6 matches found
GO-2026-4997 Velocidex Velociraptor has an Incorrect Authorization issue in www.velocidex.com/golang/velociraptor
Velocidex Velociraptor has an Incorrect Authorization issue in www.velocidex.com/golang/velociraptor...
Velocidex Velociraptor has an off-by-one error
An off-by-one error CWE-193 in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial of Service DoS via a process crash by providing a specially crafted .evtx file to the parseevtx VQL...
CVE-2026-7573
An authorization bypass CWE-639 in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy roles and permissions for any user across all organizations by supplying targeted Name and Org...
Denial Of Service (DoS)
github.com/velocidex/velociraptor is vulnerable to Denial of Service DoS attacks. Due of poor validation in the PE and OLE parsers, an attacker is able to cause the application to crash by processing a deliberately malformed file...
Velocidex Velociraptor 路径遍历漏洞
Velocidex Velociraptor is a tool from Velocidex Australia that collects host-based state information using Velociraptor Query Language VQL queries. A security vulnerability exists in Velocidex Velociraptor that stems from the Rapid7 Velociraptor not properly cleaning up the client ID parameter of...
Velocidex Velociraptor 安全漏洞
Velocidex Velociraptor is a tool from Velocidex Australia that uses Velociraptor Query Language VQL queries to gather host-based status information. A security vulnerability exists in Velocidex Velociraptor that stems from the fact that Rapid7 Velociraptor allows the creation of users with...