Vulnerabilities > Zoneminder > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-08-12 CVE-2024-43360 SQL Injection vulnerability in Zoneminder
ZoneMinder is a free, open source closed-circuit television software application.
network
low complexity
zoneminder CWE-89
critical
 9.8
9.8
2023-02-25 CVE-2023-26035 Missing Authorization vulnerability in Zoneminder
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.
network
low complexity
zoneminder CWE-862
critical
 9.8
9.8
2023-02-25 CVE-2023-26036 Untrusted Search Path vulnerability in Zoneminder
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.
network
low complexity
zoneminder CWE-426
critical
 9.8
9.8
2023-02-25 CVE-2023-26037 SQL Injection vulnerability in Zoneminder
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.
network
low complexity
zoneminder CWE-89
critical
 9.8
9.8
2018-12-20 CVE-2018-1000832 Deserialization of Untrusted Data vulnerability in Zoneminder
ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.
network
low complexity
zoneminder CWE-502
critical
 10.0
10
2008-09-02 CVE-2008-3882 Code Injection vulnerability in Zoneminder
Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary commands via (1) the executeFilter function in zm_html_view_events.php and (2) the run_state parameter to zm_html_view_state.php.
network
low complexity
zoneminder CWE-94
critical
 10.0
10