ZoneMinder — Vulnerabilities & Security Advisories 18

Browse all 18 CVE security advisories affecting ZoneMinder. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by ZoneMinder:zoneminder

CVE ID	Title	CVSS	Severity	Published
CVE-2026-27470	ZoneMinder: Second-Order SQL Injection in `getNearEvents()` via Stored Event Name and Cause Fields — zoneminderCWE-89	8.8	High	2026-02-21
CVE-2024-51482	Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64 — zoneminderCWE-89	10.0	Critical	2024-10-31
CVE-2024-43360	ZoneMinder Time-based SQL Injection — zoneminderCWE-89	9.8	Critical	2024-08-12
CVE-2024-43359	XSS vulnerabilities in montagereview — zoneminderCWE-79	-	-	2024-08-12
CVE-2024-43358	XSS vulnerability in filter view — zoneminderCWE-79	6.1	Medium	2024-08-12
CVE-2023-41884	ZoneMinder Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in watch.php — zoneminderCWE-89	7.1	High	2024-08-12
CVE-2023-26039	ZoneMinder vulnerable to OS Command injection in daemonControl() API — zoneminderCWE-78	7.1	High	2023-02-25
CVE-2023-26038	ZoneMinder contains Local File Inclusion vulnerability via `web/ajax/modal.php` — zoneminderCWE-426	5.4	Medium	2023-02-25
CVE-2023-26037	ZoneMinder contains SQL Injection via report_event_audit — zoneminderCWE-89	8.9	High	2023-02-25
CVE-2023-26036	ZoneMinder contains Local File Inclusion vulnerability — zoneminderCWE-426	8.1	High	2023-02-25
CVE-2023-26035	ZoneMinder vulnerable to Missing Authorization — zoneminderCWE-862	7.2	High	2023-02-25
CVE-2023-26034	ZoneMinder SQL Injection — zoneminderCWE-89	9.6	Critical	2023-02-25
CVE-2023-26032	ZoneMinder contains SQL injection via malicious Jason Web Token — zoneminderCWE-89	8.9	High	2023-02-25
CVE-2023-25825	ZoneMinder contains Cross-site Scripting via log viewing — zoneminderCWE-79	7.7	High	2023-02-25
CVE-2022-39285	Stored Cross-Site Scripting Vulnerability In File Parameter in zoneminder — zoneminderCWE-79	7.6	High	2022-10-07
CVE-2022-39291	Denial of service through logs in zoneminder — zoneminderCWE-20	5.4	Medium	2022-10-07
CVE-2022-39290	CSRF key bypass using HTTP methods in zoneminder — zoneminderCWE-287	8.0	High	2022-10-07
CVE-2022-39289	Database log access in ZoneMinder — zoneminderCWE-200	9.1	Critical	2022-10-07

This page lists every published CVE security advisory associated with ZoneMinder. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

ZoneMinder — Vulnerabilities & Security Advisories 18