Vulnerabilities > Zoneminder > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-08-12 CVE-2024-43360 SQL Injection vulnerability in Zoneminder
ZoneMinder is a free, open source closed-circuit television software application.
network
low complexity
zoneminder CWE-89
critical
 9.8
9.8
2023-02-25 CVE-2023-26035 Missing Authorization vulnerability in Zoneminder
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.
network
low complexity
zoneminder CWE-862
critical
 9.8
9.8
2023-02-25 CVE-2023-26036 Untrusted Search Path vulnerability in Zoneminder
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.
network
low complexity
zoneminder CWE-426
critical
 9.8
9.8
2023-02-25 CVE-2023-26037 SQL Injection vulnerability in Zoneminder
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.
network
low complexity
zoneminder CWE-89
critical
 9.8
9.8
2022-04-26 CVE-2022-29806 Path Traversal vulnerability in Zoneminder
ZoneMinder before 1.36.13 allows remote code execution via an invalid language.
network
low complexity
zoneminder CWE-22
critical
 9.8
9.8
2019-02-18 CVE-2019-8429 SQL Injection vulnerability in Zoneminder
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter.
network
low complexity
zoneminder CWE-89
critical
 9.8
9.8
2019-02-18 CVE-2019-8428 SQL Injection vulnerability in Zoneminder
ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value.
network
low complexity
zoneminder CWE-89
critical
 9.8
9.8
2019-02-18 CVE-2019-8427 OS Command Injection vulnerability in Zoneminder
daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters.
network
low complexity
zoneminder CWE-78
critical
 9.8
9.8
2019-02-18 CVE-2019-8424 SQL Injection vulnerability in Zoneminder
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter.
network
low complexity
zoneminder CWE-89
critical
 9.8
9.8
2019-02-18 CVE-2019-8423 SQL Injection vulnerability in Zoneminder
ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.
network
low complexity
zoneminder CWE-89
critical
 9.8
9.8