Every CVE whose affected-product data names Axis Axis Os 2024, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2025-0324 — CVSS 9.4 (critical): The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges.
CVE-2025-0359 — CVSS 8.5 (high): During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ACAP Application framework…
CVE-2025-0360 — CVSS 7.8 (high): During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration…
CVE-2024-6979 — CVSS 6.8 (medium): Amin Aliakbari, member of the AXIS OS Bug Bounty Program, has found a broken access control which would lead to less-privileged operator-…
CVE-2025-0361 — CVSS 4.3 (medium): During an annual penetration test conducted on behalf of Axis Communications, Truesec discovered a flaw in the VAPIX Device Configuration…
CVE-2024-47261 — CVSS 4.3 (medium): 51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input…
CVE-2024-8160 — CVSS 3.8 (low): Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation…
CVE-2024-47259 — CVSS 3.5 (low): Girishunawane, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi did not have a sufficient input…