerability exists in Rapid7 AppSpider Pro versions prior to 7.5.021, which stems from insufficient project nam...
PT-2025-40014
Name of the Vulnerable Software and Affected Versions Rapid7 AppSpider Pro versions prior to 7.5.021 Description Rapid7 AppSpider Pro versions below 7.5.021 have a project name validation issue. An attacker can modify the project name directly in the configuration file to a name that already exis...
CVE-2025-36857
Rapid7 Appspider Pro versions below 7.5.021, suffer from a broken access control vulnerability in the application's configuration file loading mechanism, whereby an attacker can place files in directories belonging to other users or projects. Affected versions allow standard users to add custom...
CVE-2025-36857 Rapid7 Appspider Broken Access Control Vulnerability
Rapid7 Appspider Pro versions below 7.5.021, suffer from a broken access control vulnerability in the application's configuration file loading mechanism, whereby an attacker can place files in directories belonging to other users or projects. Affected versions allow standard users to add custom...
CVE-2025-36857 Rapid7 Appspider Broken Access Control Vulnerability
Rapid7 Appspider Pro versions below 7.5.021, suffer from a broken access control vulnerability in the application's configuration file loading mechanism, whereby an attacker can place files in directories belonging to other users or projects. Affected versions allow standard users to add custom...
CVE-2025-36857
CVE-2025-36857 — Rapid7 Appspider Pro versions prior to 7.5.021 suffer a broken access control in the configuration file loading mechanism. The issue allows a standard user to place custom configuration files in other users’ or projects’ directories, and since files are loaded in alphabetical ord...
PT-2025-39395
Name of the Vulnerable Software and Affected Versions Rapid7 Appspider Pro versions prior to 7.5.021 Description The application has a broken access control issue in how it loads configuration files. Standard users can add custom configuration files, which are loaded alphabetically and can overri...
metasploit-framework
This is an offensive tool for penetration testing. It is the Metasploit Framework, a comprehensive platform for developing and executing exploits. The framework is written in Ruby and provides a wide range of features for penetration testing, including exploit development, vulnerability scanning,...
Rapid7 named a representative vendor in 2025 Gartner® Market Guide for Cloud-Native Application Protection Platforms (CNAPP)
Being a cloud security professional can feel like you’re caught in the middle of a tug-of-war. On one side, developers, driven by the need for speed and innovation, see security as a potential bottleneck; on the other, business leaders, who are often removed from the technical weeds, have little...
PT-2025-23681 · Undefined · Undefined
@rapid7 re: https://t.co/y9yV1nYcUZ You use CVE-2023-47986 incorrect but link to 2022-47986 correct...
Threats don’t wait, neither should you: Mastering Emergent Threat Response Validation
Cybersecurity is a team sport In cybersecurity, no one fights alone. Defending against modern threats requires seamless collaboration, real-time intelligence, and precision execution—just like a well-coordinated sports team. That’s why Rapid7 Labs and our Vector Command team work together to stay...
CVE-2024-8042
Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an empty user group being added to the incorrect...
CVE-2023-5950
Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user's web browser. This vulnerability is fixed in...