Lucene search
K

37 matches found

CVE
CVE
added 2026/06/26 1:59 a.m.27 views

CVE-2026-8661

CVE-2026-8661 affects the Rapid7 InsightConnect Markdown Plugin (Linux) up to version 3.1.4. The vulnerability is in the markdown_to_pdf action and combines Server-Side Scripting (XSS) with Server-Side Request Forgery (SSRF). It allows remote attackers to execute JavaScript server-side and to tri...

4.8CVSS6.2AI score0.00254EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 1:59 a.m.40 views

CVE-2026-8661 Server-Side Cross-Site Scripting and SSRF in Rapid7 InsightConnect Markdown to PDF Plugin

Server-Side Cross-Site Scripting and Server-Side Request Forgery vulnerability in the markdowntopdf action of Rapid7 InsightConnect Markdown Plugin version 3.1.4 and earlier on Linux allows remote attackers to execute JavaScript server-side and make arbitrary outbound HTTP requests via crafted...

4.8CVSS0.00254EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 2:16 a.m.11 views

CVE-2026-8664

OS Command Injection vulnerability in Rapid7 InsightConnect Finger Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the user or host parameters due to insufficient input validation in shell command construction...

8.8CVSS0.00833EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 2:16 a.m.11 views

CVE-2026-8592

OS Command Injection vulnerability in the processstring action of Rapid7 InsightConnect AWK Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to unsafe shell command construction in the processing pipeline...

9.8CVSS0.00675EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:56 a.m.5 views

EUVD-2026-39163

OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the options or filter parameters due to insufficient input sanitization in shell command construction...

6CVSS6.2AI score0.00833EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 1:51 a.m.6 views

CVE-2026-8662

Path Traversal vulnerability in the createarchive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker...

3.3CVSS5.9AI score0.00216EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 1:51 a.m.6 views

EUVD-2026-39162

Path Traversal vulnerability in the createarchive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker...

3.3CVSS5.9AI score0.00216EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:51 a.m.12 views

CVE-2026-8662

CVE-2026-8662 describes a path traversal in the Rapid7 InsightConnect Compression Plugin for Linux, specifically in the create_archive function. An authenticated attacker can craft a filename input that writes to unintended file paths, with the impact limited to file corruption because content ca...

4.3CVSS5.9AI score0.00216EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/25 1:35 a.m.17 views

CVE-2026-8666

CVE-2026-8666 describes an OS Command Injection in the traceroute action of the Rapid7 InsightConnect Traceroute Plugin on Linux. The vulnerability arises from insufficient input validation when constructing shell commands, allowing remote attackers to execute arbitrary OS commands via parameters...

9.8CVSS6.3AI score0.00675EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/25 1:35 a.m.5 views

EUVD-2026-39161

OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host, port, maxttl, count, or timeout request parameters due to insufficient input validation when constructing shell...

7.7CVSS6.3AI score0.00675EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:32 a.m.12 views

CVE-2026-8592

The vulnerability CVE-2026-8592 affects the Rapid7 InsightConnect AWK Plugin (Linux) where the process_string action constructs shell commands unsafely in the processing pipeline, enabling OS command execution via text or expression parameters. This is a remote issue with potential impact on conf...

9.8CVSS6.3AI score0.00675EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/25 1:28 a.m.16 views

CVE-2026-8664

Summary (CVE-2026-8664): OS Command Injection in the Rapid7 InsightConnect Finger Plugin for Linux. The vulnerability arises from insufficient input validation in shell command construction, enabling authenticated attackers to execute arbitrary OS commands via the user or host parameters. Affecte...

8.8CVSS6.2AI score0.00833EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/25 1:28 a.m.33 views

CVE-2026-8664 OS Command Injection in Rapid7 InsightConnect Finger Plugin

OS Command Injection vulnerability in Rapid7 InsightConnect Finger Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the user or host parameters due to insufficient input validation in shell command construction...

6CVSS0.00833EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 1:16 a.m.7 views

CVE-2026-9155

OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the expression parameter due to insufficient input validation...

8.8CVSS0.00916EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 1:16 a.m.11 views

CVE-2026-9154

Arbitrary File Write vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to write attacker-controlled content to arbitrary file paths via the expression parameter...

7.1CVSS0.00275EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 1:12 a.m.5 views

CVE-2026-8665

OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to insufficient input sanitization in shell command construction...

7.7CVSS6.3AI score0.00675EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 1:12 a.m.9 views

EUVD-2026-39158

OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to insufficient input sanitization in shell command construction...

7.7CVSS6.3AI score0.00675EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 1:12 a.m.30 views

CVE-2026-8665 OS Command Injection in Rapid7 InsightConnect Translate Plugin

OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to insufficient input sanitization in shell command construction...

7.7CVSS0.00675EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 12:52 a.m.16 views

CVE-2026-8660

CVE-2026-8660 describes an OS Command Injection vulnerability in the Linux ping action of the Rapid7 InsightConnect Ping Plugin. The root cause is insufficient input validation when constructing shell commands from the host parameter, enabling remote attackers to execute arbitrary OS commands. Th...

9.8CVSS6.3AI score0.00675EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/25 12:52 a.m.33 views

CVE-2026-8660 OS Command Injection in Rapid7 InsightConnect Ping Plugin

OS Command Injection vulnerability in the ping action of Rapid7 InsightConnect Ping Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host parameter due to insufficient input validation when constructing shell commands...

7.7CVSS0.00675EPSS
Exploits0References1
Rows per page
Query Builder