Rapid7 Cybersecurity Blog & Latest Vulnerability News

Threat Research

CVE-2022-31660 and CVE-2022-31661 (FIXED): VMware Workspace ONE Access, Identity Manager, and vRealize Automation LPE

Spencer McIntyre

Exposure Management

QNAP Poisoned XML Command Injection (Silently Patched)

Jake Baines

Threat Research

Primary Arms PII Disclosure via IDOR (FIXED)

Tod Beardsley

Products and Tools

CVE-2022-35629..35632 Velociraptor Multiple Vulnerabilities (FIXED)

Mike Cohen

Vulnerabilities and Exploits

CVE-2022-30526 (Fixed): Zyxel Firewall Local Privilege Escalation

Jake Baines

Exposure Management

CVE-2021-3779: Ruby-MySQL Gem Client File Read (FIXED)

Tod Beardsley

Exposure Management

CVE-2022-31749: WatchGuard Authenticated Arbitrary File Read/Write (Fixed)

Jake Baines

Threat Research

CVE-2022-32230: Windows SMB Denial-of-Service Vulnerability (FIXED)

Spencer McIntyre

Exposure Management

CVE-2022-22977: VMware Guest Authentication Service LPE (FIXED)

Jake Baines

Vulnerabilities and Exploits

CVE-2022-30525 (FIXED): Zyxel Firewall Unauthenticated Remote Command Injection

Jake Baines

Exposure Management

CVE-2022-28810: ManageEngine ADSelfService Plus Authenticated Command Execution (Fixed)

Jake Baines

Exposure Management

CVE-2022-24527: Microsoft Connected Cache Local Privilege Escalation (Fixed)

Jake Baines

Threat Research

CVE-2022-1026: Kyocera Net View Address Book Exposure

Tod Beardsley

Threat Research

CVE-2021-4191: GitLab GraphQL API User Enumeration (FIXED)

Jake Baines

Exposure Management

CVE-2021-20038..42: SonicWall SMA 100 Multiple Vulnerabilities (FIXED)

Jake Baines

Vulnerabilities and Exploits

CVE-2021-3546[78]: Akkadian Console Server Vulnerabilities (FIXED)

Tod Beardsley

Exposure Management

CVE-2021-3927[67]: Fortress S03 WiFi Home Security System Vulnerabilities

Tod Beardsley

Vulnerabilities and Exploits

Fortinet FortiWeb OS Command Injection

Tod Beardsley

Threat Research

Metasploit Wrap-Up 8/6/21

Matthew Kienow

Products and Tools

Multiple Open Source Web App Vulnerabilities Fixed

Tod Beardsley

Vulnerabilities and Exploits

CVE-2020-7387..7390: Multiple Sage X3 Vulnerabilities

Tod Beardsley

The Rapid7 Blog:
Your Signal in the Security Noise

Featured posts

Introducing Rapid7 MDR for Microsoft

The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit

What’s New in Rapid7 Products & Services?

Introducing Rapid7 MDR for Microsoft

The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit

What’s New in Rapid7 Products & Services?

Categories

Popular Tags

CVE-2022-31660 and CVE-2022-31661 (FIXED): VMware Workspace ONE Access, Identity Manager, and vRealize Automation LPE

QNAP Poisoned XML Command Injection (Silently Patched)

Primary Arms PII Disclosure via IDOR (FIXED)

CVE-2022-35629..35632 Velociraptor Multiple Vulnerabilities (FIXED)

CVE-2022-30526 (Fixed): Zyxel Firewall Local Privilege Escalation

CVE-2021-3779: Ruby-MySQL Gem Client File Read (FIXED)

CVE-2022-31749: WatchGuard Authenticated Arbitrary File Read/Write (Fixed)

CVE-2022-32230: Windows SMB Denial-of-Service Vulnerability (FIXED)

CVE-2022-22977: VMware Guest Authentication Service LPE (FIXED)

CVE-2022-30525 (FIXED): Zyxel Firewall Unauthenticated Remote Command Injection

CVE-2022-28810: ManageEngine ADSelfService Plus Authenticated Command Execution (Fixed)

CVE-2022-24527: Microsoft Connected Cache Local Privilege Escalation (Fixed)

CVE-2022-1026: Kyocera Net View Address Book Exposure

CVE-2021-4191: GitLab GraphQL API User Enumeration (FIXED)

CVE-2021-20038..42: SonicWall SMA 100 Multiple Vulnerabilities (FIXED)

CVE-2021-3546[78]: Akkadian Console Server Vulnerabilities (FIXED)