CVE-2025-11142

The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account...

CVE-2025-11142

The CVE-2025-11142 vulnerability affects the VAPIX API mediaclip.cgi and arises from insufficient input validation, enabling potential remote code execution. Exploitation requires authentication with an operator- or administrator-privileged service account, and the impact is rated high (CVSSv3.1:...

CVE-2025-9524

The VAPIX API port.cgi did not have sufficient input validation, which may result in process crashes and impact usability. This vulnerability can only be exploited after authenticating with a viewer- operator- or administrator-privileged service account...

EUVD-2023-25584

Malicious code in bioql PyPI...

EUVD-2023-25583

Malicious code in bioql PyPI...

EUVD-2024-54216

Malicious code in bioql PyPI...

EUVD-2024-47593

Malicious code in bioql PyPI...

EUVD-2023-58083

Malicious code in bioql PyPI...

EUVD-2023-25586

Malicious code in bioql PyPI...

EUVD-2024-15868

Malicious code in bioql PyPI...

EUVD-2023-57968

Malicious code in bioql PyPI...

EUVD-2024-54390

Malicious code in bioql PyPI...

EUVD-2024-54215

Malicious code in bioql PyPI...

EUVD-2024-49553

Malicious code in bioql PyPI...

EUVD-2024-54217

Malicious code in bioql PyPI...

CVE-2025-0325

A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the guard tour configuration page in the web interface of the Axis device...

CVE-2025-0325

CVE-2025-0325 affects Axis devices with the Guard Tour VAPIX API. The vulnerability arises from a parameter that allows arbitrary values and can be invoked inappropriately, enabling an attacker to block access to the guard tour configuration page in the Axis device web interface. The primary impa...

CVE-2024-0055

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip.cgi and playclip.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis...

CVE-2024-0067

Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API ledlimit.cgi was vulnerable for path traversal attacks allowing to list folder/file names on the local file system of the Axis device. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer...

CVE-2024-8772

51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API managedoverlayimages.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited...