Research org contributor

Rapid7

cited as evidence in 47 · CNA assigner on 1 · credited finder on 1 of 48 known-exploited records. Every aggregate on this page is recomputed from the records listed below — each one already cited to its public source.

rapid7.com ↗ · home of the cited advisories

records cited in

deterministic count

finder / reporter credits

CVE.org credits

CVE records catalogued (CNA)

assigner

60%

avg modeled exploit prob.

FIRST EPSS, 48/48

40%

ransomware-associated

19 of 48 · CISA flag

Known for

— recomputed from this contributor’s own records

SurfacesApplication / other (25), Edge / remote-access infra (11), Hypervisor / virtualization (5), Server / web platform (4), Operating system / kernel (3)

WeaknessInjection (12), Authentication (8), Path traversal / file (6), Authorization / access control (5), Memory safety (5)

PortfolioMicrosoft (4), VMware (3), Adobe (3), Oracle (2), D-Link (2), Zoho (2)

PeopleNamed individuals credited under this contributor:

Ron Bowes of Rapid7Caitlin Condon of Rapid7

Narrative reach

— how far this contributor’s records carry an attacker, front door → lights out

1Front door

47reach this stage

→

2Keys to the kingdom

47reach this stage

→

3Lateral reach

45reach this stage

→

4Data at risk

6reach this stage

→

5Lights out

0reach this stage

Furthest any of these records carries an attacker: 4 · Data at risk. 6 of 47 narrative-framed records reach data-at-risk or lights-out. (furthest-position idiom, reused from the landing map; the stage mapping is a model output over cited evidence.)

Recent highlights

— this contributor’s newest known-exploited records

CVE-2026-50751Check Point41%RWKEV CVE-2026-0257Palo Alto Networks19%KEV CVE-2025-15556Notepad++1%KEV CVE-2025-41244Broadcom8%KEV CVE-2021-21311Adminer90%KEV CVE-2025-32463Sudo48%KEV

Every record they’re cited in

— all 48, each linked to its cited source

This is the evidence behind every number above. Sorted ransomware-first, then by modeled exploit probability.

CVE-2023-0669Fortra100%RWKEV CVE-2022-29464WSO2100%RWKEV CVE-2023-22527Atlassian100%RWKEV CVE-2024-1709ConnectWise100%RWKEV CVE-2022-47966Zoho100%RWKEV CVE-2024-50623Cleo99%RWKEV CVE-2024-55591Fortinet98%RWKEV CVE-2023-38203Adobe97%RWKEV CVE-2019-5544VMware97%RWKEV CVE-2022-36537ZK Framework95%RWKEV CVE-2024-55956Cleo94%RWKEV CVE-2023-40044Progress90%RWKEV CVE-2023-24955Microsoft85%RWKEV CVE-2020-3992VMware83%RWKEV CVE-2024-38094Microsoft55%RWKEV CVE-2026-50751Check Point41%RWKEV CVE-2023-20269Cisco22%RWKEV CVE-2021-41379Microsoft20%RWKEV CVE-2018-19320GIGABYTE4%RWKEV CVE-2023-21839Oracle100%KEV CVE-2023-29298Adobe100%KEV CVE-2024-4040CrushFTP100%KEV CVE-2023-34048VMware99%KEV CVE-2019-5418Rails99%KEV CVE-2023-26360Adobe97%KEV CVE-2025-54309CrushFTP92%KEV CVE-2021-21311Adminer90%KEV CVE-2024-12356BeyondTrust88%KEV CVE-2025-4428Ivanti88%KEV CVE-2022-26923Microsoft83%KEV CVE-2022-28810Zoho70%KEV CVE-2020-25079D-Link53%KEV CVE-2025-32463Sudo48%KEV CVE-2025-32756Fortinet31%KEV CVE-2022-40799D-Link31%KEV CVE-2023-2533PaperCut29%KEV CVE-2024-4978Justice AV Solutions27%KEV CVE-2014-3931Looking Glass27%KEV CVE-2020-24363TP-Link21%KEV CVE-2026-0257Palo Alto Networks19%KEV CVE-2025-41244Broadcom8%KEV CVE-2008-3431Oracle7%KEV CVE-2023-41179Trend Micro5%KEV CVE-2025-59689Libraesva2%KEV CVE-2025-38352Linux1%KEV CVE-2025-15556Notepad++1%KEV CVE-2025-48543Android1%KEV CVE-2025-48928TeleMessage0%KEV

Coverage & confidence

— what this profile claims, and what it does not

Established (cited)

Cited in 48 known-exploited records — the list below; every one links to its public source.

Catalogued 1 CVE record(s) as the CNA assigner (from CVE.org).

Credited as the finder/reporter on 1 record(s) (CVE.org credits).

Coverage gaps — stated, not hidden

This profile is an aggregation: it asserts only what the listed records already cite — no new external claim about the contributor is made.

The TYPE badge and the narrative-stage mapping are editorial (our call), labeled as such, not a sourced fact.