聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。
分配机构(CNA / 来源):[email protected] 移除此筛选
| CVE | 描述 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|
| CVE-2026-1185 | A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if an attacker can log in to the Axis device using SSH. | 5.4 | 0.23% | 2026-05-12 | 2026-06-17 |
| CVE-2026-0804 | An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | 6.7 | 0.13% | 2026-05-12 | 2026-06-17 |
| CVE-2026-0802 | An ACAP configuration file lacked sufficient input validation, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | 6.0 | 0.40% | 2026-05-12 | 2026-06-17 |
| CVE-2026-0541 | ACAP applications can gain elevated privileges due to improper input validation during the installation process, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | 6.7 | 0.10% | 2026-05-12 | 2026-06-17 |
| CVE-2025-12063 | An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions. | 5.7 | 0.19% | 2026-02-10 | 2026-06-17 |
| CVE-2025-13064 | A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses a client that have been tampered with. | 4.5 | 0.23% | 2026-02-10 | 2026-06-17 |
| CVE-2025-12757 | An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to. | 4.6 | 0.27% | 2026-02-10 | 2026-06-17 |
| CVE-2025-11547 | AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user. | 7.8 | 0.15% | 2026-02-10 | 2026-06-17 |
| CVE-2025-11142 | The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account. | 7.1 | 0.50% | 2026-02-10 | 2026-06-17 |
| CVE-2025-9524 | The VAPIX API port.cgi did not have sufficient input validation, which may result in process crashes and impact usability. This vulnerability can only be exploited after authenticating with a viewer- operator- or administrator-privileged service account. | 4.3 | 0.22% | 2025-11-11 | 2026-06-17 |
| CVE-2025-9055 | The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges. This flaw can only be exploited after authenticating with an administrator-privileged service account. | 6.4 | 0.10% | 2025-11-11 | 2026-06-17 |
| CVE-2025-8998 | It was possible to upload files with a specific name to a temporary directory, which may result in process crashes and impact usability. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. | 3.1 | 0.20% | 2025-11-11 | 2026-06-17 |
| CVE-2025-10714 | AXIS Optimizer was vulnerable to an unquoted search path vulnerability, which could potentially lead to privilege escalation within Microsoft Windows operating system. This vulnerability can only be exploited if the attacker has access to the local Windows machine and sufficient access rights (administrator) to write data into the installation path of AXIS Optimizer. | 8.4 | 0.10% | 2025-11-11 | 2026-06-17 |
| CVE-2025-8108 | An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | 6.7 | 0.11% | 2025-11-11 | 2026-06-17 |
| CVE-2025-6779 | An ACAP configuration file has improper permissions, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | 6.7 | 1.09% | 2025-11-11 | 2026-06-17 |
| CVE-2025-6571 | A 3rd-party component exposed its password in process arguments, allowing for low-privileged users to access it. | 6.0 | 0.09% | 2025-11-11 | 2026-06-17 |
| CVE-2025-6298 | ACAP applications can gain elevated privileges due to improper input validation, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | 6.7 | 0.12% | 2025-11-11 | 2026-06-17 |
| CVE-2025-5718 | The ACAP Application framework could allow privilege escalation through a symlink attack. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | 6.8 | 0.30% | 2025-11-11 | 2026-06-17 |
| CVE-2025-5454 | An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | 6.4 | 0.13% | 2025-11-11 | 2026-06-17 |
| CVE-2025-5452 | A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential privilege escalation of the malicious ACAP application. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | 6.6 | 0.26% | 2025-11-11 | 2026-06-17 |