Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ZoneMinder — Vulnerabilities & Security Advisories 18

Browse all 18 CVE security advisories affecting ZoneMinder. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ZoneMinder serves as an open-source video surveillance solution for monitoring security cameras and managing video analytics. Historically, the application has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, contributing to its 18 recorded CVEs. Notable security characteristics include its PHP-based architecture and web interface, which have been frequent targets for exploitation. While no major public security incidents have been widely documented, the consistent discovery of vulnerabilities in its authentication and session management components highlights ongoing security challenges that require diligent patching and hardening in production environments.

Top products by ZoneMinder: zoneminder
CVE IDTitleCVSSSeverityPublished
CVE-2026-27470 ZoneMinder: Second-Order SQL Injection in `getNearEvents()` via Stored Event Name and Cause Fields — zoneminderCWE-89 8.8 High2026-02-21
CVE-2024-51482 Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64 — zoneminderCWE-89 10.0 Critical2024-10-31
CVE-2024-43360 ZoneMinder Time-based SQL Injection — zoneminderCWE-89 9.8 Critical2024-08-12
CVE-2024-43359 XSS vulnerabilities in montagereview — zoneminderCWE-79--2024-08-12
CVE-2024-43358 XSS vulnerability in filter view — zoneminderCWE-79 6.1 Medium2024-08-12
CVE-2023-41884 ZoneMinder Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in watch.php — zoneminderCWE-89 7.1 High2024-08-12
CVE-2023-26039 ZoneMinder vulnerable to OS Command injection in daemonControl() API — zoneminderCWE-78 7.1 High2023-02-25
CVE-2023-26038 ZoneMinder contains Local File Inclusion vulnerability via `web/ajax/modal.php` — zoneminderCWE-426 5.4 Medium2023-02-25
CVE-2023-26037 ZoneMinder contains SQL Injection via report_event_audit — zoneminderCWE-89 8.9 High2023-02-25
CVE-2023-26036 ZoneMinder contains Local File Inclusion vulnerability — zoneminderCWE-426 8.1 High2023-02-25
CVE-2023-26035 ZoneMinder vulnerable to Missing Authorization — zoneminderCWE-862 7.2 High2023-02-25
CVE-2023-26034 ZoneMinder SQL Injection — zoneminderCWE-89 9.6 Critical2023-02-25
CVE-2023-26032 ZoneMinder contains SQL injection via malicious Jason Web Token — zoneminderCWE-89 8.9 High2023-02-25
CVE-2023-25825 ZoneMinder contains Cross-site Scripting via log viewing — zoneminderCWE-79 7.7 High2023-02-25
CVE-2022-39285 Stored Cross-Site Scripting Vulnerability In File Parameter in zoneminder — zoneminderCWE-79 7.6 High2022-10-07
CVE-2022-39291 Denial of service through logs in zoneminder — zoneminderCWE-20 5.4 Medium2022-10-07
CVE-2022-39290 CSRF key bypass using HTTP methods in zoneminder — zoneminderCWE-287 8.0 High2022-10-07
CVE-2022-39289 Database log access in ZoneMinder — zoneminderCWE-200 9.1 Critical2022-10-07

This page lists every published CVE security advisory associated with ZoneMinder. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.