Active Exploitation of Atlassian’s Questions for Confluence App CVE-2022-26138

Exploitation is underway CVE-2022-26138, one of a trio of critical Atlassian vulnerabilities affecting the company's on-premises products. | Continue reading

@rapid7.com | 1 year ago

Cve-2022-26134: Active Exploitation of Atlassian Confluence

On June 2, 2022, Atlassian published an advisory for CVE-2022-26134, a critical unauthenticated RCE vulnerability in Confluence Serve and Data Center. | Continue reading

@rapid7.com | 1 year ago

Rapid7 no longer providing free access to SONAR datasets

Our goal for Open Data has been to enable others to participate in these efforts, increasing the positive impact across the community. | Continue reading

@rapid7.com | 2 years ago

Driver-Based Attacks: Past and Present

In our analysis of CVE-2021-21551, we found that Dell’s update didn’t fix the write-what-where condition but only limited access to administrative users. | Continue reading

@rapid7.com | 2 years ago

Widespread Exploitation of Critical Remote Code Execution in Apache Log4j

On December 10, 2021, Apache released a fix for CVE-2021-44228, a critical RCE vulnerability affecting Log4j that is being exploited in the wild. | Continue reading

@rapid7.com | 2 years ago

Rapid7’s Response to Codecov Incident

Continue reading

@rapid7.com | 2 years ago

Java Serialization: A Practical Exploitation Guide

This research report explores how JSOs can be vulnerable to unsafe deserialization vulnerabilities, how Metasploit Framework can help validate, and more. | Continue reading

@rapid7.com | 5 years ago

Oracle Database: Critical Patch Update – April 2018 (CVE-2018-2841)

Continue reading

@rapid7.com | 6 years ago