Lucene search
+L

164 matches found

nessus
nessus
added 2026/06/30 12:0 a.m.7 views

Axis Communications AXIS OS Improper Restriction of Names for Files and Other Resources (CVE-2024-47260)

Lasse Trind, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API mediaclip.cgi did not have a sufficient input validation allowing for uploading more audio clips then designed resulting in the Axis device running out of memory. Axis has released patched AXIS OS versions for thi...

6.5CVSS5.9AI score0.00374EPSS
Exploits0References2
nessus
nessus
added 2026/06/30 12:0 a.m.10 views

Axis Communications AXIS OS Improper Neutralization of Wildcards or Matching Symbols (CVE-2024-6509)

A researcher in the AXIS OS Bug Bounty Program has found that the VAPIX API alwaysmulti.cgi was vulnerable for file globbing which could lead to resource exhaustion of the Axis device. Axis has released patched AXIS OS versions for this flaw. This plugin only works with Tenable.ot. Please visit...

6.5CVSS5.9AI score0.00391EPSS
Exploits0References2
nessus
nessus
added 2026/06/30 12:0 a.m.8 views

Axis Communications AXIS OS Improper Validation of Specified Type of Input (CVE-2024-47262)

Dzmitry Lukyanenka, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API param.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the web interface of the Axis device. Axis has released patched AXIS OS versions for this flaw. Endpoints not...

5.3CVSS6AI score0.00334EPSS
Exploits0References2
nessus
nessus
added 2026/06/30 12:0 a.m.6 views

Axis Communications AXIS OS Path Traversal (CVE-2024-0067)

A researcher in the AXIS OS Bug Bounty Program has found that the VAPIX API ledlimit.cgi was vulnerable for path traversal attacks allowing to list folder/file names on the local file system of the Axis device. Axis has released patched AXIS OS versions for this flaw. This plugin only works with...

4.3CVSS5.9AI score0.0038EPSS
Exploits0References2
nessus
nessus
added 2026/06/30 12:0 a.m.9 views

Axis Communications AXIS OS Improper Validation of Syntactic Correctness of Input (CVE-2024-8160)

A researcher in the AXIS OS Bug Bounty Program has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection to transfer files to/from the Axis device. This flaw can only be exploited after authenticating with an...

3.8CVSS5.9AI score0.00614EPSS
Exploits0References2
nvd
nvd
added 2026/02/10 6:15 a.m.6 views

CVE-2025-11142

The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account...

8.8CVSS0.00499EPSS
Exploits0References1
cve
cve
added 2026/02/10 5:32 a.m.14 views

CVE-2025-11142

The CVE-2025-11142 vulnerability affects the VAPIX API mediaclip.cgi and arises from insufficient input validation, enabling potential remote code execution. Exploitation requires authentication with an operator- or administrator-privileged service account, and the impact is rated high (CVSSv3.1:...

8.8CVSS6AI score0.00499EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2026/02/10 5:32 a.m.3 views

CVE-2025-11142

The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account...

7.1CVSS6AI score0.00499EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/02/10 12:0 a.m.10 views

PT-2026-7228

Name of the Vulnerable Software and Affected Versions VAPIX API affected versions not specified Description The VAPIX API’s mediaclip.cgi component lacks proper input validation, potentially allowing for remote code execution. Exploitation requires authentication with an operator- or...

7.1CVSS5.9AI score0.00499EPSS
Exploits0References6
redhatcve
redhatcve
added 2025/11/12 7:47 a.m.4 views

CVE-2025-9524

The VAPIX API port.cgi did not have sufficient input validation, which may result in process crashes and impact usability. This vulnerability can only be exploited after authenticating with a viewer- operator- or administrator-privileged service account...

4.3CVSS6.9AI score0.00246EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/11/12 7:47 a.m.4 views

CVE-2025-9055

The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges. This flaw can only be exploited after authenticating with an administrator-privileged service account...

6.4CVSS7AI score0.00113EPSS
Exploits0References1
euvd
euvd
added 2025/11/11 9:30 a.m.6 views

EUVD-2025-74035

The VAPIX API port.cgi did not have sufficient input validation, which may result in process crashes and impact usability. This vulnerability can only be exploited after authenticating with a viewer- operator- or administrator-privileged service account...

4.3CVSS6.4AI score0.00246EPSS
Exploits0References2
euvd
euvd
added 2025/11/11 9:30 a.m.5 views

EUVD-2025-74036

The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges. This flaw can only be exploited after authenticating with an administrator-privileged service account...

6.4CVSS6.5AI score0.00113EPSS
Exploits0References2
nvd
nvd
added 2025/11/11 8:15 a.m.6 views

CVE-2025-9524

The VAPIX API port.cgi did not have sufficient input validation, which may result in process crashes and impact usability. This vulnerability can only be exploited after authenticating with a viewer- operator- or administrator-privileged service account...

4.3CVSS0.00246EPSS
Exploits0References1
nvd
nvd
added 2025/11/11 8:15 a.m.4 views

CVE-2025-9055

The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges. This flaw can only be exploited after authenticating with an administrator-privileged service account...

6.4CVSS0.00113EPSS
Exploits0References1
cvelist
cvelist
added 2025/11/11 7:31 a.m.11 views

CVE-2025-9055

The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges. This flaw can only be exploited after authenticating with an administrator-privileged service account...

6.4CVSS0.00113EPSS
Exploits0References1
cve
cve
added 2025/11/11 7:31 a.m.14 views

CVE-2025-9055

CVE-2025-9055 relates to Axis VAPIX Edge storage API. A privilege-escalation flaw allows an administrator-privileged VAPIX user to gain Linux root privileges after authenticating with an administrator-privileged service account. Exploitation is local and requires high privileges, with the root ou...

6.4CVSS6.7AI score0.00113EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/11/11 7:31 a.m.4 views

CVE-2025-9055

The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges. This flaw can only be exploited after authenticating with an administrator-privileged service account...

6.4CVSS5.4AI score0.00113EPSS
Exploits0References1
cvelist
cvelist
added 2025/11/11 7:25 a.m.11 views

CVE-2025-9524

The VAPIX API port.cgi did not have sufficient input validation, which may result in process crashes and impact usability. This vulnerability can only be exploited after authenticating with a viewer- operator- or administrator-privileged service account...

4.3CVSS0.00246EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/11/11 7:25 a.m.5 views

CVE-2025-9524

The VAPIX API port.cgi did not have sufficient input validation, which may result in process crashes and impact usability. This vulnerability can only be exploited after authenticating with a viewer- operator- or administrator-privileged service account...

4.3CVSS6.5AI score0.00246EPSS
Exploits0References1
Rows per page
Query Builder