AXIS OS 安全漏洞

AXIS OS is an operating system for edge devices developed by Axis, a Swedish company. There is a security vulnerability in AXIS OS, which stems from insufficient input validation in configuration files. This vulnerability could lead to path traversal attacks and may result in privilege escalation...

PT-2025-46307

Name of the Vulnerable Software and Affected Versions Axis Communications ACAP applications affected versions not specified Description ACAP applications may be able to gain elevated privileges due to improper input validation, which could lead to privilege escalation. This is only possible if th...

A Cascade of Insecure Architectures: Axis Plugin Design Flaw Expose Select Autodesk Revit Users to Supply Chain Risk

We discovered Azure Storage Account credentials exposed in Axis Communications’ Autodesk Revit plugin, allowing unauthorized modification of cloud-hosted files. This exposure, combined with vulnerabilities in Autodesk Revit, could enable supply-chain attacks targeting end users...

EUVD-2015-8143

Malware in sbrugna...

EUVD-2023-25582

Malicious code in bioql PyPI...

AXIS OS 安全漏洞

AXIS OS is an edge device operating system from Axis Sweden. AXIS OS has a security vulnerability that stems from an ACAP application elevation of privilege that could lead to elevation of privilege...

6,500 Servers Expose Axis Remoting Protocol; 4,000 in U.S. Vulnerable to Exploits

Cybersecurity researchers have disclosed multiple security flaws in video surveillance products from Axis Communications that, if successfully exploited, could expose them to takeover attacks. "The attack results in pre-authentication remote code execution on Axis Device Manager, a server used to...

PT-2025-23478 · Axis Communications · Vapix Device Configuration Framework

Name of the Vulnerable Software and Affected Versions: Axis Communication VAPIX Device Configuration framework affected versions not specified Description: A flaw in the VAPIX Device Configuration framework was discovered, allowing a lower-privileged user to gain administrator privileges through...

PT-2025-23476 · Axis Communications · Axis Os

Name of the Vulnerable Software and Affected Versions: AXIS OS affected versions not specified Description: The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges. Recommendations: At the moment, there is no...

CVE-2025-0361

During an annual penetration test conducted on behalf of Axis Communications, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed for unauthenticated username enumeration through the VAPIX Device Configuration SSH Management API...

CVE-2025-0361

During an annual penetration test conducted on behalf of Axis Communications, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed for unauthenticated username enumeration through the VAPIX Device Configuration SSH Management API...

CVE-2025-0361

During an annual penetration test conducted on behalf of Axis Communications, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed for unauthenticated username enumeration through the VAPIX Device Configuration SSH Management API...

CVE-2025-0361

During an annual penetration test conducted on behalf of Axis Communications, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed for unauthenticated username enumeration through the VAPIX Device Configuration SSH Management API...

PT-2025-15356 · Axis Communications · Vapix Device Configuration Framework

Name of the Vulnerable Software and Affected Versions: Axis Communications VAPIX Device Configuration framework affected versions not specified Description: The issue concerns a flaw in the VAPIX Device Configuration framework, allowing unauthenticated username enumeration. This is achieved throu...

CVE-2025-0360

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that could lead to an incorrect user privilege level in the VAPIX service account D-Bus API...

Axis Communications Autodesk Plugin AzureBlobRestAPI axiscontentfiles Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Axis Communications Autodesk Plugin. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of a cloud resource. The issue results from allowi...

Axis Communications Autodesk Plugin AxisAddin axisapphelpfiles Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Axis Communications Autodesk Plugin. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of a cloud resource. The issue results from allowi...

Axis Communications Autodesk Plugin Exposure of Sensitive Information Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected services of Axis Communications Autodesk Plugin. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AzureBlobRestAPI.dll module. The issue results from exposed credential...

PT-2024-14825 · Axis Communications · Axis Os

Name of the Vulnerable Software and Affected Versions: AXIS OS versions affected versions not specified Description: The VAPIX API tcptest.cgi did not have sufficient input validation, allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an...

CVE-2023-21414

NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering commonly known as Secure Boot contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AX...