Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apollo vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-25570
Apollo is a configuration management system. Prior to version 2.1.0, there are potential security issues if users expose apollo-configservice to the internet, which is not recommended. This is because there is no authentication feature enabled for the built-in eureka service. Mal...
Apolloconfig Apollo
7.5
CVSSv2
CVE-2019-10686
An SSRF vulnerability was found in an API from Ctrip Apollo up to and including 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or raise a GET request via /system-info/health because the %23 substring is mishandled.
Ctrip Apollo
NA
CVE-2024-23841
apollo-client-nextjs is the Apollo Client support for the Next.js App Router. The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this vulnerability, an attacker would need to either inject malicious input (e...
Apollographql Apollo Client
NA
CVE-2023-41317
The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Affected versions are subject to a Denial-of-Service (DoS) type vulnerability which causes the Router to panic and terminate when GraphQ...
Apollographql Apollo Router
NA
CVE-2023-30959
In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction.
Palantir Apollo Autopilot
10
CVSSv2
CVE-1999-1493
Vulnerability in crp in Hewlett Packard Apollo Domain OS SR10 through SR10.3 allows remote malicious users to gain root privileges via insecure system calls, (1) pad_$dm_cmd and (2) pad_$def_pfk().
Hp Apollo Domain Os
9.3
CVSSv2
CVE-2009-1351
Heap-based buffer overflow in Apollo 37zz allows remote malicious users to cause a denial of service (application crash) and possibly execute arbitrary code via a long URI in a playlist (.m3u) file.
Heikki Ylinen Apollo 37zz
1 EDB exploit
10
CVSSv2
CVE-2013-0728
Multiple stack-based buffer overflows in NCSAddOn.dll in the ERDAS APOLLO ECWP plugin prior to 13.00.0001 for Internet Explorer, Firefox, and Chrome allow remote malicious users to execute arbitrary code via a long property value.
Hexagon Erdas Apollo Ecwp 13.00.0000
NA
CVE-2024-25734
An issue exists on WyreStorm Apollo VX20 devices prior to 1.3.58. The TELNET service prompts for a password only after a valid username is entered, which might make it easier for remote malicious users to enumerate user accounts.
NA
CVE-2024-25735
An issue exists on WyreStorm Apollo VX20 devices prior to 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP /device/config GET request.
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »