CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1233 matches found

OSV•added 2024/03/06 6:24 p.m.•15 views

GHSA-CGQF-3CQ5-WVCJ Apollo Router's Compressed Payloads do not respect HTTP Payload Limits

Impact The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service DoS type vulnerability. When receiving compressed HTTP payloads, affected versions of the Route...

7.5CVSS5.5AI score0.00293EPSS

Exploits0References3

Positive Technologies•added 2024/03/06 12:0 a.m.•4 views

PT-2024-22266

Name of the Vulnerable Software and Affected Versions Apollo Router versions 0.9.5 through 1.40.2 Description The Apollo Router is subject to a Denial-of-Service DoS type issue. When receiving compressed HTTP payloads, affected versions of the Router evaluate the limits.http max request bytes...

7.5CVSS6.6AI score0.00293EPSS

Exploits0References9

VulnCheck KEV•added 2024/03/03 12:0 a.m.•0 views

VulnCheck KEV: CVE-2024-25735

An access control credential disclosure is present in WyreStorm Apollo VX20...

9.1CVSS7.3AI score0.90358EPSS

Exploits4References1

Openbugbounty•added 2024/02/29 1:46 a.m.•15 views

sso.apollo.edu Cross Site Scripting vulnerability OBB-3861598

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score

Exploits0

CNNVD•added 2024/02/26 12:0 a.m.•1 views

WyreStorm Apollo VX20 Security Vulnerability

Wyrestorm Apollo VX20 is an advanced conferencing video appliance from Wyrestorm. A security vulnerability exists in the WyreStorm Apollo VX20 prior to version 1.3.58, which stems from plaintext credentials that allow a remote attacker to access the SoftAP router via a simple HTTP GET request...

9.1CVSS6.8AI score0.90358EPSS

Exploits4References4

Exploit DB•added 2024/02/26 12:0 a.m.•278 views

Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'Credentials Disclosure'

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WYRESTORMAPOLLOVX20INCORRECTACCESSCONTROLCREDENTIALSDISCLOSURECVE-2024-25735.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.wyrestorm.com Product APOLLO VX20...

9.1CVSS7AI score0.90358EPSS

Exploits4

CNNVD•added 2024/02/26 12:0 a.m.•1 views

WyreStorm Apollo VX20 Security Vulnerability

The Wyrestorm Apollo VX20 is an advanced conferencing video device from Wyrestorm. A security vulnerability exists in Wyrestorm Apollo VX20 versions prior to 1.3.58 that originated from a vulnerability that allows remote attackers to reboot the device via a /device/reboot HTTP GET request...

7.5CVSS6.8AI score0.09145EPSS

Exploits4References4

Exploit DB•added 2024/02/26 12:0 a.m.•298 views

Wyrestorm Apollo VX20 < 1.3.58 - Account Enumeration

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WYRESTORMAPOLLOVX20ACCOUNTENUMERATIONCVE-2024-25734.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.wyrestorm.com Product APOLLO VX20 1.3.58 Vulnerability Type...

7.5CVSS6.8AI score0.06299EPSS

Exploits4

Exploit DB•added 2024/02/26 12:0 a.m.•278 views

Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'DoS'

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WYRESTORMAPOLLOVX20INCORRECTACCESSCONTROLDOSCVE-2024-25736.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.wyrestorm.com Product APOLLO VX20 1.3.58 Vulnerability...

7.5CVSS7.6AI score0.09145EPSS

Exploits4

CNNVD•added 2024/02/26 12:0 a.m.•2 views

WyreStorm Apollo VX20 Security Vulnerability

Wyrestorm Apollo VX20 is an advanced conferencing video device from Wyrestorm. A security vulnerability exists in Wyrestorm Apollo VX20 prior to version 1.3.58, which stems from the TELNET service prompting for a password after a valid username is entered, allowing brute force attacks on valid...

7.5CVSS6.8AI score0.06299EPSS

Exploits4References4

Positive Technologies•added 2024/02/18 12:0 a.m.•2 views

PT-2024-4077 · Wyrestorm · Wyrestorm Apollo Vx20

Name of the Vulnerable Software and Affected Versions: WyreStorm Apollo VX20 versions prior to 1.3.58 Description: An issue allows remote attackers to discover cleartext passwords via a SoftAP "GET /device/config" request. This is due to a lack of encrypted confidential data. Recommendations: For...

9.1CVSS7AI score0.90358EPSS

Exploits4References8

0day.today•added 2024/02/12 12:0 a.m.•385 views

WyreStorm Apollo VX20 Incorrect Access Control Vulnerability

An issue was discovered on WyreStorm Apollo VX20 versions prior to 1.3.58. Remote attackers can restart the device via a /device/reboot HTTP GET request. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

7.5CVSS6.7AI score0.09145EPSS

Exploits4

Packet Storm•added 2024/02/12 12:0 a.m.•370 views

WyreStorm Apollo VX20 Account Enumeration

7.4AI score0.06299EPSS

Exploits4

Packet Storm•added 2024/02/12 12:0 a.m.•359 views

WyreStorm Apollo VX20 Credential Disclosure

7.4AI score0.90358EPSS

Exploits4

0day.today•added 2024/02/12 12:0 a.m.•355 views

WyreStorm Apollo VX20 Credential Disclosure Vulnerability

WyreStorm Apollo VX20 versions prior to 1.3.58 suffer from a cleartext credential disclosure vulnerability when accessing /device/config with an HTTP GET. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

9.1CVSS6.5AI score0.90358EPSS

Exploits4

0day.today•added 2024/02/12 12:0 a.m.•315 views

WyreStorm Apollo VX20 Account Enumeration Vulnerability

An issue was discovered on WyreStorm Apollo VX20 devices prior to version 1.3.58. The TELNET service prompts for a password only after a valid username is entered. Attackers who can reach the Apollo VX20 Telnet service can determine valid accounts allowing for account discovery. + Credits: John...

7.5CVSS7.3AI score0.06299EPSS

Exploits4

Packet Storm•added 2024/02/12 12:0 a.m.•322 views

WyreStorm Apollo VX20 Incorrect Access Control

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WYRESTORMAPOLLOVX20INCORRECTACCESSCONTROLDOSCVE-2024-25736.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.wyrestorm.com Product APOLLO VX20 1.3.58 Vulnerability...

7.4AI score0.09145EPSS

Exploits4

OSV•added 2024/01/30 8:57 p.m.•18 views

GHSA-RV8P-RR2H-FGPG @apollo/experimental-nextjs-app-support Cross-site Scripting vulnerability

Impact The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. This vulnerability arises from improper handling of untrusted input when @apollo/experimental-apollo-client-nextjs performs server-side rendering of HTML pages. To fix this...

8.2CVSS6.8AI score0.00496EPSS

Exploits0References4

Github Security Blog•added 2024/01/30 8:57 p.m.•17 views

@apollo/experimental-nextjs-app-support Cross-site Scripting vulnerability

8.2CVSS6.3AI score0.00496EPSS

Exploits0References4Affected Software1

Prion•added 2024/01/30 6:15 p.m.•22 views

Cross site scripting

apollo-client-nextjs is the Apollo Client support for the Next.js App Router. The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this vulnerability, an attacker would need to either inject malicious input e.g. by redirecting...

5.8CVSS6.3AI score0.00496EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by