Apollo
by Gmod
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-24924 | Cri | 0.64 | 9.8 | 0.01 | Mar 5, 2025 | Certain functionality within GMOD Apollo does not require authentication when passed with an administrative username | ||
| CVE-2025-23410 | Cri | 0.64 | 9.8 | 0.01 | Mar 5, 2025 | When uploading organism or sequence data via the web interface, GMOD Apollo will unzip and inspect the files and will not check for path traversal in supported archive types. | ||
| CVE-2025-48168 | Hig | 0.46 | 7.1 | 0.00 | Aug 20, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Apollo - Sticky Full Width HTML5 Audio Player lbg-audio5-html5-shoutcast-sticky allows Reflected XSS.This issue affects Apollo - Sticky Full Width HTML5 Audio… | ||
| CVE-2025-21092 | Med | 0.42 | 6.5 | 0.00 | Mar 5, 2025 | GMOD Apollo does not have sufficient logical or access checks when updating a user's information. This could result in an attacker being able to escalate privileges for themselves or others. | ||
| CVE-2025-20002 | Med | 0.34 | 5.3 | 0.00 | Mar 5, 2025 | After attempting to upload a file that does not meet prerequisites, GMOD Apollo will respond with local path information disclosure |
- risk 0.64cvss 9.8epss 0.01
Certain functionality within GMOD Apollo does not require authentication when passed with an administrative username
- risk 0.64cvss 9.8epss 0.01
When uploading organism or sequence data via the web interface, GMOD Apollo will unzip and inspect the files and will not check for path traversal in supported archive types.
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Apollo - Sticky Full Width HTML5 Audio Player lbg-audio5-html5-shoutcast-sticky allows Reflected XSS.This issue affects Apollo - Sticky Full Width HTML5 Audio…
- risk 0.42cvss 6.5epss 0.00
GMOD Apollo does not have sufficient logical or access checks when updating a user's information. This could result in an attacker being able to escalate privileges for themselves or others.
- risk 0.34cvss 5.3epss 0.00
After attempting to upload a file that does not meet prerequisites, GMOD Apollo will respond with local path information disclosure