- How many CVEs does Rapid7 have?
- Rapid7 has 162 published CVE records since 2013, including 36 in the last two years.
- How many Rapid7 CVEs are in CISA KEV?
- Yes — 8 of Rapid7's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.
- Which Rapid7 products have the most CVEs?
- The Rapid7 products with the most published CVEs are metasploit-framework, Nexpose, Velociraptor, Metasploit, InsightVM.
- What are the most common weakness types in Rapid7 CVEs?
- Rapid7's CVEs most often map to these CWE weakness types: CWE-78 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')), CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')), CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')).
- Are there public exploits for Rapid7 vulnerabilities?
- Yes — 68 of Rapid7's CVEs have a known public exploit.
- How many critical Rapid7 vulnerabilities are there?
- Rapid7 has 39 critical and 69 high-severity CVEs.
- What is the average severity of Rapid7 CVEs?
- The average CVSS base score across Rapid7's scored CVEs is 7.6.