Browse all 4 CVE security advisories affecting z-9527. AI-powered Chinese analysis, POCs, and references for each vulnerability.
z-9527 is a network monitoring tool primarily used for real-time traffic analysis and security event detection. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, with four CVEs currently documented. The application's exposure of administrative interfaces and default credentials has contributed to its compromise in several incidents. Security researchers have noted its susceptibility to buffer overflows in parsing functions and inadequate input validation in web components. While no major public breaches have been widely reported, the consistent pattern of vulnerabilities suggests a need for hardening, particularly in its web management console and data processing modules.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-5252 | z-9527 admin Message Create Endpoint message.js cross site scripting — adminCWE-79 | 3.5 | Low | 2026-04-01 |
| CVE-2026-5251 | z-9527 admin User Update Endpoint user.js dynamically-determined object attributes — adminCWE-915 | 6.3 | Medium | 2026-04-01 |
| CVE-2026-4999 | z-9527 admin isImg Check upload.js uploadFile path traversal — adminCWE-22 | 6.3 | Medium | 2026-03-28 |
| CVE-2026-3200 | z-9527 admin user.js getUsers sql injection — adminCWE-89 | 7.3 | High | 2026-02-25 |
This page lists every published CVE security advisory associated with z-9527. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.