Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1258 matches found

Nuclei
Nucleiadded 9 hours ago216 views

ZoneMinder Snapshots - Command Injection

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the...

9.8CVSS7.3AI score0.55722EPSS
Exploits11References5
Nuclei
Nucleiadded 9 hours ago129 views

ZoneMinder v1.37.* <= 1.37.64 - SQL Injection

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37. = 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65. id: CVE-2024-51482 info: name: ZoneMinder v1.37. = 1.37.64 - SQL Injection author...

9.9CVSS5.9AI score0.50861EPSS
Exploits7References3
Nuclei
Nucleiadded 9 hours ago35 views

ZoneMinder - SQL Injection

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61. id: CVE-2024-43360 info: name: ZoneMinder - SQL Injection author: s4e-io severity: critical...

9.8CVSS5.9AI score0.63252EPSS
Exploits1References3
GithubExploit
GithubExploitadded 2026/04/16 4:40 p.m.204 views

ffensive-playbook

HackTheBox — Writeups Collection A collection of HackTheBox m...

9.9CVSS6.4AI score0.93631EPSS
Exploits26
GithubExploit
GithubExploitadded 2026/04/16 4:40 p.m.265 views

ofensive-playbook

HackTheBox — Writeups Collection A collection of HackTheBox m...

9.9CVSS7.2AI score0.93631EPSS
Exploits26
GithubExploit
GithubExploitadded 2026/03/10 8:12 a.m.149 views

Exploit for Allocation of Resources Without Limits or Throttling in Espressif Esp-Idf

CVE-2024-51428 - ZoneMinder Blind SQL Injection PoC Python wr...

7.5CVSS5.9AI score0.00072EPSS
Exploits2
GithubExploit
GithubExploitadded 2026/03/08 6:31 p.m.162 views

Exploit for CVE-2024-51482

ZoneMinder Time-Based SQL Injection CVE-2024-51482 📌 Vul...

9.9CVSS6AI score0.50861EPSS
Exploits7
GithubExploit
GithubExploitadded 2026/03/07 11:56 p.m.277 views

Exploit for CVE-2024-51482

CVE-2024-51482-PoC Authenticated time-based blind SQL injecti...

9.9CVSS5.8AI score0.50861EPSS
Exploits7
RedhatCVE
RedhatCVEadded 2026/02/22 1:25 p.m.3 views

CVE-2026-27470

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

8.8CVSS6.3AI score0.00013EPSS
Exploits2References1
GithubExploit
GithubExploitadded 2026/02/21 5:5 p.m.152 views

Exploit for CVE-2026-27470

CVE-2026-27470 — ZoneMinder Second-Order SQL Injection !CVE...

8.8CVSS6.2AI score0.00013EPSS
Exploits2
NVD
NVDadded 2026/02/21 8:16 a.m.5 views

CVE-2026-27470

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

8.8CVSS0.00013EPSS
Exploits2References4
UbuntuCve
UbuntuCveadded 2026/02/21 8:16 a.m.2 views

CVE-2026-27470

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

8.8CVSS6.2AI score0.00013EPSS
Exploits2References5
CVE
CVEadded 2026/02/21 8:5 a.m.56 views

CVE-2026-27470

ZoneMinder (versions 1.36.37 and earlier; 1.37.61–1.38.0) contains a second‑order SQL Injection in web/ajax/status.php:getNearEvents(). Although event fields Name and Cause are stored via parameterized queries, they are concatenated into SQL WHERE clauses without escaping, allowing an authenticat...

8.8CVSS6.4AI score0.00013EPSS
Exploits2References4Affected Software1
Debian CVE
Debian CVEadded 2026/02/21 8:5 a.m.5 views

CVE-2026-27470

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

8.8CVSS6.2AI score0.00013EPSS
Exploits2
Cvelist
Cvelistadded 2026/02/21 8:5 a.m.15 views

CVE-2026-27470 ZoneMinder: Second-Order SQL Injection in `getNearEvents()` via Stored Event Name and Cause Fields

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

8.8CVSS0.00013EPSS
Exploits2References4
ATTACKERKB
ATTACKERKBadded 2026/02/21 8:5 a.m.6 views

CVE-2026-27470

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

8.8CVSS6.4AI score0.00013EPSS
Exploits2References5Affected Software1
OSV
OSVadded 2026/02/21 8:5 a.m.2 views

CVE-2026-27470 ZoneMinder: Second-Order SQL Injection in `getNearEvents()` via Stored Event Name and Cause Fields

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

8.8CVSS6.4AI score0.00013EPSS
Exploits2References6
Vulnrichment
Vulnrichmentadded 2026/02/21 8:5 a.m.4 views

CVE-2026-27470 ZoneMinder: Second-Order SQL Injection in `getNearEvents()` via Stored Event Name and Cause Fields

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

8.8CVSS6.2AI score0.00013EPSS
Exploits2References4
Positive Technologies
Positive Technologiesadded 2026/02/21 12:0 a.m.4 views

PT-2026-21370

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

8.8CVSS6.3AI score0.00013EPSS
Exploits2References5
CNNVD
CNNVDadded 2026/02/21 12:0 a.m.6 views

ZoneMinder SQL注入漏洞

ZoneMinder is an open-source video monitoring software system developed by ZoneMinder. This system supports IP, USB, and analog cameras. Versions of ZoneMinder prior to 1.36.37, as well as versions 1.37.61 to 1.38.0, have a SQL injection vulnerability. This vulnerability stems from the...

8.8CVSS6.1AI score0.00013EPSS
Exploits2References4
Rows per page
Query Builder