Aggregates CVE and security vulnerability intelligence across all avigilon-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting and vendor risk path handling and related problems; some flaws may lead to vendor impact session compromise, affecting vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-56267 | A CSV injection vulnerability in the /id_profiles endpoint of Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via suuplying a crafted Excel file. | [email protected] | 9.8 | 0.26% | 2025-09-08 | 2025-09-12 |
| CVE-2025-56266 | A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via supplying a crafted URL. | [email protected] | 9.8 | 6.50% | 2025-09-08 | 2025-09-12 |
| CVE-2015-2860 | Directory traversal vulnerability in Avigilon Control Center (ACC) 4 before 4.12.0.54 and 5 before 5.4.2.22 allows remote attackers to read arbitrary files via a crafted help/ URL. | [email protected] | 7.8 | 0.39% | 2015-06-23 | 2026-05-06 |