聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2026-1185 | A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if an attacker can log in to the Axis device using SSH. | 5.4 | 0.23% | 2026-05-12 | 2026-06-17 |
| CVE-2026-0804 | An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | 6.7 | 0.13% | 2026-05-12 | 2026-06-17 |
| CVE-2026-0802 | An ACAP configuration file lacked sufficient input validation, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | 6.0 | 0.40% | 2026-05-12 | 2026-06-17 |
| CVE-2026-0541 | ACAP applications can gain elevated privileges due to improper input validation during the installation process, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | 6.7 | 0.10% | 2026-05-12 | 2026-06-17 |
| CVE-2025-9524 | The VAPIX API port.cgi did not have sufficient input validation, which may result in process crashes and impact usability. This vulnerability can only be exploited after authenticating with a viewer- operator- or administrator-privileged service account. | 4.3 | 0.22% | 2025-11-11 | 2026-06-17 |
| CVE-2025-9055 | The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges. This flaw can only be exploited after authenticating with an administrator-privileged service account. | 6.4 | 0.10% | 2025-11-11 | 2026-06-17 |
| CVE-2025-8998 | It was possible to upload files with a specific name to a temporary directory, which may result in process crashes and impact usability. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. | 3.1 | 0.20% | 2025-11-11 | 2026-06-17 |
| CVE-2025-8108 | An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | 6.7 | 0.11% | 2025-11-11 | 2026-06-17 |
| CVE-2025-7622 | During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that allowed an authenticated attacker to access internal resources on the server was discovered. | 5.1 | 0.15% | 2025-08-12 | 2026-06-17 |
| CVE-2025-6779 | An ACAP configuration file has improper permissions, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | 6.7 | 1.09% | 2025-11-11 | 2026-06-17 |
| CVE-2025-6571 | A 3rd-party component exposed its password in process arguments, allowing for low-privileged users to access it. | 6.0 | 0.09% | 2025-11-11 | 2026-06-17 |
| CVE-2025-6298 | ACAP applications can gain elevated privileges due to improper input validation, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | 6.7 | 0.12% | 2025-11-11 | 2026-06-17 |
| CVE-2025-5718 | The ACAP Application framework could allow privilege escalation through a symlink attack. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | 6.8 | 0.30% | 2025-11-11 | 2026-06-17 |
| CVE-2025-5454 | An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | 6.4 | 0.13% | 2025-11-11 | 2026-06-17 |
| CVE-2025-5452 | A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential privilege escalation of the malicious ACAP application. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | 6.6 | 0.26% | 2025-11-11 | 2026-06-17 |
| CVE-2025-4645 | An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | 6.7 | 0.13% | 2025-11-11 | 2026-06-17 |
| CVE-2025-3892 | ACAP applications can be executed with elevated privileges, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | 6.7 | 0.09% | 2025-08-12 | 2026-06-17 |
| CVE-2025-30027 | An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | 6.7 | 0.16% | 2025-08-12 | 2026-06-17 |
| CVE-2025-30026 | The AXIS Camera Station Server had a flaw that allowed to bypass authentication that is normally required. | 5.3 | 0.60% | 2025-07-11 | 2026-06-17 |
| CVE-2025-30025 | The communication protocol used between the server process and the service control had a flaw that could lead to a local privilege escalation. | 4.8 | 0.20% | 2025-07-11 | 2026-06-17 |