CVE-2026-3862 Cross-Site Scripting Vulnerability in SiteMinder Administrative UI

Cross-site Scripting XSS allows an attacker to submit specially crafted data to the application which is returned unaltered in the resulting web page...

Exploit for CVE-2024-51482

Security Research: Multi-Stage Exploitation of Web-Based Surve...

UBUNTU-CVE-2026-27470

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

CVE-2026-27470

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

Linux Distros Unpatched Vulnerability : CVE-2026-27470

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a...

CVE-2025-65791

ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec function. NOTE: this is disputed by the Supplier because there is no unsanitized user input to web/views/image.php...

CVE-2025-65791

ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec function. NOTE: this is disputed by the Supplier because there is no unsanitized user input to web/views/image.php...

CVE-2025-65791

CVE-2025-65791 affects ZoneMinder v1.36.34. Public sources describe a Command Injection in web/views/image.php where unsanitized user input is passed to PHP’s exec() function. The supplier disputes presence of unsanitized input in that file. Connected documents confirm the issue but do not provid...

CVE-2022-31830

Kity Minder v1.3.5 was discovered to contain a Server-Side Request Forgery SSRF via the init function at ImageCapture.class.php...

GO-2025-4147 Minder does not sandbox http.send in Rego programs in github.com/mindersec/minder

Minder does not sandbox http.send in Rego programs in github.com/mindersec/minder...

CVE-2025-65109

Minder is an open source software supply chain security platform. In Minder Helm version 0.20241106.3386+ref.2507dbf and Minder Go versions from 0.0.72 to 0.0.83, Minder users may fetch content in the context of the Minder server, which may include URLs which the user would not normally have acce...

CVE-2025-65109

Minder is an open source software supply chain security platform. In Minder Helm version 0.20241106.3386+ref.2507dbf and Minder Go versions from 0.0.72 to 0.0.83, Minder users may fetch content in the context of the Minder server, which may include URLs which the user would not normally have acce...

CVE-2025-65109 Minder does not sandbox http.send in Rego programs

Minder is an open source software supply chain security platform. In Minder Helm version 0.20241106.3386+ref.2507dbf and Minder Go versions from 0.0.72 to 0.0.83, Minder users may fetch content in the context of the Minder server, which may include URLs which the user would not normally have acce...

CVE-2025-65109 Minder does not sandbox http.send in Rego programs

Minder is an open source software supply chain security platform. In Minder Helm version 0.20241106.3386+ref.2507dbf and Minder Go versions from 0.0.72 to 0.0.83, Minder users may fetch content in the context of the Minder server, which may include URLs which the user would not normally have acce...

CVE-2025-65109 Minder does not sandbox http.send in Rego programs

Minder is an open source software supply chain security platform. In Minder Helm version 0.20241106.3386+ref.2507dbf and Minder Go versions from 0.0.72 to 0.0.83, Minder users may fetch content in the context of the Minder server, which may include URLs which the user would not normally have acce...

EUVD-2025-198530

Minder is an open source software supply chain security platform. In Minder Helm version 0.20241106.3386+ref.2507dbf and Minder Go versions from 0.0.72 to 0.0.83, Minder users may fetch content in the context of the Minder server, which may include URLs which the user would not normally have acce...

CVE-2025-65109

Summary (CVE-2025-65109) Minder exposes a risk where the Minder server can fetch content (potentially including restricted URLs) due to insufficient sandboxing of http.send in Rego policy evaluation. Affected: Minder Helm v0.20241106.3386+ref.2507dbf and Minder Go v0.0.72–0.0.83. Impact: access t...

Minder 安全漏洞

Minder is an open source platform that helps development teams and the open source community build more secure software and prove to others that the software they build is secure. A security vulnerability exists in Minder that stems from improper content acquisition and could lead to unauthorized...

GHSA-6XVF-4VH9-MW47 Minder does not sandbox http.send in Rego programs

Impact Minder users may fetch content in the context of the Minder server, which may include URLs which the user would not normally have access to for example, if the Minder server is behind a firewall or other network partition. Patches...

Minder does not sandbox http.send in Rego programs

Impact Minder users may fetch content in the context of the Minder server, which may include URLs which the user would not normally have access to for example, if the Minder server is behind a firewall or other network partition. Patches...