Common Vulnerabilities and Exposures (CVE)
CVE-2025-6298
ACAP applications can gain elevated privileges due to improper input validation, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned AC...
CVE-2025-5718
The ACAP Application framework could allow privilege escalation through a symlink attack. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker ...
CVE-2025-5454
An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the insta...
CVE-2025-4645
An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications...
CVE-2025-42894
Due to a Path Traversal vulnerability in SAP Business Connector, an attacker authenticated as an administrator with adjacent access could read, write, overwrite, and delete arbitrary files on the host system. Successful exploitation could e...
CVE-2025-42890
SQL Anywhere Monitor (Non-GUI) baked credentials into the code,exposing the resources or functionality to unintended users and providing attackers with the possibility of arbitrary code execution.This could cause high impact on confidential...
CVE-2025-62452
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
CVE-2025-60721
Privilege context switching error in Windows Administrator Protection allows an authorized attacker to elevate privileges locally.
CVE-2025-60710
Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.
CVE-2025-62211
Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.
CVE-2025-62210
Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.
CVE-2025-60717
Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally.
CVE-2025-59512
Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attacker to elevate privileges locally.
CVE-2025-59515
Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally.
CVE-2025-62219
Double free in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally.