Every CVE whose affected-product data names Rapid7 Metasploit, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (17)
CVE-2020-7377 — CVSS 8.1 (high): The Metasploit Framework module "auxiliary/admin/http/telpho10_credential_dump" module is affected by a relative path traversal…
CVE-2020-7385 — CVSS 8.1 (high): By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization…
CVE-2017-5235 — CVSS 7.8 (high): Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the…
CVE-2019-5645 — CVSS 7.5 (high): By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary…
CVE-2019-5624 — CVSS 7.3 (high): Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ('Path…
CVE-2017-5228 — CVSS 7.1 (high): All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi…
CVE-2017-5231 — CVSS 7.1 (high): All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi…
CVE-2020-7376 — CVSS 7.1 (high): The Metasploit Framework module "post/osx/gather/enum_osx module" is affected by a relative path traversal vulnerability in the…
CVE-2017-5229 — CVSS 7.1 (high): All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi…
CVE-2020-7384 — CVSS 7.0 (high): Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would…
CVE-2020-7355 — CVSS 6.1 (medium): Cross-site Scripting (XSS) vulnerability in the 'notes' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a…
CVE-2020-7354 — CVSS 6.1 (medium): Cross-site Scripting (XSS) vulnerability in the 'host' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a…
CVE-2020-7350 — CVSS 6.1 (medium): Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin…
CVE-2023-0599 — CVSS 6.1 (medium): Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript…
CVE-2017-5244 — CVSS 3.5 (low): Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have…
CVE-2019-5642 — CVSS 3.3 (low): Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to…