Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

10 matches found

Cvelist
Cvelistadded 2026/02/03 2:54 p.m.25 views

CVE-2026-1814 Rapid7 Nexpose Insecure Java Keystore Password Generation

Rapid7 Nexpose versions 6.4.50 and later are vulnerable to an insufficient entropy issue in the CredentialsKeyStorePassword.generateRandomPassword method. When updating legacy keystore passwords, the application generates a new password with insufficient length 7-12 characters and a static prefix...

6.8CVSS0.00007EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2020-28508

Malware in sbrugna...

7.8CVSS7.6AI score0.00371EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2017-14335

Malware in sbrugna...

7.2CVSS7AI score0.00444EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2017-14369

Malware in sbrugna...

8.8CVSS8.8AI score0.00335EPSS
Exploits4References5
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2017-14337

Malware in sbrugna...

7.8CVSS7.7AI score0.00217EPSS
Exploits0References3
NCSC
NCSCadded 2020/10/20 12:0 a.m.3 views

Vulnerability fixed in Nexpose

A vulnerability has been fixed in Nexpose. The vulnerability allows an authenticated malicious party to execute an SQL injection to execute and thereby obtain sensitive data. Rapid7 has released updates to fix the vulnerability. More information can be found on the page below:...

8.1CVSS7.6AI score0.00356EPSS
Exploits0
NCSC
NCSCadded 2020/10/15 12:0 a.m.2 views

Vulnerability fixed in Rapid7 Nexpose

Rapid7 has fixed a vulnerability in Nexpose. The vulnerability potentially allows a local malicious person to perform a SQL injection attack that could access gain access to sensitive data or manipulate data. Rapid7 has released updates to fix the vulnerability in Nexpose 6.6.49. For more...

8.1CVSS6.9AI score0.00356EPSS
Exploits0
Cvelist
Cvelistadded 2017/12/14 9:0 p.m.16 views

CVE-2017-5264

Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery CSRF attack...

8.9AI score0.00335EPSS
Exploits4References3
CNVD
CNVDadded 2017/03/03 12:0 a.m.0 views

Rapid7 Nexpose Static Java Key Vault Cryptographic Vulnerability

Rapid7 Nexpose is a suite of vulnerability management software from Rapid7 USA that can synthesize different scans to deeply probe a network. The software proactively scans configuration environments for errors, vulnerabilities, malware and provides guidance to reduce risk. Rapid7 Nexpose has a...

7.2CVSS7.1AI score0.00444EPSS
Exploits0References1
OSV
OSVadded 2016/12/20 10:59 p.m.3 views

CVE-2016-9757

In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user interface, any authenticated user who has the capability to create tags can inject cross-site scripting XSS elements in the tag name field. Once this tag is viewed in the Tag Detail page of the Rapid7 Nexpose 6.4.12 UI by another...

5.4CVSS5.7AI score
Exploits0References2
Rows per page
Query Builder