zoneminder

Top products

The 15 most recently published vulnerabilities affecting zoneminder.

• CVE-2026-27470ZoneMinder: Second-Order SQL Injection in `getNearEvents()` via Stored Event Name and Cause Fields8.8Feb 21, 2026
• CVE-2025-65791ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec() function. NOTE: this is disputed by the Supplier ...9.8Feb 18, 2026
• CVE-2024-51482Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.649.9Oct 31, 2024
• CVE-2023-31493RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing...6.6Oct 15, 2024
• CVE-2024-43360ZoneMinder Time-based SQL Injection9.8Aug 12, 2024
• CVE-2024-43358XSS vulnerability in filter view6.1Aug 12, 2024
• CVE-2023-41884ZoneMinder Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in watch.php7.1Aug 12, 2024
• CVE-2020-25730Cross Site Scripting (XSS) vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate privileges, and obtain sensitive information via PHP_SELF com...8.2Apr 4, 2024
• CVE-2023-26039ZoneMinder vulnerable to OS Command injection in daemonControl() API7.1Feb 25, 2023
• CVE-2023-26038ZoneMinder contains Local File Inclusion vulnerability via `web/ajax/modal.php`5.4Feb 25, 2023
• CVE-2023-26037ZoneMinder contains SQL Injection via report_event_audit8.9Feb 25, 2023
• CVE-2023-26036ZoneMinder contains Local File Inclusion vulnerability8.1Feb 25, 2023
• CVE-2023-26035ZoneMinder vulnerable to Missing Authorization7.2Feb 25, 2023
• CVE-2023-26034ZoneMinder SQL Injection9.6Feb 25, 2023
• CVE-2023-26032ZoneMinder contains SQL injection via malicious Jason Web Token8.9Feb 25, 2023