Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apollo vulnerabilities and exploits
(subscribe to this query)
7
CVSSv3
CVE-2020-15170
apollo-adminservice before version 1.7.1 does not implement access controls. If users expose apollo-adminservice to internet(which is not recommended), there are potential security issues since apollo-adminservice is designed to work in intranet and it doesn't have access co...
Ctrip Apollo
10
CVSSv3
CVE-2019-10686
An SSRF vulnerability was found in an API from Ctrip Apollo up to and including 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or raise a GET request via /system-info/health because the %23 substring is mishandled.
Ctrip Apollo
6.1
CVSSv3
CVE-2024-23841
apollo-client-nextjs is the Apollo Client support for the Next.js App Router. The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this vulnerability, an attacker would need to either inject malicious input (e...
Apollographql Apollo Client
5.9
CVSSv3
CVE-2023-41317
The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Affected versions are subject to a Denial-of-Service (DoS) type vulnerability which causes the Router to panic and terminate when GraphQ...
Apollographql Apollo Router
5.4
CVSSv3
CVE-2023-30959
In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction.
Palantir Apollo Autopilot
NA
CVE-2009-1351
Heap-based buffer overflow in Apollo 37zz allows remote malicious users to cause a denial of service (application crash) and possibly execute arbitrary code via a long URI in a playlist (.m3u) file.
Heikki Ylinen Apollo 37zz
1 EDB exploit
NA
CVE-1999-1493
Vulnerability in crp in Hewlett Packard Apollo Domain OS SR10 through SR10.3 allows remote malicious users to gain root privileges via insecure system calls, (1) pad_$dm_cmd and (2) pad_$def_pfk().
Hp Apollo Domain Os
NA
CVE-2013-0728
Multiple stack-based buffer overflows in NCSAddOn.dll in the ERDAS APOLLO ECWP plugin prior to 13.00.0001 for Internet Explorer, Firefox, and Chrome allow remote malicious users to execute arbitrary code via a long property value.
Hexagon Erdas Apollo Ecwp 13.00.0000
NA
CVE-2024-25734
An issue exists on WyreStorm Apollo VX20 devices prior to 1.3.58. The TELNET service prompts for a password only after a valid username is entered, which might make it easier for remote malicious users to enumerate user accounts.
NA
CVE-2024-25735
An issue exists on WyreStorm Apollo VX20 devices prior to 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP /device/config GET request.
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »