CVE-2025-9055

CVE-2025-9055 relates to Axis VAPIX Edge storage API. A privilege-escalation flaw allows an administrator-privileged VAPIX user to gain Linux root privileges after authenticating with an administrator-privileged service account. Exploitation is local and requires high privileges, with the root ou...

CVE-2025-8998

CVE-2025-8998 affects Axis OS (edge devices) and is triggered by uploading files with a specific name into a temporary directory. The underlying effect is process crashes, reducing availability, and exploitation requires authentication with an operator- or administrator-privileged service account...

AMD CPU Microcode Signature Verification Vulnerability

AMD ID: AMD-SB-7033 Potential Impact: Loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment Severity: Medium Summary Researchers from Google®have provided AMD with a report titled “AM...

CVE-2023-5677

Brandon Rothel from QED Secure Solutions and Sam Hanson of Dragos have found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged...

Design/Logic Flaw

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited...

Path traversal

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact...

CVE-2023-21418

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact...

CVE-2023-21417

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service...

NVIDIA Linux GPU Display Driver (May 2022)

The NVIDIA GPU display driver software on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities: - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an...

CVE-2022-23720

PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties file. An IT administrator could mistakenly deploy administrator privileged PingID API credentials, such as those typically used by PingFederate, into PingID...

CVE-2022-28184

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape, where an unprivileged regular user can access administrator- privileged registers, which may lead to denial of service, information disclosure, and data...

CVE-2022-28184

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape, where an unprivileged regular user can access administrator- privileged registers, which may lead to denial of service, information disclosure, and data...

CVE-2022-28184

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape, where an unprivileged regular user can access administrator- privileged registers, which may lead to denial of service, information disclosure, and data...

CVE-2021-25877

AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. An administrator privileged user is able to write files on filesystem using flag and code variables in file save.php...

CVE-2021-25877

AVideo/YouPHPTube 10.0 and earlier is affected by an insecure file write vulnerability. An administrator-privileged user can write arbitrary files on the filesystem via the save.php file using lag and code variables. Documented impact is ability to write files on the server filesystem, enabli...

CVE-2021-25877

AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. An administrator privileged user is able to write files on filesystem using flag and code variables in file save.php...