CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20002 – GMOD Apollo Generation of Error Message Containing Sensitive Information
https://notcve.org/view.php?id=CVE-2025-20002
05 Mar 2025 — After attempting to upload a file that does not meet prerequisites, GMOD Apollo will respond with local path information disclosure • https://github.com/GMOD/Apollo • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24924 – GMOD Apollo Missing Authentication for Critical Function
https://notcve.org/view.php?id=CVE-2025-24924
05 Mar 2025 — Certain functionality within GMOD Apollo does not require authentication when passed with an administrative username • https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23410 – GMOD Apollo Relative Path Traversal
https://notcve.org/view.php?id=CVE-2025-23410
04 Mar 2025 — When uploading organism or sequence data via the web interface, GMOD Apollo will unzip and inspect the files and will not check for path traversal in supported archive types. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07 • CWE-23: Relative Path Traversal •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21092 – GMOD Apollo Incorrect Privilege Assignment
https://notcve.org/view.php?id=CVE-2025-21092
04 Mar 2025 — GMOD Apollo does not have sufficient logical or access checks when updating a user's information. This could result in an attacker being able to escalate privileges for themselves or others. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07 • CWE-266: Incorrect Privilege Assignment •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32637
https://notcve.org/view.php?id=CVE-2023-32637
25 Jul 2023 — GBrowse accepts files with any formats uploaded and places them in the area accessible through unauthenticated web requests. Therefore, anyone who can upload files through the product may execute arbitrary code on the server. • http://gmod.org/wiki/GBrowse • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 0CVE-2008-3781
https://notcve.org/view.php?id=CVE-2008-3781
26 Aug 2008 — Cross-site scripting (XSS) vulnerability in GMOD GBrowse before 1.69 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en GMOD GBrowse anterior a 1.69, permite a atacantes remotos inyectar secuencias de comandos Web o HTML de su elección a través de vectores no especificados. • http://gmod.org/wiki/GMOD_News#GBrowse_1.69_Released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •