appsec.fyi · Sources

rapid7.com

7 curated AppSec resources from rapid7.com across 4 topics on appsec.fyi.

rapid7.com

Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-04-22.

RCE 3 SSTI 2 CSRF 1 SQLi 1
Date Added Resource Excerpt
2026-04-22 2026Grav CMS Twig SSTI Authenticated Sandbox Bypass RCESSTIModule for exploiting CVE-2025-66294, a Grav CMS Twig SSTI vulnerability that bypasses sandbox restrictions for remote code execution. This exploit utilizes weak regex in `cleanDangerousTwig` to handle nested Twig calls and leverages CVE-2025-66301, a broken access control flaw, allowing authenticated users to modify YAML frontmatter for payload injection.
2026-04-19 2026CVE-2025-1094: PostgreSQL psql SQL Injection (Fixed) — Rapid7SQLiAnalysis of CVE-2025-1094, a high-severity SQL injection vulnerability in PostgreSQL's psql tool, impacting versions prior to 17.3, 16.7, 15.11, 14.16, and 13.19. Discovered by Rapid7, this flaw, with a CVSS 3.1 score of 8.1, arises from improper handling of escaped untrusted input containing invalid UTF-8 characters. Exploitation can lead to arbitrary code execution via meta-commands or arbitrary SQL statement execution. This vulnerability was found to be a prerequisite for exploiting CVE-2024-12356 against BeyondTrust products, though both are now patched.
2026-04-17 2026Active Exploitation of Confluence CVE-2022-26134 (Rapid7)SSTIWriteup of CVE-2022-26134 details an unauthenticated OGNL injection vulnerability in Confluence Server and Data Center, allowing remote code execution. The vulnerability is actively exploited in the wild, with proof-of-concept exploits targeting HTTP requests to inject OGNL payloads. Successful exploitation allows attackers to execute commands and exfiltrate output via HTTP response headers, similar to the previous CVE-2021-26084. Rapid7's analysis highlights the OGNL injection mechanism and provides examples of exploitation, emphasizing the risk to internet-facing instances.
2026-04-10 2026CSRF Attacks - Rapid7CSRFReference defining Cross-Site Request Forgery (CSRF) attacks, detailing how they exploit user trust and authenticated sessions to perform unauthorized actions, such as money transfers or account alterations. It covers attack mechanisms, including social engineering and stored CSRF via XSS like the Samy MySpace worm, and highlights impacts on services like Gmail and Facebook. Prevention strategies emphasize enabling CSRF protection, utilizing CSRF tokens, and conducting regular web application security testing and penetration testing to mitigate risks.
2026-04-10 2026React2Shell: Critical Unauthenticated RCE in React Server ComponentsRCEWriteup of CVE-2025-55182, a critical unauthenticated RCE vulnerability affecting React Server Components and frameworks like Next.js, dubbed React2Shell. Exploitation in-the-wild has begun, with a working proof-of-concept and Metasploit module available. The vulnerability, with a CVSS of 10.0, allows attackers to execute arbitrary code via malicious HTTP requests. Remediation involves updating affected React packages to versions 19.0.1, 19.1.2, or 19.2.1. Rapid7 customers have detection capabilities via Exposure Command, InsightVM, and Nexpose.
2026-04-10 2026CVE-2026-1731: Critical Unauthenticated RCE in BeyondTrust Remote SupportRCEWriteup of CVE-2026-1731, a critical unauthenticated RCE in BeyondTrust Remote Support and Privileged Remote Access products, which allows attackers to execute arbitrary OS commands. This vulnerability, with a CVSSv4 score of 9.9, affects RS versions 25.3.1 and prior, and PRA versions 24.3.4 and prior. While SaaS instances were patched, self-hosted deployments require manual updates. Discovered by Hacktron AI, the flaw was added to CISA's KEV list on February 13, 2026. Rapid7 customers using Exposure Command, InsightVM, and Nexpose can assess their exposure with authenticated checks released February 9, 2026.
2026-04-06 2026Metasploit Wrap-Up 04/03/2026RCELibrary updates for Metasploit Framework introduce new HTTP/HTTPS CMD payloads for Windows, enabling RCE against FreeScout (CVE-2026-27636, CVE-2026-28289) and Grav CMS (CVE-2025-50286). It also adds a generic HTTP command execution exploit, a Windows persistence technique via `UserInitMprLogonScript`, and various enhancements, bug fixes, and documentation updates.