164 matches found
EUVD-2024-54216
Malicious code in bioql PyPI...
EUVD-2025-16622
Malicious code in bioql PyPI...
CVE-2025-0324
The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges...
CVE-2025-0358
During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges...
CVE-2025-0358
During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges...
CVE-2025-0324
The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges...
CVE-2025-0324
The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges...
CVE-2025-0358
During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges...
CVE-2025-0358
During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges...
CVE-2025-0358
During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges...
CVE-2025-0358
CVE-2025-0358 concerns Axis Communications’ VAPIX Device Configuration framework. Multiple connected sources indicate a privilege-escalation flaw where a lower-privileged user can gain administrator privileges. CNNVD specifies Axis OS versions 12.0–12.3 with the issue arising from improper privil...
CVE-2025-0325
A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the guard tour configuration page in the web interface of the Axis device...
CVE-2025-0325
CVE-2025-0325 affects Axis devices with the Guard Tour VAPIX API. The vulnerability arises from a parameter that allows arbitrary values and can be invoked inappropriately, enabling an attacker to block access to the guard tour configuration page in the Axis device web interface. The primary impa...
CVE-2025-0324
The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges...
CVE-2025-0324
The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges...
CVE-2025-0324
AXIS OS (Axis Communications) vulnerability CVE-2025-0324 affects AXIS OS versions 11.8 through 12.2, via the VAPIX Device Configuration framework, causing privilege escalation from a lower-privileged user to administrator. Root cause described as an elevation of privilege issue. Public details a...
PT-2025-23478 · Axis Communications · Vapix Device Configuration Framework
Name of the Vulnerable Software and Affected Versions: Axis Communication VAPIX Device Configuration framework affected versions not specified Description: A flaw in the VAPIX Device Configuration framework was discovered, allowing a lower-privileged user to gain administrator privileges through...
CVE-2024-0055
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip.cgi and playclip.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis...
CVE-2024-0067
Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API ledlimit.cgi was vulnerable for path traversal attacks allowing to list folder/file names on the local file system of the Axis device. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer...
CVE-2024-8772
51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API managedoverlayimages.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited...