Lucene search
K

164 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-54216

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00374EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-16622

Malicious code in bioql PyPI...

9.4CVSS6.6AI score0.00338EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/06/04 8:11 a.m.9 views

CVE-2025-0324

The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges...

9.4CVSS7AI score0.00338EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/04 8:11 a.m.9 views

CVE-2025-0358

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges...

8.8CVSS6.9AI score0.00219EPSS
Exploits0References1
NVD
NVD
added 2025/06/02 8:15 a.m.15 views

CVE-2025-0358

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges...

8.8CVSS0.00219EPSS
Exploits0References1
NVD
NVD
added 2025/06/02 8:15 a.m.11 views

CVE-2025-0324

The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges...

9.4CVSS0.00338EPSS
Exploits0References1
OSV
OSV
added 2025/06/02 8:15 a.m.4 views

CVE-2025-0324

The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges...

8.8CVSS5.8AI score0.00338EPSS
Exploits0References1
OSV
OSV
added 2025/06/02 8:15 a.m.4 views

CVE-2025-0358

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges...

8.8CVSS5.8AI score0.00219EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/02 7:39 a.m.7 views

CVE-2025-0358

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges...

8.8CVSS6.9AI score0.00219EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/02 7:39 a.m.16 views

CVE-2025-0358

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges...

8.8CVSS0.00219EPSS
Exploits0References1
CVE
CVE
added 2025/06/02 7:39 a.m.49 views

CVE-2025-0358

CVE-2025-0358 concerns Axis Communications’ VAPIX Device Configuration framework. Multiple connected sources indicate a privilege-escalation flaw where a lower-privileged user can gain administrator privileges. CNNVD specifies Axis OS versions 12.0–12.3 with the issue arising from improper privil...

8.8CVSS8.8AI score0.00219EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/02 7:36 a.m.9 views

CVE-2025-0325

A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the guard tour configuration page in the web interface of the Axis device...

4.3CVSS7AI score0.00322EPSS
Exploits0References1
CVE
CVE
added 2025/06/02 7:36 a.m.48 views

CVE-2025-0325

CVE-2025-0325 affects Axis devices with the Guard Tour VAPIX API. The vulnerability arises from a parameter that allows arbitrary values and can be invoked inappropriately, enabling an attacker to block access to the guard tour configuration page in the Axis device web interface. The primary impa...

4.3CVSS4.7AI score0.00322EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/02 7:32 a.m.17 views

CVE-2025-0324

The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges...

9.4CVSS0.00338EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/02 7:32 a.m.6 views

CVE-2025-0324

The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges...

9.4CVSS6.8AI score0.00338EPSS
Exploits0References1
CVE
CVE
added 2025/06/02 7:32 a.m.64 views

CVE-2025-0324

AXIS OS (Axis Communications) vulnerability CVE-2025-0324 affects AXIS OS versions 11.8 through 12.2, via the VAPIX Device Configuration framework, causing privilege escalation from a lower-privileged user to administrator. Root cause described as an elevation of privilege issue. Public details a...

9.4CVSS9.2AI score0.00338EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2025/06/02 12:0 a.m.5 views

PT-2025-23478 · Axis Communications · Vapix Device Configuration Framework

Name of the Vulnerable Software and Affected Versions: Axis Communication VAPIX Device Configuration framework affected versions not specified Description: A flaw in the VAPIX Device Configuration framework was discovered, allowing a lower-privileged user to gain administrator privileges through...

8.8CVSS6.3AI score0.00219EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/05/23 8:35 a.m.9 views

CVE-2024-0055

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip.cgi and playclip.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis...

6.5CVSS6.8AI score0.00596EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:26 a.m.7 views

CVE-2024-0067

Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API ledlimit.cgi was vulnerable for path traversal attacks allowing to list folder/file names on the local file system of the Axis device. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer...

4.3CVSS4.6AI score0.0038EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:17 a.m.6 views

CVE-2024-8772

51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API managedoverlayimages.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited...

4.3CVSS6.7AI score0.00418EPSS
Exploits0References1
Rows per page
Query Builder