Lucene search
+L

6 matches found

nessus
nessus
added 2026/06/30 12:0 a.m.7 views

Axis Communications AXIS OS Improper Restriction of Names for Files and Other Resources (CVE-2024-47260)

Lasse Trind, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API mediaclip.cgi did not have a sufficient input validation allowing for uploading more audio clips then designed resulting in the Axis device running out of memory. Axis has released patched AXIS OS versions for thi...

6.5CVSS5.9AI score0.00374EPSS
Exploits0References2
nessus
nessus
added 2026/06/30 12:0 a.m.6 views

Axis Communications AXIS OS Improper Neutralization of Wildcards or Matching Symbols (CVE-2024-0055)

A researcher in the AXIS OS Bug Bounty Program has found that the VAPIX APIs mediaclip.cgi and playclip.cgi were vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for this flaw. This plugin only works with Tenable.ot. Please...

6.5CVSS5.9AI score0.00596EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/02/10 5:32 a.m.3 views

CVE-2025-11142

The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account...

7.1CVSS6AI score0.00499EPSS
Exploits0References1
cvelist
cvelist
added 2026/02/10 5:32 a.m.26 views

CVE-2025-11142

The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account...

7.1CVSS0.00499EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/02/10 12:0 a.m.10 views

PT-2026-7228

Name of the Vulnerable Software and Affected Versions VAPIX API affected versions not specified Description The VAPIX API’s mediaclip.cgi component lacks proper input validation, potentially allowing for remote code execution. Exploitation requires authentication with an operator- or...

7.1CVSS5.9AI score0.00499EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2024/03/18 12:0 a.m.5 views

PT-2024-15328 · Axis Communications · Axis Os

Name of the Vulnerable Software and Affected Versions: AXIS OS versions prior to the patched version Description: The VAPIX APIs, specifically the "mediaclip.cgi" and "playclip.cgi" endpoints, were found to be vulnerable to file globbing, which could lead to a resource exhaustion attack. This iss...

6.5CVSS6.9AI score0.00596EPSS
Exploits0References6
Rows per page
Query Builder