Zoneminder

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-27470 HIGH POC This Week

SQL injection in ZoneMinder's status.php getNearEvents() function allows authenticated users with event management permissions to execute arbitrary database queries through improperly sanitized Event Name and Cause fields in versions 1.36.37 and below or 1.37.61 through 1.38.0. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker could extract sensitive data, modify database contents, or potentially achieve code execution depending on database permissions and configuration.

PHP SQLi Zoneminder
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-65791 CRITICAL POC Act Now

Command injection in ZoneMinder v1.36.34 video surveillance system via web/views/image.php. Unsanitized user input enables unauthenticated remote code execution. PoC available.

PHP Command Injection Zoneminder
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2026-27470
EPSS 0% CVSS 8.8
HIGH POC This Week

SQL injection in ZoneMinder's status.php getNearEvents() function allows authenticated users with event management permissions to execute arbitrary database queries through improperly sanitized Event Name and Cause fields in versions 1.36.37 and below or 1.37.61 through 1.38.0. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker could extract sensitive data, modify database contents, or potentially achieve code execution depending on database permissions and configuration.

PHP SQLi Zoneminder
NVD GitHub
CVE-2025-65791
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Command injection in ZoneMinder v1.36.34 video surveillance system via web/views/image.php. Unsanitized user input enables unauthenticated remote code execution. PoC available.

PHP Command Injection Zoneminder
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy