GO-2026-4997 Velocidex Velociraptor has an Incorrect Authorization issue in www.velocidex.com/golang/velociraptor

Velocidex Velociraptor has an Incorrect Authorization issue in www.velocidex.com/golang/velociraptor...

PT-2026-42381

Velocidex Velociraptor has an Incorrect Authorization issue in www.velocidex.com/golang/velociraptor...

Velocidex Velociraptor has an off-by-one error

An off-by-one error CWE-193 in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial of Service DoS via a process crash by providing a specially crafted .evtx file to the parseevtx VQL...

CVE-2026-7573

An authorization bypass CWE-639 in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy roles and permissions for any user across all organizations by supplying targeted Name and Org...

Velociraptor 安全漏洞

Velociraptor is an open-source tool developed by Velocidex, designed for querying and collecting host-based status information using the Velociraptor Query Language VQL. Versions of Velociraptor prior to 0.76.4 contained security vulnerabilities. These vulnerabilities stemmed from a resource...

EUVD-2024-33562

Malicious code in bioql PyPI...

EUVD-2024-51042

Malicious code in bioql PyPI...

Velociraptor 安全漏洞

Velociraptor is a Velocidex open source tool for collecting host-based state information using Velociraptor Query Language VQL queries. A security vulnerability exists in Velociraptor that stems from the failure of the Admin.Client.UpdateClientConfig artifact to enforce additional privileges, whi...

Velociraptor 安全漏洞

Velociraptor is a Velocidex open source tool for collecting host-based state information using Velociraptor Query Language VQL queries. A security vulnerability exists in Velociraptor versions prior to 0.73.4 that stems from improper access control and allows execution of the execve plugin...

CVE-2024-10972

Velocidex WinPmem versions 4.1 and below suffer from an Improper Input Validation vulnerability whereby an attacker with admin access can trigger a BSOD with a parallel thread changing the memory’s access right under the control of the user-mode application. This is due to verification only being...

CVE-2024-12668

Velocidex WinPmem versions below 4.1 suffer from an Out of Bounds Write vulnerability. By using an IO Control, a user space program can trick the driver into writing a 0 into any chosen memory location. In conjunction with information leakage from the WinPmem driver, attackers can discover the...

CVE-2024-10972

Velocidex WinPmem versions 4.1 and below suffer from an Improper Input Validation vulnerability whereby an attacker with admin access can trigger a BSOD with a parallel thread changing the memory’s access right under the control of the user-mode application. This is due to verification only being...

CVE-2024-12668

Velocidex WinPmem versions below 4.1 suffer from an Out of Bounds Write vulnerability. By using an IO Control, a user space program can trick the driver into writing a 0 into any chosen memory location. In conjunction with information leakage from the WinPmem driver, attackers can discover the...

CVE-2024-12668 Velocidex WinPmem Out of Bounds Write Vulnerability

Velocidex WinPmem versions below 4.1 suffer from an Out of Bounds Write vulnerability. By using an IO Control, a user space program can trick the driver into writing a 0 into any chosen memory location. In conjunction with information leakage from the WinPmem driver, attackers can discover the...

CVE-2024-12668

Velocidex WinPmem

CVE-2024-12668 Velocidex WinPmem Out of Bounds Write Vulnerability

Velocidex WinPmem versions below 4.1 suffer from an Out of Bounds Write vulnerability. By using an IO Control, a user space program can trick the driver into writing a 0 into any chosen memory location. In conjunction with information leakage from the WinPmem driver, attackers can discover the...

PT-2024-17709 · Velocidex · Velocidex Winpmem

Name of the Vulnerable Software and Affected Versions: Velocidex WinPmem versions below 4.1 Description: The issue allows a user space program to trick the driver into writing a 0 into any chosen memory location by using an IO Control. In conjunction with information leakage from the WinPmem...

GO-2023-1527 Velociraptor vulnerable to Missing Authorization in www.velocidex.com/golang/velociraptor

Velociraptor vulnerable to Missing Authorization in www.velocidex.com/golang/velociraptor...

Cross-site Scripting (XSS)

github.com/velocidex/velociraptor is vulnerable to Cross-site Scripting. This vulnerability exists because it does not properly validate error paths, allowing an attacker to inject and execute malicious JavaScript in the browser...

Denial Of Service (DoS)

github.com/velocidex/velociraptor is vulnerable to Denial of Service DoS attacks. Due of poor validation in the PE and OLE parsers, an attacker is able to cause the application to crash by processing a deliberately malformed file...