Lucene search
K

1725 matches found

EUVD
EUVD
added 2025/11/11 9:30 a.m.5 views

EUVD-2025-74046

An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a...

6.7CVSS7.2AI score0.00145EPSS
Exploits0References2
NVD
NVD
added 2025/11/11 8:15 a.m.5 views

CVE-2025-10714

AXIS Optimizer was vulnerable to an unquoted search path vulnerability, which could potentially lead to privilege escalation within Microsoft Windows operating system. This vulnerability can only be exploited if the attacker has access to the local Windows machine and sufficient access rights...

8.4CVSS0.00117EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/11 7:16 a.m.2 views

CVE-2025-10714

AXIS Optimizer was vulnerable to an unquoted search path vulnerability, which could potentially lead to privilege escalation within Microsoft Windows operating system. This vulnerability can only be exploited if the attacker has access to the local Windows machine and sufficient access rights...

8.4CVSS6.5AI score0.00117EPSS
Exploits0References1
CVE
CVE
added 2025/11/11 7:16 a.m.11 views

CVE-2025-10714

AXIS Optimizer is affected by an unquoted search path vulnerability that could enable privilege escalation on Windows. Exploitation requires local access and administrator rights to write in the AXIS Optimizer installation directory. CVSSv3.1 base metrics indicate a HIGH severity (8.4) with LOCAL...

8.4CVSS8.3AI score0.00117EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/11 7:16 a.m.8 views

CVE-2025-10714

AXIS Optimizer was vulnerable to an unquoted search path vulnerability, which could potentially lead to privilege escalation within Microsoft Windows operating system. This vulnerability can only be exploited if the attacker has access to the local Windows machine and sufficient access rights...

8.4CVSS0.00117EPSS
Exploits0References1
NVD
NVD
added 2025/11/11 7:15 a.m.6 views

CVE-2025-8108

An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the...

6.7CVSS0.00126EPSS
Exploits0References1
NVD
NVD
added 2025/11/11 7:15 a.m.5 views

CVE-2025-5718

The ACAP Application framework could allow privilege escalation through a symlink attack. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP...

6.8CVSS0.00347EPSS
Exploits0References1
NVD
NVD
added 2025/11/11 7:15 a.m.9 views

CVE-2025-6298

ACAP applications can gain elevated privileges due to improper input validation, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim ...

6.7CVSS0.00133EPSS
Exploits0References1
OSV
OSV
added 2025/11/11 7:15 a.m.4 views

CVE-2025-6298

ACAP applications can gain elevated privileges due to improper input validation, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim ...

6.7CVSS5.8AI score0.00133EPSS
Exploits0References1
OSV
OSV
added 2025/11/11 7:15 a.m.4 views

CVE-2025-6779

An ACAP configuration file has improper permissions, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces th...

6.7CVSS5.8AI score0.01088EPSS
Exploits0References1
NVD
NVD
added 2025/11/11 7:15 a.m.8 views

CVE-2025-6779

An ACAP configuration file has improper permissions, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces th...

6.7CVSS0.01088EPSS
Exploits0References1
NVD
NVD
added 2025/11/11 7:15 a.m.6 views

CVE-2025-5454

An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker...

6.7CVSS0.00149EPSS
Exploits0References1
NVD
NVD
added 2025/11/11 7:15 a.m.3 views

CVE-2025-5452

A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential privilege escalation of the malicious ACAP application. This vulnerability can only be exploited if the Axis device is configured to allow the...

6.6CVSS0.00286EPSS
Exploits0References1
OSV
OSV
added 2025/11/11 7:15 a.m.4 views

CVE-2025-5454

An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker...

6.7CVSS5.8AI score0.00149EPSS
Exploits0References1
OSV
OSV
added 2025/11/11 7:15 a.m.5 views

CVE-2025-5452

A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential privilege escalation of the malicious ACAP application. This vulnerability can only be exploited if the Axis device is configured to allow the...

6.6CVSS5.8AI score0.00286EPSS
Exploits0References1
OSV
OSV
added 2025/11/11 7:15 a.m.5 views

CVE-2025-4645

An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a...

6.7CVSS6AI score0.00145EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/11 7:10 a.m.3 views

CVE-2025-8108

An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the...

6.7CVSS6.5AI score0.00126EPSS
Exploits0References1
CVE
CVE
added 2025/11/11 7:10 a.m.13 views

CVE-2025-8108

CVE-2025-8108 involves Axis ACAP on Axis OS devices. The root cause is an ACAP configuration file with improper permissions and missing input validation, which could enable privilege escalation when the device is configured to allow unsigned ACAP applications and a user is convinced to install a ...

6.7CVSS6.5AI score0.00126EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/11/11 7:10 a.m.9 views

CVE-2025-8108

An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the...

6.7CVSS0.00126EPSS
Exploits0References1
CVE
CVE
added 2025/11/11 7:5 a.m.17 views

CVE-2025-6779

CVE-2025-6779 affects Axis devices running Axis OS where an ACAP configuration file has improper permissions. The underlying issue could permit command injection and privilege escalation, but exploitation is contingent on the device being configured to allow unsigned ACAP applications and an atta...

6.7CVSS7.1AI score0.01088EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder