CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1235 matches found

vulnersOsv•added 2024/03/06 6:24 p.m.•4 views

inigo-rs (>=0.1.5 <=0.27.8) potentially affected by CVE-2024-28101 via apollo-router (=1.2.1)

apollo-router CARGO version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on apollo-router and may be impacted: - inigo-rs =0.1.5, =0.27.8 Source cves: CVE-2024-28101 Source advisory: OSV:GHSA-CGQF-3CQ5-WVCJ...

7.5CVSS5.8AI score0.00293EPSS

Exploits0

Github Security Blog•added 2024/03/06 6:24 p.m.•48 views

Apollo Router's Compressed Payloads do not respect HTTP Payload Limits

Impact The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service DoS type vulnerability. When receiving compressed HTTP payloads, affected versions of the Route...

7.5CVSS5.5AI score0.00293EPSS

Exploits0References3Affected Software1

OSV•added 2024/03/06 6:24 p.m.•15 views

GHSA-CGQF-3CQ5-WVCJ Apollo Router's Compressed Payloads do not respect HTTP Payload Limits

7.5CVSS5.5AI score0.00293EPSS

Exploits0References3

Positive Technologies•added 2024/03/06 12:0 a.m.•4 views

PT-2024-22266

Name of the Vulnerable Software and Affected Versions Apollo Router versions 0.9.5 through 1.40.2 Description The Apollo Router is subject to a Denial-of-Service DoS type issue. When receiving compressed HTTP payloads, affected versions of the Router evaluate the limits.http max request bytes...

7.5CVSS6.6AI score0.00293EPSS

Exploits0References9

VulnCheck KEV•added 2024/03/03 12:0 a.m.•0 views

VulnCheck KEV: CVE-2024-25735

An access control credential disclosure is present in WyreStorm Apollo VX20...

9.1CVSS7.3AI score0.90358EPSS

Exploits4References1

Openbugbounty•added 2024/02/29 1:46 a.m.•16 views

sso.apollo.edu Cross Site Scripting vulnerability OBB-3861598

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score

Exploits0

CNNVD•added 2024/02/26 12:0 a.m.•4 views

WyreStorm Apollo VX20 Security Vulnerability

Wyrestorm Apollo VX20 is an advanced conferencing video appliance from Wyrestorm. A security vulnerability exists in the WyreStorm Apollo VX20 prior to version 1.3.58, which stems from plaintext credentials that allow a remote attacker to access the SoftAP router via a simple HTTP GET request...

9.1CVSS6.8AI score0.90358EPSS

Exploits4References4

Exploit DB•added 2024/02/26 12:0 a.m.•282 views

Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'Credentials Disclosure'

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WYRESTORMAPOLLOVX20INCORRECTACCESSCONTROLCREDENTIALSDISCLOSURECVE-2024-25735.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.wyrestorm.com Product APOLLO VX20...

9.1CVSS7AI score0.90358EPSS

Exploits4

CNNVD•added 2024/02/26 12:0 a.m.•2 views

WyreStorm Apollo VX20 Security Vulnerability

The Wyrestorm Apollo VX20 is an advanced conferencing video device from Wyrestorm. A security vulnerability exists in Wyrestorm Apollo VX20 versions prior to 1.3.58 that originated from a vulnerability that allows remote attackers to reboot the device via a /device/reboot HTTP GET request...

7.5CVSS6.8AI score0.09145EPSS

Exploits4References4

Exploit DB•added 2024/02/26 12:0 a.m.•279 views

Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'DoS'

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WYRESTORMAPOLLOVX20INCORRECTACCESSCONTROLDOSCVE-2024-25736.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.wyrestorm.com Product APOLLO VX20 1.3.58 Vulnerability...

7.5CVSS7.6AI score0.09145EPSS

Exploits4

Exploit DB•added 2024/02/26 12:0 a.m.•299 views

Wyrestorm Apollo VX20 < 1.3.58 - Account Enumeration

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WYRESTORMAPOLLOVX20ACCOUNTENUMERATIONCVE-2024-25734.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.wyrestorm.com Product APOLLO VX20 1.3.58 Vulnerability Type...

7.5CVSS6.8AI score0.06299EPSS

Exploits4

CNNVD•added 2024/02/26 12:0 a.m.•3 views

WyreStorm Apollo VX20 Security Vulnerability

Wyrestorm Apollo VX20 is an advanced conferencing video device from Wyrestorm. A security vulnerability exists in Wyrestorm Apollo VX20 prior to version 1.3.58, which stems from the TELNET service prompting for a password after a valid username is entered, allowing brute force attacks on valid...

7.5CVSS6.8AI score0.06299EPSS

Exploits4References4

Positive Technologies•added 2024/02/18 12:0 a.m.•3 views

PT-2024-4077 · Wyrestorm · Wyrestorm Apollo Vx20

Name of the Vulnerable Software and Affected Versions: WyreStorm Apollo VX20 versions prior to 1.3.58 Description: An issue allows remote attackers to discover cleartext passwords via a SoftAP "GET /device/config" request. This is due to a lack of encrypted confidential data. Recommendations: For...

9.1CVSS7AI score0.90358EPSS

Exploits4References8

Packet Storm•added 2024/02/12 12:0 a.m.•368 views

WyreStorm Apollo VX20 Credential Disclosure

7.4AI score0.90358EPSS

Exploits4

0day.today•added 2024/02/12 12:0 a.m.•398 views

WyreStorm Apollo VX20 Incorrect Access Control Vulnerability

An issue was discovered on WyreStorm Apollo VX20 versions prior to 1.3.58. Remote attackers can restart the device via a /device/reboot HTTP GET request. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

7.5CVSS6.7AI score0.09145EPSS

Exploits4

Packet Storm•added 2024/02/12 12:0 a.m.•373 views

WyreStorm Apollo VX20 Account Enumeration

7.4AI score0.06299EPSS

Exploits4

0day.today•added 2024/02/12 12:0 a.m.•372 views

WyreStorm Apollo VX20 Credential Disclosure Vulnerability

WyreStorm Apollo VX20 versions prior to 1.3.58 suffer from a cleartext credential disclosure vulnerability when accessing /device/config with an HTTP GET. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

9.1CVSS6.5AI score0.90358EPSS

Exploits4

Packet Storm•added 2024/02/12 12:0 a.m.•327 views

WyreStorm Apollo VX20 Incorrect Access Control

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WYRESTORMAPOLLOVX20INCORRECTACCESSCONTROLDOSCVE-2024-25736.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.wyrestorm.com Product APOLLO VX20 1.3.58 Vulnerability...

7.4AI score0.09145EPSS

Exploits4

0day.today•added 2024/02/12 12:0 a.m.•318 views

WyreStorm Apollo VX20 Account Enumeration Vulnerability

An issue was discovered on WyreStorm Apollo VX20 devices prior to version 1.3.58. The TELNET service prompts for a password only after a valid username is entered. Attackers who can reach the Apollo VX20 Telnet service can determine valid accounts allowing for account discovery. + Credits: John...

7.5CVSS7.3AI score0.06299EPSS

Exploits4

OSV•added 2024/01/30 8:57 p.m.•25 views

GHSA-RV8P-RR2H-FGPG @apollo/experimental-nextjs-app-support Cross-site Scripting vulnerability

Impact The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. This vulnerability arises from improper handling of untrusted input when @apollo/experimental-apollo-client-nextjs performs server-side rendering of HTML pages. To fix this...

8.2CVSS6.8AI score0.00496EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by