EUVD-2025-7359

Malicious code in bioql PyPI...

EUVD-2025-16620

Malicious code in bioql PyPI...

EUVD-2025-7358

Malicious code in bioql PyPI...

CVE-2025-0358

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges...

CVE-2025-0358

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges...

CVE-2025-0358

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges...

CVE-2025-0358

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges...

CVE-2025-0358

CVE-2025-0358 concerns Axis Communications’ VAPIX Device Configuration framework. Multiple connected sources indicate a privilege-escalation flaw where a lower-privileged user can gain administrator privileges. CNNVD specifies Axis OS versions 12.0–12.3 with the issue arising from improper privil...

CVE-2025-0360

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that could lead to an incorrect user privilege level in the VAPIX service account D-Bus API...

CVE-2025-0360

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that could lead to an incorrect user privilege level in the VAPIX service account D-Bus API...

CVE-2025-0360

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that could lead to an incorrect user privilege level in the VAPIX service account D-Bus API...

CVE-2025-0360

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that could lead to an incorrect user privilege level in the VAPIX service account D-Bus API...

CVE-2025-0360

CVE-2025-0360 affects Axis VAPIX Device Configuration framework; flaw could yield an incorrect privilege level for the VAPIX service account D-Bus API. Reported during a penetration test, the CVSSv3.1 vector indicates Local attacker, Low privileges required, No user interaction, with Confidential...

CVE-2025-0359

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ACAP Application framework that allowed applications to access restricted D-Bus methods within the framework. Axis has released patched AXIS OS versions for the highlighted flaw. Please...

CVE-2025-0359

CVE-2025-0359 concerns Axis OS/ACAP: a flaw in the ACAP Application framework allowed applications to access restricted D-Bus methods. The issue stems from insufficient access control in the framework, exposing sensitive IPC interfaces. Axis has released patched AXIS OS versions; refer to Axis se...

Axis Communications Network Cameras and Video Servers Arbitrary OS Commands Execution (CVE-2004-2425)

Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent and possibly other shell metacharacters in the query string to virtualinput.cgi. This plugin only works with Tenable.ot. Please visit...

Axis Communications Network Cameras and Video Servers Authentication Bypass (CVE-2004-2426)

Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. dot dot in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying...

Axis Communications Multiple Products Remote Code Execution (CVE-2023-5677)

Brandon Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impac...

Axis Communications Multiple IP Cameras Exposure of Sensitive Information (CVE-2018-10663)

An issue was discovered in multiple models of Axis IP Cameras. There is an Incorrect Size Calculation. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

Axis Communications Multiple IP Cameras Buffer Overflow (CVE-2018-10664)

An issue was discovered in the httpd process in multiple models of Axis IP Cameras. There is Memory Corruption. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...