Rapid7 Cybersecurity Blog & Latest Vulnerability News

Vulnerabilities and Exploits

CVE-2023-27350: Ongoing Exploitation of PaperCut Remote Code Execution Vulnerability

Drew Burton

Vulnerabilities and Exploits

Raptor Technologies Volunteer Management Client-Side Security Controls (FIXED)

Rapid7

Vulnerabilities and Exploits

Backdoored 3CXDesktopApp Installer Used in Active Threat Campaign

Rapid7

Vulnerabilities and Exploits

Multiple Vulnerabilities in Rocket Software UniRPC server (Fixed)

Ron Bowes

Vulnerabilities and Exploits

CVE-2023-0391: MGT-COMMERCE CloudPanel Shared Certificate Vulnerability and Weak Installation Procedures

Tod Beardsley

Vulnerabilities and Exploits

Microsoft Defender for Cloud Management Port Exposure Confusion

Tod Beardsley

Vulnerabilities and Exploits

CVE-2022-21587: Rapid7 Observed Exploitation of Oracle E-Business Suite Vulnerability

Glenn Thorpe

Vulnerabilities and Exploits

Multiple DMS XSS (CVE-2022-47412 through CVE-20222-47419)

Tod Beardsley

Vulnerabilities and Exploits

CVE-2023-22374: F5 BIG-IP Format String Vulnerability

Ron Bowes

Vulnerabilities and Exploits

Exploitation of Control Web Panel CVE-2022-44877

Caitlin Condon

Vulnerabilities and Exploits

CVE-2022-47966: Rapid7 Observed Exploitation of Critical ManageEngine Vulnerability

Glenn Thorpe

Vulnerabilities and Exploits

Refreshing Rapid7's Coordinated Vulnerability Disclosure Policy

Tod Beardsley

Vulnerabilities and Exploits

CVE-2022-41080, CVE-2022-41082: Rapid7 Observed Exploitation of `OWASSRF` in Exchange for RCE

Glenn Thorpe

Vulnerabilities and Exploits

Cengage LTI Session Management Leakage

Tod Beardsley

Vulnerabilities and Exploits

CVE-2022-42475: Critical Unauthenticated Remote Code Execution Vulnerability in FortiOS; Exploitation Reported

Glenn Thorpe

Vulnerabilities and Exploits

CVE-2022-4261: Rapid7 Nexpose Update Validation Issue (FIXED)

Tod Beardsley

Vulnerabilities and Exploits

CVE-2022-41622 and CVE-2022-41800 (FIXED): F5 BIG-IP and iControl REST Vulnerabilities and Exposures

Ron Bowes

Vulnerabilities and Exploits

Rapid7’s Impact from OpenSSL Buffer Overflow Vulnerabilities (CVE-2022-3786 & CVE-2022-3602)

Rapid7

Vulnerabilities and Exploits

Rapid7’s Impact from Apache Commons Text Vulnerability (CVE-2022-42889)

Rapid7

Vulnerabilities and Exploits

CVE-2021-39144: VMware Cloud Foundation Unauthenticated Remote Code Execution

Caitlin Condon

Vulnerabilities and Exploits

CVE-2022-40684: Remote Authentication Bypass Vulnerability in Fortinet Firewalls, Web Proxies

Glenn Thorpe

The Rapid7 Blog:
Your Signal in the Security Noise

Featured posts

Introducing Rapid7 MDR for Microsoft

The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit

What’s New in Rapid7 Products & Services?

Introducing Rapid7 MDR for Microsoft

The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit

What’s New in Rapid7 Products & Services?

Categories

Popular Tags

CVE-2023-27350: Ongoing Exploitation of PaperCut Remote Code Execution Vulnerability

Raptor Technologies Volunteer Management Client-Side Security Controls (FIXED)

Backdoored 3CXDesktopApp Installer Used in Active Threat Campaign

Multiple Vulnerabilities in Rocket Software UniRPC server (Fixed)

CVE-2023-0391: MGT-COMMERCE CloudPanel Shared Certificate Vulnerability and Weak Installation Procedures

Microsoft Defender for Cloud Management Port Exposure Confusion

CVE-2022-21587: Rapid7 Observed Exploitation of Oracle E-Business Suite Vulnerability

Multiple DMS XSS (CVE-2022-47412 through CVE-20222-47419)

CVE-2023-22374: F5 BIG-IP Format String Vulnerability

Exploitation of Control Web Panel CVE-2022-44877

CVE-2022-47966: Rapid7 Observed Exploitation of Critical ManageEngine Vulnerability

Refreshing Rapid7's Coordinated Vulnerability Disclosure Policy