92 matches found
Axis Communications AXIS OS Improper Validation of Syntactic Correctness of Input (CVE-2024-8160)
A researcher in the AXIS OS Bug Bounty Program has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection to transfer files to/from the Axis device. This flaw can only be exploited after authenticating with an...
Axis Communications AXIS OS Path Traversal (CVE-2024-0067)
A researcher in the AXIS OS Bug Bounty Program has found that the VAPIX API ledlimit.cgi was vulnerable for path traversal attacks allowing to list folder/file names on the local file system of the Axis device. Axis has released patched AXIS OS versions for this flaw. This plugin only works with...
Axis Communications AXIS OS Improper Validation of Specified Type of Input (CVE-2024-47262)
Dzmitry Lukyanenka, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API param.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the web interface of the Axis device. Axis has released patched AXIS OS versions for this flaw. Endpoints not...
CVE-2025-11142
The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account...
CVE-2025-11142
The CVE-2025-11142 vulnerability affects the VAPIX API mediaclip.cgi and arises from insufficient input validation, enabling potential remote code execution. Exploitation requires authentication with an operator- or administrator-privileged service account, and the impact is rated high (CVSSv3.1:...
CVE-2025-9524
The VAPIX API port.cgi did not have sufficient input validation, which may result in process crashes and impact usability. This vulnerability can only be exploited after authenticating with a viewer- operator- or administrator-privileged service account...
EUVD-2023-25584
Malicious code in bioql PyPI...
EUVD-2024-49553
Malicious code in bioql PyPI...
EUVD-2023-58083
Malicious code in bioql PyPI...
EUVD-2024-54215
Malicious code in bioql PyPI...
EUVD-2024-54216
Malicious code in bioql PyPI...
EUVD-2024-54217
Malicious code in bioql PyPI...
EUVD-2023-25583
Malicious code in bioql PyPI...
EUVD-2023-25586
Malicious code in bioql PyPI...
EUVD-2023-57968
Malicious code in bioql PyPI...
EUVD-2024-47593
Malicious code in bioql PyPI...
EUVD-2024-15868
Malicious code in bioql PyPI...
EUVD-2024-54390
Malicious code in bioql PyPI...
CVE-2025-0325
A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the guard tour configuration page in the web interface of the Axis device...
CVE-2025-0325
CVE-2025-0325 affects Axis devices with the Guard Tour VAPIX API. The vulnerability arises from a parameter that allows arbitrary values and can be invoked inappropriately, enabling an attacker to block access to the guard tour configuration page in the Axis device web interface. The primary impa...