Rapid7 Insight Agent 安全漏洞

Rapid7 Insight Agent is a lightweight software developed by Rapid7 Corporation in the United States. This software is capable of collecting data from IT assets. Rapid7 Insight Agent has a security vulnerability, which stems from an eval function injection, potentially leading to remote code...

Rapid7 Completes BSI C5 Type 2 Examination: Stronger Cloud Security for DACH Organizations

If you're a security leader operating in Germany, Austria, or Switzerland, you already know that compliance isn't a checkbox. It's a competitive differentiator. Rapid7 has completed BSI C5 Type 2 attestation for the Rapid7 Command Platform, including Threat Command, and it's a milestone worth...

CVE-2026-31381

creationtimestamp| type| source ---|---|--- 2026-03-20 13:07:52+00:00| seen| https://bsky.app/profile/rapid7.com/post/3mhiljo6zek2g 2026-03-20 16:01:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhivaleean2u 2026-03-20 21:33:07+00:00| seen|...

CVE-2026-31382

creationtimestamp| type| source ---|---|--- 2026-03-20 13:07:52+00:00| seen| https://bsky.app/profile/rapid7.com/post/3mhiljo6zek2g 2026-03-20 16:11:01+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhivr7fiin2o 2026-03-20 21:33:07+00:00| seen|...

Rapid7 Detection Coverage for Iran-Linked Cyber Activity

The tension arising out of the conflict in Iran is beginning to show signs of expanding beyond a strictly regional crisis. Following our recent published advisories, this communication is intended to outline and summarize the detection and enrichment coverage available to Rapid7 customers, broadl...

Building the Future of Cloud Security: Rapid7 Recognized in Cloud Native Application Protection, Q1 2026

We are excited to share Rapid7’s recognition in The Forrester Wave™: Cloud Native Application Protection Solutions CNAPP , Q1 2026 1. We see this acknowledgment as a milestone that highlights our strategic evolution and continued drive to help security teams shift from reactive defense to...

CVE-2026-1814

creationtimestamp| type| source ---|---|--- 2026-02-10 19:29:41+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/rapid7-security-advisory-av26-108 2026-05-14 17:00:04+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/84239 2026-05-14 21:00:04+00:00| seen|...

CVE-2026-1814

Rapid7 Nexpose versions 6.4.50 and later are vulnerable to an insufficient entropy issue in the CredentialsKeyStorePassword.generateRandomPassword method. When updating legacy keystore passwords, the application generates a new password with insufficient length 7-12 characters and a static prefix...

CVE-2026-1568

Rapid7 InsightVM versions before 8.34.0 contain a signature verification issue on the Assertion Consumer Service ACS cloud endpoint that could allow an attacker to gain unauthorized access to InsightVM accounts setup via "Security Console" installations, resulting in full account takeover. The...

CVE-2026-1568

Rapid7 InsightVM is affected. In affected releases prior to 8.34.0, a signature verification flaw exists on the ACS cloud endpoint used in the Security Console installations. This flaw allows an attacker to process unsigned assertions and issue session cookies that grant access to targeted user a...

CVE-2026-1814

Rapid7 Nexpose versions 6.4.50 and later are vulnerable to an insufficient entropy issue in the CredentialsKeyStorePassword.generateRandomPassword method. When updating legacy keystore passwords, the application generates a new password with insufficient length 7-12 characters and a static prefix...

CVE-2026-1814

CVE-2026-1814 affects Rapid7 Nexpose versions 6.4.50 and later. The root cause is an insufficient entropy issue in Password key generation: CredentialsKeyStorePassword.generateRandomPassword() creates passwords with insufficient length (7–12 chars) and a static prefix 'p', yielding a weak keyspac...

CVE-2026-1814

Rapid7 Nexpose versions 6.4.50 and later are vulnerable to an insufficient entropy issue in the CredentialsKeyStorePassword.generateRandomPassword method. When updating legacy keystore passwords, the application generates a new password with insufficient length 7-12 characters and a static prefix...

Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group

A China-linked threat actor known as Lotus Blossom has been attributed with medium confidence to the recently discovered compromise of the infrastructure hosting Notepad++. The attack enabled the state-sponsored hacking group to deliver a previously undocumented backdoor codenamed Chrysalis to...

Rapid7 InsightVM 安全漏洞

Rapid7 InsightVM is a vulnerability scanning and management application developed by Rapid7, Inc. Versions of Rapid7 InsightVM prior to 8.34.0 contain security vulnerabilities. These vulnerabilities stem from issues with signature verification at the cloud point of the consumer service. As a...

PT-2026-6066

Name of the Vulnerable Software and Affected Versions Rapid7 Nexpose versions 6.4.50 and later Description A security issue exists in Rapid7 Nexpose related to insufficient entropy in the CredentialsKeyStorePassword.generateRandomPassword method. This can impact the randomness of generated...

Rapid7 Nexpose 安全漏洞

Rapid7 Nexpose is a vulnerability management software developed by Rapid7 Corporation in the United States. It utilizes scan results to deeply detect vulnerabilities in networks. This software supports scanning of configurations, errors, vulnerabilities, and malware. Rapid7 Nexpose versions 6.4.5...

PT-2026-6046

Name of the Vulnerable Software and Affected Versions Rapid7 InsightVM versions prior to 8.34.0 Description Rapid7 InsightVM installations utilizing the "Security Console" setup are susceptible to a signature verification flaw on the Assertion Consumer Service ACS cloud endpoint. This issue allow...

Reducing Cloud Chaos: Rapid7 Partners with ARMO to Deliver Cloud Runtime Security

Rapid7 has partnered with ARMO, a leader in cloud infrastructure and application security based on runtime data, to offer Cloud Runtime Security. The new offering, currently in beta, extends our vulnerability and exposure management solution, Exposure Command, into the moment where cloud risk...

Rapid7 Velociraptor 安全漏洞

Rapid7 Velociraptor is a digital forensics and incident response platform from US-based Rapid7. A security vulnerability exists in Rapid7 Velociraptor versions prior to 0.75.6 that stems from insufficient directory name cleanup on Linux servers, which could lead to directory traversal and file...