Lucene search
K

66 matches found

Cvelist
Cvelist
added 2026/06/26 1:59 a.m.40 views

CVE-2026-8661 Server-Side Cross-Site Scripting and SSRF in Rapid7 InsightConnect Markdown to PDF Plugin

Server-Side Cross-Site Scripting and Server-Side Request Forgery vulnerability in the markdowntopdf action of Rapid7 InsightConnect Markdown Plugin version 3.1.4 and earlier on Linux allows remote attackers to execute JavaScript server-side and make arbitrary outbound HTTP requests via crafted...

4.8CVSS0.00254EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 1:59 a.m.27 views

CVE-2026-8661

CVE-2026-8661 affects the Rapid7 InsightConnect Markdown Plugin (Linux) up to version 3.1.4. The vulnerability is in the markdown_to_pdf action and combines Server-Side Scripting (XSS) with Server-Side Request Forgery (SSRF). It allows remote attackers to execute JavaScript server-side and to tri...

4.8CVSS6.2AI score0.00254EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 1:59 a.m.10 views

EUVD-2026-39616

Server-Side Cross-Site Scripting and Server-Side Request Forgery vulnerability in the markdowntopdf action of Rapid7 InsightConnect Markdown Plugin version 3.1.4 and earlier on Linux allows remote attackers to execute JavaScript server-side and make arbitrary outbound HTTP requests via crafted...

4.8CVSS6.2AI score0.00254EPSS
Exploits0References2
OSV
OSV
added 2026/06/26 1:59 a.m.3 views

CVE-2026-8661 Server-Side Cross-Site Scripting and SSRF in Rapid7 InsightConnect Markdown to PDF Plugin

Server-Side Cross-Site Scripting and Server-Side Request Forgery vulnerability in the markdowntopdf action of Rapid7 InsightConnect Markdown Plugin version 3.1.4 and earlier on Linux allows remote attackers to execute JavaScript server-side and make arbitrary outbound HTTP requests via crafted...

4.8CVSS6.4AI score0.00254EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 2:16 a.m.12 views

CVE-2026-8664

OS Command Injection vulnerability in Rapid7 InsightConnect Finger Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the user or host parameters due to insufficient input validation in shell command construction...

8.8CVSS0.00833EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 2:16 a.m.11 views

CVE-2026-8666

OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host, port, maxttl, count, or timeout request parameters due to insufficient input validation when constructing shell...

9.8CVSS0.00675EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 2:16 a.m.11 views

CVE-2026-8592

OS Command Injection vulnerability in the processstring action of Rapid7 InsightConnect AWK Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to unsafe shell command construction in the processing pipeline...

9.8CVSS0.00675EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:56 a.m.17 views

CVE-2026-8658

CVE-2026-8658 describes an OS Command Injection in the Rapid7 InsightConnect Tcpdump Plugin running on Linux, caused by insufficient input sanitization during shell command construction. The vulnerability affects the plugin’s handling of options and filter parameters, allowing an authenticated at...

8.8CVSS6.2AI score0.00833EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/25 1:56 a.m.6 views

CVE-2026-8658

OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the options or filter parameters due to insufficient input sanitization in shell command construction...

6CVSS6.2AI score0.00833EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 1:56 a.m.6 views

EUVD-2026-39163

OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the options or filter parameters due to insufficient input sanitization in shell command construction...

6CVSS6.2AI score0.00833EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 1:51 a.m.6 views

CVE-2026-8662

Path Traversal vulnerability in the createarchive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker...

3.3CVSS5.9AI score0.00216EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 1:51 a.m.6 views

EUVD-2026-39162

Path Traversal vulnerability in the createarchive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker...

3.3CVSS5.9AI score0.00216EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 1:51 a.m.33 views

CVE-2026-8662 Path Traversal in Rapid7 InsightConnect Compression Plugin

Path Traversal vulnerability in the createarchive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker...

3.3CVSS0.00216EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:51 a.m.13 views

CVE-2026-8662

CVE-2026-8662 describes a path traversal in the Rapid7 InsightConnect Compression Plugin for Linux, specifically in the create_archive function. An authenticated attacker can craft a filename input that writes to unintended file paths, with the impact limited to file corruption because content ca...

4.3CVSS5.9AI score0.00216EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/25 1:35 a.m.20 views

CVE-2026-8666

CVE-2026-8666 describes an OS Command Injection in the traceroute action of the Rapid7 InsightConnect Traceroute Plugin on Linux. The vulnerability arises from insufficient input validation when constructing shell commands, allowing remote attackers to execute arbitrary OS commands via parameters...

9.8CVSS6.3AI score0.00675EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/25 1:35 a.m.33 views

CVE-2026-8666 OS Command Injection in Rapid7 InsightConnect Traceroute Plugin

OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host, port, maxttl, count, or timeout request parameters due to insufficient input validation when constructing shell...

7.7CVSS0.00675EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:35 a.m.7 views

EUVD-2026-39161

OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host, port, maxttl, count, or timeout request parameters due to insufficient input validation when constructing shell...

7.7CVSS6.3AI score0.00675EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 1:32 a.m.34 views

CVE-2026-8592 OS Command Injection in Rapid7 InsightConnect AWK Plugin

OS Command Injection vulnerability in the processstring action of Rapid7 InsightConnect AWK Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to unsafe shell command construction in the processing pipeline...

7.7CVSS0.00675EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 1:32 a.m.5 views

CVE-2026-8592

OS Command Injection vulnerability in the processstring action of Rapid7 InsightConnect AWK Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to unsafe shell command construction in the processing pipeline...

7.7CVSS6.3AI score0.00675EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 1:32 a.m.15 views

CVE-2026-8592

The vulnerability CVE-2026-8592 affects the Rapid7 InsightConnect AWK Plugin (Linux) where the process_string action constructs shell commands unsafely in the processing pipeline, enabling OS command execution via text or expression parameters. This is a remote issue with potential impact on conf...

9.8CVSS6.3AI score0.00675EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder