Lucene search
K

6 matches found

OSV
OSV
added 2026/05/20 7:7 p.m.10 views

GO-2026-4997 Velocidex Velociraptor has an Incorrect Authorization issue in www.velocidex.com/golang/velociraptor

Velocidex Velociraptor has an Incorrect Authorization issue in www.velocidex.com/golang/velociraptor...

6.8CVSS5.8AI score0.00236EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/06 3:33 a.m.14 views

Velocidex Velociraptor has an off-by-one error

An off-by-one error CWE-193 in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial of Service DoS via a process crash by providing a specially crafted .evtx file to the parseevtx VQL...

5.5CVSS5.8AI score0.00142EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/06 2:15 a.m.21 views

CVE-2026-7573

An authorization bypass CWE-639 in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy roles and permissions for any user across all organizations by supplying targeted Name and Org...

5CVSS5.8AI score0.00255EPSS
Exploits0References2
Veracode
Veracode
added 2023/05/01 9:6 p.m.22 views

Denial Of Service (DoS)

github.com/velocidex/velociraptor is vulnerable to Denial of Service DoS attacks. Due of poor validation in the PE and OLE parsers, an attacker is able to cause the application to crash by processing a deliberately malformed file...

5.3CVSS5.5AI score0.00384EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/01/18 12:0 a.m.4 views

Velocidex Velociraptor 路径遍历漏洞

Velocidex Velociraptor is a tool from Velocidex Australia that collects host-based state information using Velociraptor Query Language VQL queries. A security vulnerability exists in Velocidex Velociraptor that stems from the Rapid7 Velociraptor not properly cleaning up the client ID parameter of...

4.3CVSS5AI score0.00744EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/01/18 12:0 a.m.30 views

Velocidex Velociraptor 安全漏洞

Velocidex Velociraptor is a tool from Velocidex Australia that uses Velociraptor Query Language VQL queries to gather host-based status information. A security vulnerability exists in Velocidex Velociraptor that stems from the fact that Rapid7 Velociraptor allows the creation of users with...

8.8CVSS7.8AI score0.00544EPSS
Exploits0References2
Rows per page
Query Builder