Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1264 matches found

Nuclei
Nucleiadded yesterday37 views

ZoneMinder - SQL Injection

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61. id: CVE-2024-43360 info: name: ZoneMinder - SQL Injection author: s4e-io severity: critical...

9.8CVSS7.2AI score0.06171EPSS
Exploits1References3
Nuclei
Nucleiadded yesterday132 views

ZoneMinder v1.37.* <= 1.37.64 - SQL Injection

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37. = 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65. id: CVE-2024-51482 info: name: ZoneMinder v1.37. = 1.37.64 - SQL Injection author...

9.9CVSS7.4AI score0.36899EPSS
Exploits7References3
Nuclei
Nucleiadded yesterday235 views

ZoneMinder Snapshots - Command Injection

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the...

9.8CVSS7.2AI score0.80462EPSS
Exploits11References5
GithubExploit
GithubExploitadded 2026/06/06 5:54 p.m.66 views

zoneminder-rce-poc

just wait and see Proof of concept for an OS command injectio...

6.8AI score
Exploits0
GithubExploit
GithubExploitadded 2026/04/16 4:40 p.m.272 views

ffensive-playbook

HackTheBox — Writeups Collection A collection of HackTheBox m...

9.9CVSS6.4AI score0.75197EPSS
Exploits26
GithubExploit
GithubExploitadded 2026/04/16 4:40 p.m.304 views

ofensive-playbook

HackTheBox — Writeups Collection A collection of HackTheBox m...

9.9CVSS7.2AI score0.75197EPSS
Exploits26
GithubExploit
GithubExploitadded 2026/03/10 8:12 a.m.175 views

Exploit for Allocation of Resources Without Limits or Throttling in Espressif Esp-Idf

CVE-2024-51428 - ZoneMinder Blind SQL Injection PoC Python wr...

7.5CVSS5.9AI score0.00513EPSS
Exploits2
GithubExploit
GithubExploitadded 2026/03/08 6:31 p.m.190 views

Exploit for CVE-2024-51482

ZoneMinder Time-Based SQL Injection CVE-2024-51482 📌 Vul...

9.9CVSS6AI score0.36899EPSS
Exploits7
GithubExploit
GithubExploitadded 2026/03/07 11:56 p.m.308 views

Exploit for CVE-2024-51482

CVE-2024-51482-PoC Authenticated time-based blind SQL injecti...

9.9CVSS5.8AI score0.36899EPSS
Exploits7
RedhatCVE
RedhatCVEadded 2026/02/22 1:25 p.m.6 views

CVE-2026-27470

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

8.8CVSS6.3AI score0.0048EPSS
Exploits2References1
GithubExploit
GithubExploitadded 2026/02/21 5:5 p.m.172 views

Exploit for CVE-2026-27470

CVE-2026-27470 — ZoneMinder Second-Order SQL Injection !CVE...

8.8CVSS6.2AI score0.0048EPSS
Exploits2
NVD
NVDadded 2026/02/21 8:16 a.m.6 views

CVE-2026-27470

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

8.8CVSS0.0048EPSS
Exploits2References4
UbuntuCve
UbuntuCveadded 2026/02/21 8:16 a.m.3 views

CVE-2026-27470

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

8.8CVSS6.2AI score0.0048EPSS
Exploits2References5
Vulnrichment
Vulnrichmentadded 2026/02/21 8:5 a.m.5 views

CVE-2026-27470 ZoneMinder: Second-Order SQL Injection in `getNearEvents()` via Stored Event Name and Cause Fields

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

8.8CVSS6.2AI score0.0048EPSS
Exploits2References4
ATTACKERKB
ATTACKERKBadded 2026/02/21 8:5 a.m.8 views

CVE-2026-27470

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

8.8CVSS6.4AI score0.0048EPSS
Exploits2References5Affected Software1
Cvelist
Cvelistadded 2026/02/21 8:5 a.m.19 views

CVE-2026-27470 ZoneMinder: Second-Order SQL Injection in `getNearEvents()` via Stored Event Name and Cause Fields

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

8.8CVSS0.0048EPSS
Exploits2References4
CVE
CVEadded 2026/02/21 8:5 a.m.64 views

CVE-2026-27470

ZoneMinder (versions 1.36.37 and earlier; 1.37.61–1.38.0) contains a second‑order SQL Injection in web/ajax/status.php:getNearEvents(). Although event fields Name and Cause are stored via parameterized queries, they are concatenated into SQL WHERE clauses without escaping, allowing an authenticat...

8.8CVSS6.4AI score0.0048EPSS
Exploits2References4Affected Software1
Debian CVE
Debian CVEadded 2026/02/21 8:5 a.m.6 views

CVE-2026-27470

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

8.8CVSS6.2AI score0.0048EPSS
Exploits2
OSV
OSVadded 2026/02/21 8:5 a.m.2 views

CVE-2026-27470 ZoneMinder: Second-Order SQL Injection in `getNearEvents()` via Stored Event Name and Cause Fields

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

8.8CVSS6.4AI score0.0048EPSS
Exploits2References6
Positive Technologies
Positive Technologiesadded 2026/02/21 12:0 a.m.6 views

PT-2026-21370

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

8.8CVSS6.3AI score0.0048EPSS
Exploits2References5
Rows per page
Query Builder