Gmod
Products
2- 5 CVEs
- 1 CVE
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-24924 | Cri | 0.64 | 9.8 | 0.01 | Mar 5, 2025 | Certain functionality within GMOD Apollo does not require authentication when passed with an administrative username | ||
| CVE-2025-23410 | Cri | 0.64 | 9.8 | 0.01 | Mar 5, 2025 | When uploading organism or sequence data via the web interface, GMOD Apollo will unzip and inspect the files and will not check for path traversal in supported archive types. | ||
| CVE-2025-48168 | Hig | 0.46 | 7.1 | 0.00 | Aug 20, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Apollo - Sticky Full Width HTML5 Audio Player lbg-audio5-html5-shoutcast-sticky allows Reflected XSS.This issue affects Apollo - Sticky Full Width HTML5 Audio… | ||
| CVE-2025-21092 | Med | 0.42 | 6.5 | 0.00 | Mar 5, 2025 | GMOD Apollo does not have sufficient logical or access checks when updating a user's information. This could result in an attacker being able to escalate privileges for themselves or others. | ||
| CVE-2025-20002 | Med | 0.34 | 5.3 | 0.00 | Mar 5, 2025 | After attempting to upload a file that does not meet prerequisites, GMOD Apollo will respond with local path information disclosure | ||
| CVE-2008-3781 | 0.00 | — | 0.01 | Aug 26, 2008 | Cross-site scripting (XSS) vulnerability in GMOD GBrowse before 1.69 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
- risk 0.64cvss 9.8epss 0.01
Certain functionality within GMOD Apollo does not require authentication when passed with an administrative username
- risk 0.64cvss 9.8epss 0.01
When uploading organism or sequence data via the web interface, GMOD Apollo will unzip and inspect the files and will not check for path traversal in supported archive types.
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Apollo - Sticky Full Width HTML5 Audio Player lbg-audio5-html5-shoutcast-sticky allows Reflected XSS.This issue affects Apollo - Sticky Full Width HTML5 Audio…
- risk 0.42cvss 6.5epss 0.00
GMOD Apollo does not have sufficient logical or access checks when updating a user's information. This could result in an attacker being able to escalate privileges for themselves or others.
- risk 0.34cvss 5.3epss 0.00
After attempting to upload a file that does not meet prerequisites, GMOD Apollo will respond with local path information disclosure
- CVE-2008-3781Aug 26, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in GMOD GBrowse before 1.69 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.