Filtered by vendor Axis
Subscriptions
Total
104 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-11142 | 2 Axis, Axis Communications Ab | 2 Axis Os, Axis Os | 2026-02-28 | 7.1 High |
| The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account. | ||||
| CVE-2025-3892 | 1 Axis | 1 Axis Os | 2026-02-26 | 6.7 Medium |
| ACAP applications can be executed with elevated privileges, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | ||||
| CVE-2025-30027 | 1 Axis | 1 Axis Os | 2026-02-26 | 6.7 Medium |
| An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | ||||
| CVE-2025-4645 | 2 Axis, Axis Communications Ab | 234 A1210 \(-b\), A1214, A1601 and 231 more | 2026-02-26 | 6.7 Medium |
| An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | ||||
| CVE-2025-5454 | 2 Axis, Axis Communications Ab | 234 A1210 \(-b\), A1214, A1601 and 231 more | 2026-02-26 | 6.4 Medium |
| An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | ||||
| CVE-2025-5718 | 2 Axis, Axis Communications Ab | 234 A1210 \(-b\), A1214, A1601 and 231 more | 2026-02-26 | 6.8 Medium |
| The ACAP Application framework could allow privilege escalation through a symlink attack. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | ||||
| CVE-2025-6298 | 2 Axis, Axis Communications Ab | 2 Axis Os, Axis Os | 2026-02-26 | 6.7 Medium |
| ACAP applications can gain elevated privileges due to improper input validation, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | ||||
| CVE-2025-5452 | 2 Axis, Axis Communications Ab | 234 A1210 \(-b\), A1214, A1601 and 231 more | 2026-02-26 | 6.6 Medium |
| A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential privilege escalation of the malicious ACAP application. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | ||||
| CVE-2025-6571 | 2 Axis, Axis Communications Ab | 2 Axis Os, Axis Os | 2026-02-26 | 6 Medium |
| A 3rd-party component exposed its password in process arguments, allowing for low-privileged users to access it. | ||||
| CVE-2025-6779 | 2 Axis, Axis Communications Ab | 234 A1210 \(-b\), A1214, A1601 and 231 more | 2026-02-26 | 6.7 Medium |
| An ACAP configuration file has improper permissions, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | ||||
| CVE-2025-8108 | 2 Axis, Axis Communications Ab | 234 A1210 \(-b\), A1214, A1601 and 231 more | 2026-02-26 | 6.7 Medium |
| An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | ||||
| CVE-2025-9055 | 3 Axis, Axis Communications Ab, Linux | 3 Axis Os, Axis Os, Linux | 2026-02-26 | 6.4 Medium |
| The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges. This flaw can only be exploited after authenticating with an administrator-privileged service account. | ||||
| CVE-2025-11547 | 2 Axis, Axis Communications Ab | 2 Camera Station Pro, Axis Camera Station Pro | 2026-02-26 | 7.8 High |
| AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user. | ||||
| CVE-2025-12757 | 2 Axis, Axis Communications Ab | 2 Camera Station Pro, Axis Camera Station Pro | 2026-02-17 | 4.6 Medium |
| An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to. | ||||
| CVE-2025-13064 | 2 Axis, Axis Communications Ab | 2 Camera Station Pro, Axis Camera Station Pro | 2026-02-17 | 4.5 Medium |
| A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses a client that have been tampered with. | ||||
| CVE-2025-12063 | 2 Axis, Axis Communications Ab | 2 Camera Station Pro, Axis Camera Station Pro | 2026-02-17 | 5.7 Medium |
| An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions. | ||||
| CVE-2025-30025 | 1 Axis | 2 Camera Station Pro, Device Manager | 2026-01-23 | 7.8 High |
| The communication protocol used between the server process and the service control had a flaw that could lead to a local privilege escalation. | ||||
| CVE-2025-30024 | 1 Axis | 1 Device Manager | 2026-01-23 | 6.8 Medium |
| The communication protocol used between client and server had a flaw that could be leveraged to execute a man in the middle attack. | ||||
| CVE-2025-30023 | 1 Axis | 3 Camera Station, Camera Station Pro, Device Manager | 2026-01-23 | 9 Critical |
| The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack. | ||||
| CVE-2025-0359 | 1 Axis | 2 Axis Os, Axis Os 2024 | 2026-01-22 | 8.5 High |
| During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ACAP Application framework that allowed applications to access restricted D-Bus methods within the framework. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | ||||