| 0 |
| url |
VCID-11zt-rw3z-87gx |
| vulnerability_id |
VCID-11zt-rw3z-87gx |
| summary |
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view download (download.php) because proper filtration is omitted. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7333 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58064 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58087 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.57943 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58027 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.5805 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58025 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.5808 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58083 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.581 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58077 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58056 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7333 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7333
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-11zt-rw3z-87gx |
|
| 1 |
| url |
VCID-1b3u-17mt-5qfe |
| vulnerability_id |
VCID-1b3u-17mt-5qfe |
| summary |
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37.* <= 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-51482 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.48481 |
| scoring_system |
epss |
| scoring_elements |
0.97756 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.53071 |
| scoring_system |
epss |
| scoring_elements |
0.97949 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.53071 |
| scoring_system |
epss |
| scoring_elements |
0.97945 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.53071 |
| scoring_system |
epss |
| scoring_elements |
0.97946 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.53071 |
| scoring_system |
epss |
| scoring_elements |
0.97954 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.549 |
| scoring_system |
epss |
| scoring_elements |
0.98049 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.549 |
| scoring_system |
epss |
| scoring_elements |
0.98043 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.549 |
| scoring_system |
epss |
| scoring_elements |
0.98048 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.549 |
| scoring_system |
epss |
| scoring_elements |
0.98055 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-51482 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-51482
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1b3u-17mt-5qfe |
|
| 2 |
| url |
VCID-23ug-uzth-tybf |
| vulnerability_id |
VCID-23ug-uzth-tybf |
| summary |
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'state' (aka Run State) (state.php) does no input validation to the value supplied to the 'New State' (aka newState) field, allowing an attacker to execute HTML or JavaScript code. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7352 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55842 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55838 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55661 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55772 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55795 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55775 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55826 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55829 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55837 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55818 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.558 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7352 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7352
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-23ug-uzth-tybf |
|
| 3 |
| url |
VCID-35hj-x1e2-eug1 |
| vulnerability_id |
VCID-35hj-x1e2-eug1 |
| summary |
ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-8428 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.5586 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55887 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55707 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.5582 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55843 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55821 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55872 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55875 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55885 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55865 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55846 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55882 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-8428 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-8428
|
| risk_score |
4.4 |
| exploitability |
0.5 |
| weighted_severity |
8.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-35hj-x1e2-eug1 |
|
| 4 |
| url |
VCID-3zrk-nztf-nqfd |
| vulnerability_id |
VCID-3zrk-nztf-nqfd |
| summary |
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'options' (options.php) does no input validation for the WEB_TITLE, HOME_URL, HOME_CONTENT, or WEB_CONSOLE_BANNER value, allowing an attacker to execute HTML or JavaScript code. This relates to functions.php. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7345 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46443 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46498 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46374 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46415 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46435 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46383 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46439 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46463 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46434 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46444 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46501 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7345 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7345
|
| risk_score |
2.1 |
| exploitability |
0.5 |
| weighted_severity |
4.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3zrk-nztf-nqfd |
|
| 5 |
| url |
VCID-4zbd-b8b7-tfa4 |
| vulnerability_id |
VCID-4zbd-b8b7-tfa4 |
| summary |
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as multiple views under web/skins/classic/views insecurely utilize $_REQUEST['PHP_SELF'], without applying any proper filtration. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7325 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55988 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56014 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55837 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55949 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.5597 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55948 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55999 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56002 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56013 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55993 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55975 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56011 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7325 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7325
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4zbd-b8b7-tfa4 |
|
| 6 |
| url |
VCID-578u-3ew5-qyh5 |
| vulnerability_id |
VCID-578u-3ew5-qyh5 |
| summary |
Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) view, (2) request, or (3) action parameter. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-0332 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.31131 |
| scoring_system |
epss |
| scoring_elements |
0.96768 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.31131 |
| scoring_system |
epss |
| scoring_elements |
0.96725 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.31131 |
| scoring_system |
epss |
| scoring_elements |
0.96735 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.31131 |
| scoring_system |
epss |
| scoring_elements |
0.96736 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.31131 |
| scoring_system |
epss |
| scoring_elements |
0.96741 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.31131 |
| scoring_system |
epss |
| scoring_elements |
0.96748 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.31131 |
| scoring_system |
epss |
| scoring_elements |
0.96749 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.31131 |
| scoring_system |
epss |
| scoring_elements |
0.96752 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.31131 |
| scoring_system |
epss |
| scoring_elements |
0.96755 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.31131 |
| scoring_system |
epss |
| scoring_elements |
0.96761 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.31131 |
| scoring_system |
epss |
| scoring_elements |
0.96765 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-0332 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-0332
|
| risk_score |
9.0 |
| exploitability |
2.0 |
| weighted_severity |
4.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-578u-3ew5-qyh5 |
|
| 7 |
| url |
VCID-5ba3-bxk1-pbht |
| vulnerability_id |
VCID-5ba3-bxk1-pbht |
| summary |
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view _monitor_filters.php contains takes in input from the user and saves it into the session, and retrieves it later (insecurely). The values of the MonitorName and Source parameters are being displayed without any output filtration being applied. This relates to the view=cycle value. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7336 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55842 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55838 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55661 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55772 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55795 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55775 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55826 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55829 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55837 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55818 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.558 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7336 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7336
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5ba3-bxk1-pbht |
|
| 8 |
| url |
VCID-619e-k5cr-nyap |
| vulnerability_id |
VCID-619e-k5cr-nyap |
| summary |
Multiple cross-site scripting (XSS) vulnerabilities in ZoneMinder 1.23.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified "zm_html_view_*.php" files. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2008-3881 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00285 |
| scoring_system |
epss |
| scoring_elements |
0.52009 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00285 |
| scoring_system |
epss |
| scoring_elements |
0.51871 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00285 |
| scoring_system |
epss |
| scoring_elements |
0.51919 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00285 |
| scoring_system |
epss |
| scoring_elements |
0.51946 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00285 |
| scoring_system |
epss |
| scoring_elements |
0.5191 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00285 |
| scoring_system |
epss |
| scoring_elements |
0.51964 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00285 |
| scoring_system |
epss |
| scoring_elements |
0.51963 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00285 |
| scoring_system |
epss |
| scoring_elements |
0.52015 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00285 |
| scoring_system |
epss |
| scoring_elements |
0.51997 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00285 |
| scoring_system |
epss |
| scoring_elements |
0.51981 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00285 |
| scoring_system |
epss |
| scoring_elements |
0.52023 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00285 |
| scoring_system |
epss |
| scoring_elements |
0.52029 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2008-3881 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
|
| fixed_packages |
|
| aliases |
CVE-2008-3881
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-619e-k5cr-nyap |
|
| 9 |
| url |
VCID-643r-dxjk-63d2 |
| vulnerability_id |
VCID-643r-dxjk-63d2 |
| summary |
zoneminder: command injection, SQL injection and multiple XSS issues (CVE-2008-3882, CVE-2008-3880, CVE-2008-3881) |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2008-3880 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.62104 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.61944 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.62015 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.62047 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.62065 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.62083 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.62103 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.62093 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.62072 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.62115 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.6212 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2008-3880 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
|
| fixed_packages |
|
| aliases |
CVE-2008-3880
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-643r-dxjk-63d2 |
|
| 10 |
| url |
VCID-64wa-wgn6-nub8 |
| vulnerability_id |
VCID-64wa-wgn6-nub8 |
| summary |
ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2008-6756 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11464 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11591 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11645 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11434 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.1152 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11579 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.1159 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11555 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.1153 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11389 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11511 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2008-6756 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2008-6756
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-64wa-wgn6-nub8 |
|
| 11 |
| url |
VCID-694p-mbsg-e7f6 |
| vulnerability_id |
VCID-694p-mbsg-e7f6 |
| summary |
Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, which allows a remote attacker to execute malicious scripts within an authenticated client's browser. The URL is /zm/index.php and sample parameters could include action=login&view=postlogin[XSS] view=console[XSS] view=groups[XSS] view=events&filter[terms][1][cnj]=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=[XSS]and view=events&limit=1%22%3E%3C/a%3E[XSS] (among others). |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-5367 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65556 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65604 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65634 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.656 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65652 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65664 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65684 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.6567 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65641 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65676 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65689 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65672 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-5367 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-5367
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-694p-mbsg-e7f6 |
|
| 12 |
| url |
VCID-6mdb-h6fb-c7d6 |
| vulnerability_id |
VCID-6mdb-h6fb-c7d6 |
| summary |
POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[AutoExecuteCmd]' parameter value in the view filter (filter.php) because proper filtration is omitted. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7342 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55722 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55744 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55561 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55673 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55695 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55674 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55725 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55728 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55737 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55717 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.557 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.5574 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7342 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7342
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6mdb-h6fb-c7d6 |
|
| 13 |
| url |
VCID-6xnz-k4kg-eqhd |
| vulnerability_id |
VCID-6xnz-k4kg-eqhd |
| summary |
Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[Method]' parameter value in the view monitor (monitor.php) because proper filtration is omitted. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7343 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58064 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58087 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.57943 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58027 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.5805 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58025 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.5808 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58083 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.581 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58077 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58056 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7343 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7343
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6xnz-k4kg-eqhd |
|
| 14 |
| url |
VCID-7x1r-12y1-ekfk |
| vulnerability_id |
VCID-7x1r-12y1-ekfk |
| summary |
POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[Query][terms][0][val]' parameter value in the view filter (filter.php) because proper filtration is omitted. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7340 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58064 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58087 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.57943 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58027 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.5805 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58025 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.5808 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58083 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.581 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58077 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58056 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7340 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7340
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7x1r-12y1-ekfk |
|
| 15 |
| url |
VCID-8uu9-g2r8-nyep |
| vulnerability_id |
VCID-8uu9-g2r8-nyep |
| summary |
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 while editing an existing monitor field named "signal check color" (monitor.php). There exists no input validation or output filtration, leaving it vulnerable to HTML Injection and an XSS attack. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7331 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55988 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56014 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55837 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55949 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.5597 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55948 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55999 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56002 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56013 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55993 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55975 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56011 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7331 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7331
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8uu9-g2r8-nyep |
|
| 16 |
| url |
VCID-8vh1-pk4c-63hz |
| vulnerability_id |
VCID-8vh1-pk4c-63hz |
| summary |
A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a crafted Zone NAME to the index.php?view=zones&action=zoneImage&mid=1 URI. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-6990 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0027 |
| scoring_system |
epss |
| scoring_elements |
0.50555 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.0027 |
| scoring_system |
epss |
| scoring_elements |
0.50577 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.0027 |
| scoring_system |
epss |
| scoring_elements |
0.50438 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.0027 |
| scoring_system |
epss |
| scoring_elements |
0.50495 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.0027 |
| scoring_system |
epss |
| scoring_elements |
0.50522 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.0027 |
| scoring_system |
epss |
| scoring_elements |
0.50475 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.0027 |
| scoring_system |
epss |
| scoring_elements |
0.50529 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.0027 |
| scoring_system |
epss |
| scoring_elements |
0.50526 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.0027 |
| scoring_system |
epss |
| scoring_elements |
0.50567 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.0027 |
| scoring_system |
epss |
| scoring_elements |
0.50544 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.0027 |
| scoring_system |
epss |
| scoring_elements |
0.50573 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-6990 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-6990
|
| risk_score |
2.5 |
| exploitability |
0.5 |
| weighted_severity |
4.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8vh1-pk4c-63hz |
|
| 17 |
| url |
VCID-9rr3-tdb4-1kdm |
| vulnerability_id |
VCID-9rr3-tdb4-1kdm |
| summary |
ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1000832 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0816 |
| scoring_system |
epss |
| scoring_elements |
0.92151 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.0816 |
| scoring_system |
epss |
| scoring_elements |
0.92158 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.0816 |
| scoring_system |
epss |
| scoring_elements |
0.92164 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.0816 |
| scoring_system |
epss |
| scoring_elements |
0.92167 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.0816 |
| scoring_system |
epss |
| scoring_elements |
0.92179 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.0816 |
| scoring_system |
epss |
| scoring_elements |
0.92182 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.0816 |
| scoring_system |
epss |
| scoring_elements |
0.92187 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.0816 |
| scoring_system |
epss |
| scoring_elements |
0.92188 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.0816 |
| scoring_system |
epss |
| scoring_elements |
0.92184 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.0816 |
| scoring_system |
epss |
| scoring_elements |
0.92194 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.0816 |
| scoring_system |
epss |
| scoring_elements |
0.92196 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1000832 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-1000832
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9rr3-tdb4-1kdm |
|
| 18 |
| url |
VCID-aqfu-4m9a-hbd4 |
| vulnerability_id |
VCID-aqfu-4m9a-hbd4 |
| summary |
A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data (postLoginQuery) passed to the "ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-7203 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51747 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51767 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51622 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51673 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51698 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51659 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51713 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51709 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51758 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51736 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.5172 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51761 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-7203 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-7203
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-aqfu-4m9a-hbd4 |
|
| 19 |
| url |
VCID-cccj-wgfh-3fg4 |
| vulnerability_id |
VCID-cccj-wgfh-3fg4 |
| summary |
An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in web/skins/classic/views/plugin.php via the zm/index.php?view=plugin pl parameter. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-6777 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53907 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53926 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53799 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53819 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53846 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53871 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53868 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53916 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53899 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53883 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53921 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-6777 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-6777
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cccj-wgfh-3fg4 |
|
| 20 |
| url |
VCID-ce64-m9xt-wkec |
| vulnerability_id |
VCID-ce64-m9xt-wkec |
| summary |
ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2008-6755 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43099 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43158 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43185 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43123 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43176 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43189 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.4321 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43177 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43162 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43221 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43211 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43144 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2008-6755 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2008-6755
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ce64-m9xt-wkec |
|
| 21 |
| url |
VCID-dk87-j5dz-6bed |
| vulnerability_id |
VCID-dk87-j5dz-6bed |
| summary |
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) via /js/frame.js.php because proper filtration is omitted. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7328 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58225 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.5825 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58104 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58189 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58209 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58182 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58236 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58241 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58258 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58235 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58216 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58247 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7328 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7328
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dk87-j5dz-6bed |
|
| 22 |
| url |
VCID-dp5c-4aaa-uyaq |
| vulnerability_id |
VCID-dp5c-4aaa-uyaq |
| summary |
A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile(), which allows an authenticated attacker to read local system files (e.g., /etc/passwd) in the context of the web server user (www-data). The attack vector is a .. (dot dot) in the path parameter within a zm/index.php?view=file&path= request. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-5595 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43164 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43221 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43249 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43188 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43239 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43251 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43273 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43241 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43225 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43286 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43275 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.4321 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-5595 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-5595
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dp5c-4aaa-uyaq |
|
| 23 |
| url |
VCID-dpp2-3t2d-d3e4 |
| vulnerability_id |
VCID-dpp2-3t2d-d3e4 |
| summary |
A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-6991 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.05293 |
| scoring_system |
epss |
| scoring_elements |
0.9003 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.05293 |
| scoring_system |
epss |
| scoring_elements |
0.90032 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.05293 |
| scoring_system |
epss |
| scoring_elements |
0.89973 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.05293 |
| scoring_system |
epss |
| scoring_elements |
0.89975 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.05293 |
| scoring_system |
epss |
| scoring_elements |
0.89987 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.05293 |
| scoring_system |
epss |
| scoring_elements |
0.89993 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.05293 |
| scoring_system |
epss |
| scoring_elements |
0.90008 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.05293 |
| scoring_system |
epss |
| scoring_elements |
0.90014 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.05293 |
| scoring_system |
epss |
| scoring_elements |
0.90023 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.05293 |
| scoring_system |
epss |
| scoring_elements |
0.90022 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.05293 |
| scoring_system |
epss |
| scoring_elements |
0.90016 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.05293 |
| scoring_system |
epss |
| scoring_elements |
0.90031 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-6991 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-6991
|
| risk_score |
4.4 |
| exploitability |
0.5 |
| weighted_severity |
8.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dpp2-3t2d-d3e4 |
|
| 24 |
| url |
VCID-dz5v-tqce-a7ew |
| vulnerability_id |
VCID-dz5v-tqce-a7ew |
| summary |
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'eid' (aka Event ID) parameter value in the view download (download.php) because proper filtration is omitted. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7332 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58225 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.5825 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58104 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58189 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58209 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58182 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58236 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58241 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58258 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58235 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58216 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58247 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7332 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7332
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dz5v-tqce-a7ew |
|
| 25 |
| url |
VCID-edec-sj6n-n7d7 |
| vulnerability_id |
VCID-edec-sj6n-n7d7 |
| summary |
Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'log' as it insecurely prints the 'Log Message' value on the web page without applying any proper filtration. This relates to the view=logs value. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7335 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55842 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55838 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55661 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55772 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55795 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55775 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55826 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55829 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55837 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55818 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.558 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7335 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7335
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-edec-sj6n-n7d7 |
|
| 26 |
| url |
VCID-f9wt-f98j-ekeh |
| vulnerability_id |
VCID-f9wt-f98j-ekeh |
| summary |
Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the path info to index.php. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-10202 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.50914 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.50968 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.50993 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.50951 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.51008 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.51004 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.51047 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.51026 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.51009 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.51046 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.51053 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.51031 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-10202 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-10202
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-f9wt-f98j-ekeh |
|
| 27 |
| url |
VCID-fnhr-cs7k-gkeu |
| vulnerability_id |
VCID-fnhr-cs7k-gkeu |
| summary |
POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter value in the view log (log.php) because proper filtration is omitted. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7339 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55842 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55838 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55661 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55772 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55795 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55775 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55826 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55829 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55837 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55818 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.558 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7339 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7339
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fnhr-cs7k-gkeu |
|
| 28 |
| url |
VCID-g1r5-fbsj-n3dr |
| vulnerability_id |
VCID-g1r5-fbsj-n3dr |
| summary |
A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-6992 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53922 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53942 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53814 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53833 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53861 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53835 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53887 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53885 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53932 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53914 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53898 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53936 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-6992 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-6992
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-g1r5-fbsj-n3dr |
|
| 29 |
| url |
VCID-hpah-sv5y-8bde |
| vulnerability_id |
VCID-hpah-sv5y-8bde |
| summary |
Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-13072 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49438 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49466 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49493 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49446 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49501 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49496 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49513 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49485 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49488 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49534 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49533 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49503 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-13072 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-13072
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hpah-sv5y-8bde |
|
| 30 |
| url |
VCID-jmdh-m4ty-gqch |
| vulnerability_id |
VCID-jmdh-m4ty-gqch |
| summary |
Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[LinkedMonitors]' parameter value in the view monitor (monitor.php) because proper filtration is omitted. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7341 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58064 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58087 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.57943 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58027 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.5805 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58025 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.5808 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58083 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.581 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58077 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58056 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7341 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7341
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jmdh-m4ty-gqch |
|
| 31 |
| url |
VCID-kgpe-97pr-suee |
| vulnerability_id |
VCID-kgpe-97pr-suee |
| summary |
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Host' parameter value in the view console (console.php) because proper filtration is omitted. This relates to the index.php?view=monitor Host Name field. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7326 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55988 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56014 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55837 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55949 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.5597 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55948 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55999 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56002 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56013 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55993 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55975 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56011 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7326 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7326
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kgpe-97pr-suee |
|
| 32 |
| url |
VCID-mx9e-1cur-mqfz |
| vulnerability_id |
VCID-mx9e-1cur-mqfz |
| summary |
Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated attacker to browse all directories in the web root, e.g., a remote unauthenticated attacker can view all CCTV images on the server via the /events URI. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-10140 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.34242 |
| scoring_system |
epss |
| scoring_elements |
0.96951 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.34242 |
| scoring_system |
epss |
| scoring_elements |
0.96958 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.34242 |
| scoring_system |
epss |
| scoring_elements |
0.96963 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.34242 |
| scoring_system |
epss |
| scoring_elements |
0.96966 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.34242 |
| scoring_system |
epss |
| scoring_elements |
0.96974 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.34242 |
| scoring_system |
epss |
| scoring_elements |
0.96975 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.34242 |
| scoring_system |
epss |
| scoring_elements |
0.96978 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.34242 |
| scoring_system |
epss |
| scoring_elements |
0.96979 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.34242 |
| scoring_system |
epss |
| scoring_elements |
0.9698 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.34242 |
| scoring_system |
epss |
| scoring_elements |
0.96988 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.34242 |
| scoring_system |
epss |
| scoring_elements |
0.96991 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.34242 |
| scoring_system |
epss |
| scoring_elements |
0.96993 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-10140 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-10140
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mx9e-1cur-mqfz |
|
| 33 |
| url |
VCID-myxu-h49e-77f1 |
| vulnerability_id |
VCID-myxu-h49e-77f1 |
| summary |
In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-7464 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00179 |
| scoring_system |
epss |
| scoring_elements |
0.39391 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00179 |
| scoring_system |
epss |
| scoring_elements |
0.39553 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00179 |
| scoring_system |
epss |
| scoring_elements |
0.39576 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00179 |
| scoring_system |
epss |
| scoring_elements |
0.39491 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00179 |
| scoring_system |
epss |
| scoring_elements |
0.39546 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00179 |
| scoring_system |
epss |
| scoring_elements |
0.39562 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00179 |
| scoring_system |
epss |
| scoring_elements |
0.39572 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00179 |
| scoring_system |
epss |
| scoring_elements |
0.39534 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00179 |
| scoring_system |
epss |
| scoring_elements |
0.39517 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00179 |
| scoring_system |
epss |
| scoring_elements |
0.39567 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00179 |
| scoring_system |
epss |
| scoring_elements |
0.3954 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00179 |
| scoring_system |
epss |
| scoring_elements |
0.39455 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-7464 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-7464
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-myxu-h49e-77f1 |
|
| 34 |
| url |
VCID-p916-xnk3-rkce |
| vulnerability_id |
VCID-p916-xnk3-rkce |
| summary |
A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated user even after deletion from the users table. This allows a nonexistent user to access and modify records (add/delete Monitors, Users, etc.). |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7347 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00534 |
| scoring_system |
epss |
| scoring_elements |
0.67436 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00534 |
| scoring_system |
epss |
| scoring_elements |
0.67425 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00534 |
| scoring_system |
epss |
| scoring_elements |
0.67313 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00534 |
| scoring_system |
epss |
| scoring_elements |
0.67349 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00534 |
| scoring_system |
epss |
| scoring_elements |
0.67372 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00534 |
| scoring_system |
epss |
| scoring_elements |
0.6735 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00534 |
| scoring_system |
epss |
| scoring_elements |
0.67401 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00534 |
| scoring_system |
epss |
| scoring_elements |
0.67414 |
| published_at |
2026-04-21T12:55:00Z |
|
| 8 |
| value |
0.00534 |
| scoring_system |
epss |
| scoring_elements |
0.67435 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00534 |
| scoring_system |
epss |
| scoring_elements |
0.67423 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00534 |
| scoring_system |
epss |
| scoring_elements |
0.67389 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7347 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7347
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p916-xnk3-rkce |
|
| 35 |
| url |
VCID-pr1z-g8aw-tqez |
| vulnerability_id |
VCID-pr1z-g8aw-tqez |
| summary |
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $_SERVER['PHP_SELF'] insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7329 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55969 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55994 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55817 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55929 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55951 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.5598 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55983 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55993 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55973 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55955 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55991 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7329 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7329
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pr1z-g8aw-tqez |
|
| 36 |
| url |
VCID-qb3h-yn1c-m3cx |
| vulnerability_id |
VCID-qb3h-yn1c-m3cx |
| summary |
zoneminder: command injection via unescaped php exec() calls |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2008-1381 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01505 |
| scoring_system |
epss |
| scoring_elements |
0.811 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.01505 |
| scoring_system |
epss |
| scoring_elements |
0.81109 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.01505 |
| scoring_system |
epss |
| scoring_elements |
0.81133 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.01505 |
| scoring_system |
epss |
| scoring_elements |
0.81132 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.01505 |
| scoring_system |
epss |
| scoring_elements |
0.8116 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.01505 |
| scoring_system |
epss |
| scoring_elements |
0.81166 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.01505 |
| scoring_system |
epss |
| scoring_elements |
0.81185 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.01505 |
| scoring_system |
epss |
| scoring_elements |
0.81171 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.01505 |
| scoring_system |
epss |
| scoring_elements |
0.81165 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.01505 |
| scoring_system |
epss |
| scoring_elements |
0.81202 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.01505 |
| scoring_system |
epss |
| scoring_elements |
0.81203 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.01505 |
| scoring_system |
epss |
| scoring_elements |
0.812 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2008-1381 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2008-1381
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qb3h-yn1c-m3cx |
|
| 37 |
| url |
VCID-qcxm-vr2w-6ka7 |
| vulnerability_id |
VCID-qcxm-vr2w-6ka7 |
| summary |
Buffer overflow in the zms script in ZoneMinder before 1.19.2 may allow a remote attacker to execute arbitrary code via a long query string. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2004-0227 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03422 |
| scoring_system |
epss |
| scoring_elements |
0.87403 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.03422 |
| scoring_system |
epss |
| scoring_elements |
0.87413 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.03422 |
| scoring_system |
epss |
| scoring_elements |
0.87427 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.03422 |
| scoring_system |
epss |
| scoring_elements |
0.87428 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.03422 |
| scoring_system |
epss |
| scoring_elements |
0.87446 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.03422 |
| scoring_system |
epss |
| scoring_elements |
0.87453 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.03422 |
| scoring_system |
epss |
| scoring_elements |
0.87465 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.03422 |
| scoring_system |
epss |
| scoring_elements |
0.8746 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.03422 |
| scoring_system |
epss |
| scoring_elements |
0.87457 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.03422 |
| scoring_system |
epss |
| scoring_elements |
0.87471 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.03422 |
| scoring_system |
epss |
| scoring_elements |
0.87473 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2004-0227 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2004-0227
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qcxm-vr2w-6ka7 |
|
| 38 |
| url |
VCID-qn8h-k43x-p7cs |
| vulnerability_id |
VCID-qn8h-k43x-p7cs |
| summary |
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'show' parameter value in the view frame (frame.php) because proper filtration is omitted. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7330 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58225 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.5825 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58104 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58189 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58209 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58182 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58236 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58241 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58258 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58235 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58216 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58247 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7330 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7330
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qn8h-k43x-p7cs |
|
| 39 |
| url |
VCID-qs2j-ektc-2kf9 |
| vulnerability_id |
VCID-qs2j-ektc-2kf9 |
| summary |
skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-8426 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55973 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55998 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55821 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55933 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55955 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55984 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55987 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55997 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55977 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55959 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55995 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-8426 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-8426
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qs2j-ektc-2kf9 |
|
| 40 |
| url |
VCID-qxmt-szsx-y7a8 |
| vulnerability_id |
VCID-qxmt-szsx-y7a8 |
| summary |
Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'group' as it insecurely prints the 'Group Name' value on the web page without applying any proper filtration. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7338 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55842 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55838 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55661 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55772 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55795 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55775 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55826 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55829 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55837 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55818 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.558 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7338 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7338
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qxmt-szsx-y7a8 |
|
| 41 |
| url |
VCID-qxtk-taxx-1kde |
| vulnerability_id |
VCID-qxtk-taxx-1kde |
| summary |
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username' parameter value in the view user (user.php) because proper filtration is omitted. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7348 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.5182 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51839 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51688 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51738 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51764 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51725 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51779 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51776 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51826 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51805 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.5179 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51832 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7348 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7348
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qxtk-taxx-1kde |
|
| 42 |
| url |
VCID-r3pj-815v-uubu |
| vulnerability_id |
VCID-r3pj-815v-uubu |
| summary |
Cross Site Scripting (XSS) vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate privileges, and obtain sensitive information via PHP_SELF component in classic/views/download.php. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-25730 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.4889 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.48815 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.48893 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.48776 |
| published_at |
2026-04-01T12:55:00Z |
|
| 4 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.4884 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.48795 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.48849 |
| published_at |
2026-04-21T12:55:00Z |
|
| 7 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.48845 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.48861 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.48835 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.48844 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-25730 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-25730
|
| risk_score |
3.7 |
| exploitability |
0.5 |
| weighted_severity |
7.4 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r3pj-815v-uubu |
|
| 43 |
| url |
VCID-r4zz-6j52-cue5 |
| vulnerability_id |
VCID-r4zz-6j52-cue5 |
| summary |
Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-10203 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00326 |
| scoring_system |
epss |
| scoring_elements |
0.55467 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00326 |
| scoring_system |
epss |
| scoring_elements |
0.55579 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00326 |
| scoring_system |
epss |
| scoring_elements |
0.55603 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00326 |
| scoring_system |
epss |
| scoring_elements |
0.55581 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00326 |
| scoring_system |
epss |
| scoring_elements |
0.55633 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00326 |
| scoring_system |
epss |
| scoring_elements |
0.55636 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00326 |
| scoring_system |
epss |
| scoring_elements |
0.55645 |
| published_at |
2026-04-16T12:55:00Z |
|
| 7 |
| value |
0.00326 |
| scoring_system |
epss |
| scoring_elements |
0.55624 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00326 |
| scoring_system |
epss |
| scoring_elements |
0.55607 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00326 |
| scoring_system |
epss |
| scoring_elements |
0.55648 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00326 |
| scoring_system |
epss |
| scoring_elements |
0.55628 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-10203 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-10203
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r4zz-6j52-cue5 |
|
| 44 |
| url |
VCID-r751-csse-zuaq |
| vulnerability_id |
VCID-r751-csse-zuaq |
| summary |
ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1000833 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01979 |
| scoring_system |
epss |
| scoring_elements |
0.83503 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.01979 |
| scoring_system |
epss |
| scoring_elements |
0.83515 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.01979 |
| scoring_system |
epss |
| scoring_elements |
0.83529 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.01979 |
| scoring_system |
epss |
| scoring_elements |
0.8353 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.01979 |
| scoring_system |
epss |
| scoring_elements |
0.83554 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.01979 |
| scoring_system |
epss |
| scoring_elements |
0.83563 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.01979 |
| scoring_system |
epss |
| scoring_elements |
0.83578 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.01979 |
| scoring_system |
epss |
| scoring_elements |
0.83572 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.01979 |
| scoring_system |
epss |
| scoring_elements |
0.83568 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.01979 |
| scoring_system |
epss |
| scoring_elements |
0.83602 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.01979 |
| scoring_system |
epss |
| scoring_elements |
0.83603 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1000833 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-1000833
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r751-csse-zuaq |
|
| 45 |
| url |
VCID-rdyb-mgsn-gyb5 |
| vulnerability_id |
VCID-rdyb-mgsn-gyb5 |
| summary |
ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF (Cross Site Request Forgery) which allows a remote attack to make changes to the web application as the current logged in victim. If the victim visits a malicious web page, the attacker can silently and automatically create a new admin user within the web application for remote persistence and further attacks. The URL is /zm/index.php and sample parameters could include action=user uid=0 newUser[Username]=attacker1 newUser[Password]=Password1234 conf_password=Password1234 newUser[System]=Edit (among others). |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-5368 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00205 |
| scoring_system |
epss |
| scoring_elements |
0.4257 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00205 |
| scoring_system |
epss |
| scoring_elements |
0.42641 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00205 |
| scoring_system |
epss |
| scoring_elements |
0.42669 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00205 |
| scoring_system |
epss |
| scoring_elements |
0.4261 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00205 |
| scoring_system |
epss |
| scoring_elements |
0.42661 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00205 |
| scoring_system |
epss |
| scoring_elements |
0.42673 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00205 |
| scoring_system |
epss |
| scoring_elements |
0.42696 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00205 |
| scoring_system |
epss |
| scoring_elements |
0.4266 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00205 |
| scoring_system |
epss |
| scoring_elements |
0.42643 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00205 |
| scoring_system |
epss |
| scoring_elements |
0.42703 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00205 |
| scoring_system |
epss |
| scoring_elements |
0.42689 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00205 |
| scoring_system |
epss |
| scoring_elements |
0.42626 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-5368 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-5368
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rdyb-mgsn-gyb5 |
|
| 46 |
| url |
VCID-sdf7-gmgd-pkf8 |
| vulnerability_id |
VCID-sdf7-gmgd-pkf8 |
| summary |
Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-10205 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00743 |
| scoring_system |
epss |
| scoring_elements |
0.72953 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00743 |
| scoring_system |
epss |
| scoring_elements |
0.72965 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00743 |
| scoring_system |
epss |
| scoring_elements |
0.72984 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00743 |
| scoring_system |
epss |
| scoring_elements |
0.7296 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00743 |
| scoring_system |
epss |
| scoring_elements |
0.72997 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00743 |
| scoring_system |
epss |
| scoring_elements |
0.73011 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00743 |
| scoring_system |
epss |
| scoring_elements |
0.73036 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00743 |
| scoring_system |
epss |
| scoring_elements |
0.73015 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00743 |
| scoring_system |
epss |
| scoring_elements |
0.73008 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00743 |
| scoring_system |
epss |
| scoring_elements |
0.7305 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00743 |
| scoring_system |
epss |
| scoring_elements |
0.7306 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00743 |
| scoring_system |
epss |
| scoring_elements |
0.73052 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-10205 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-10205
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sdf7-gmgd-pkf8 |
|
| 47 |
| url |
VCID-t5fd-hvgs-sue7 |
| vulnerability_id |
VCID-t5fd-hvgs-sue7 |
| summary |
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 as the view 'events' (events.php) insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader() in functions.php, which insecurely returns the value of the limit query string parameter without applying any filtration. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7337 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00321 |
| scoring_system |
epss |
| scoring_elements |
0.55219 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00321 |
| scoring_system |
epss |
| scoring_elements |
0.55239 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00321 |
| scoring_system |
epss |
| scoring_elements |
0.55074 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00321 |
| scoring_system |
epss |
| scoring_elements |
0.55175 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00321 |
| scoring_system |
epss |
| scoring_elements |
0.55199 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00321 |
| scoring_system |
epss |
| scoring_elements |
0.55174 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00321 |
| scoring_system |
epss |
| scoring_elements |
0.55223 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00321 |
| scoring_system |
epss |
| scoring_elements |
0.55235 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00321 |
| scoring_system |
epss |
| scoring_elements |
0.55216 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00321 |
| scoring_system |
epss |
| scoring_elements |
0.55197 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00321 |
| scoring_system |
epss |
| scoring_elements |
0.55236 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7337 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7337
|
| risk_score |
2.1 |
| exploitability |
0.5 |
| weighted_severity |
4.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t5fd-hvgs-sue7 |
|
| 48 |
| url |
VCID-tj5u-pm5u-4ug6 |
| vulnerability_id |
VCID-tj5u-pm5u-4ug6 |
| summary |
includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) runState parameter in the packageControl function; or (2) key or (3) command parameter in the setDeviceStatusX10 function. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-0232 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.7823 |
| scoring_system |
epss |
| scoring_elements |
0.99025 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.7823 |
| scoring_system |
epss |
| scoring_elements |
0.99012 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.7823 |
| scoring_system |
epss |
| scoring_elements |
0.99013 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.7823 |
| scoring_system |
epss |
| scoring_elements |
0.99016 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.7823 |
| scoring_system |
epss |
| scoring_elements |
0.99018 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.7823 |
| scoring_system |
epss |
| scoring_elements |
0.99019 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.7823 |
| scoring_system |
epss |
| scoring_elements |
0.9902 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.7823 |
| scoring_system |
epss |
| scoring_elements |
0.99022 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.7823 |
| scoring_system |
epss |
| scoring_elements |
0.99024 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-0232 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-0232
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tj5u-pm5u-4ug6 |
|
| 49 |
| url |
VCID-ug2b-2eg5-jfbb |
| vulnerability_id |
VCID-ug2b-2eg5-jfbb |
| summary |
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[V4LCapturesPerFrame]' parameter value in the view monitor (monitor.php) because proper filtration is omitted. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7349 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55842 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55838 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55661 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55772 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55795 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55775 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55826 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55829 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55837 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55818 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.558 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7349 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7349
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ug2b-2eg5-jfbb |
|
| 50 |
| url |
VCID-ukjs-5za3-xqdb |
| vulnerability_id |
VCID-ukjs-5za3-xqdb |
| summary |
Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'filter' as it insecurely prints the 'filter[Name]' (aka Filter name) value on the web page without applying any proper filtration. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7344 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55842 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55838 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55661 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55772 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55795 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55775 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55826 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55829 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55837 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55818 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.558 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7344 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7344
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ukjs-5za3-xqdb |
|
| 51 |
| url |
VCID-v56x-raf9-kydq |
| vulnerability_id |
VCID-v56x-raf9-kydq |
| summary |
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-8424 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.5586 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55887 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55707 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.5582 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55843 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55821 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55872 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55875 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55885 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55865 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55846 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55882 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-8424 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-8424
|
| risk_score |
4.4 |
| exploitability |
0.5 |
| weighted_severity |
8.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-v56x-raf9-kydq |
|
| 52 |
| url |
VCID-w96c-3tde-d7b1 |
| vulnerability_id |
VCID-w96c-3tde-d7b1 |
| summary |
SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-10204 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00518 |
| scoring_system |
epss |
| scoring_elements |
0.66663 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00518 |
| scoring_system |
epss |
| scoring_elements |
0.66704 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00518 |
| scoring_system |
epss |
| scoring_elements |
0.66729 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00518 |
| scoring_system |
epss |
| scoring_elements |
0.66702 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00518 |
| scoring_system |
epss |
| scoring_elements |
0.66751 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00518 |
| scoring_system |
epss |
| scoring_elements |
0.66766 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00518 |
| scoring_system |
epss |
| scoring_elements |
0.66785 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00518 |
| scoring_system |
epss |
| scoring_elements |
0.66772 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00518 |
| scoring_system |
epss |
| scoring_elements |
0.66743 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00518 |
| scoring_system |
epss |
| scoring_elements |
0.66777 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00518 |
| scoring_system |
epss |
| scoring_elements |
0.6679 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00518 |
| scoring_system |
epss |
| scoring_elements |
0.66775 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-10204 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-10204
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w96c-3tde-d7b1 |
|
| 53 |
| url |
VCID-wdng-puzu-5kah |
| vulnerability_id |
VCID-wdng-puzu-5kah |
| summary |
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) because proper filtration is omitted. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7327 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58225 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.5825 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58104 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58189 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58209 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58182 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58236 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58241 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58258 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58235 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58216 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58247 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7327 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7327
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wdng-puzu-5kah |
|
| 54 |
| url |
VCID-xj45-xv47-ruhe |
| vulnerability_id |
VCID-xj45-xv47-ruhe |
| summary |
A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a "Try again" button, which allows resending the failed request, making the CSRF attack successful. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7346 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39153 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39241 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39065 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.3925 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39273 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39192 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39247 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39263 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39274 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39236 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39218 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39271 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7346 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7346
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
7.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xj45-xv47-ruhe |
|
| 55 |
| url |
VCID-y3vt-x7b1-4yer |
| vulnerability_id |
VCID-y3vt-x7b1-4yer |
| summary |
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view export (export.php) because proper filtration is omitted. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7334 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55842 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55838 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55661 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55772 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55795 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55775 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55826 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55829 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55837 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55818 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.558 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7334 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7334
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-y3vt-x7b1-4yer |
|
| 56 |
| url |
VCID-ys4w-ngmr-mbh9 |
| vulnerability_id |
VCID-ys4w-ngmr-mbh9 |
| summary |
Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-10201 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.50914 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.50968 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.50993 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.50951 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.51008 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.51004 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.51047 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.51026 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.51009 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.51046 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.51053 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.51031 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-10201 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-10201
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ys4w-ngmr-mbh9 |
|
| 57 |
| url |
VCID-yxpy-5fmj-cbb7 |
| vulnerability_id |
VCID-yxpy-5fmj-cbb7 |
| summary |
ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-25729 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00528 |
| scoring_system |
epss |
| scoring_elements |
0.67069 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00528 |
| scoring_system |
epss |
| scoring_elements |
0.67106 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00528 |
| scoring_system |
epss |
| scoring_elements |
0.6713 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00528 |
| scoring_system |
epss |
| scoring_elements |
0.67104 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00528 |
| scoring_system |
epss |
| scoring_elements |
0.67154 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00528 |
| scoring_system |
epss |
| scoring_elements |
0.67167 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00528 |
| scoring_system |
epss |
| scoring_elements |
0.67186 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00528 |
| scoring_system |
epss |
| scoring_elements |
0.67172 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00528 |
| scoring_system |
epss |
| scoring_elements |
0.67141 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00528 |
| scoring_system |
epss |
| scoring_elements |
0.67175 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00528 |
| scoring_system |
epss |
| scoring_elements |
0.67189 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00528 |
| scoring_system |
epss |
| scoring_elements |
0.67169 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-25729 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-25729
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yxpy-5fmj-cbb7 |
|
| 58 |
| url |
VCID-zd7k-6rwb-qug5 |
| vulnerability_id |
VCID-zd7k-6rwb-qug5 |
| summary |
Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary commands via (1) the executeFilter function in zm_html_view_events.php and (2) the run_state parameter to zm_html_view_state.php. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2008-3882 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0468 |
| scoring_system |
epss |
| scoring_elements |
0.89347 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.0468 |
| scoring_system |
epss |
| scoring_elements |
0.89292 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.0468 |
| scoring_system |
epss |
| scoring_elements |
0.89298 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.0468 |
| scoring_system |
epss |
| scoring_elements |
0.89311 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.0468 |
| scoring_system |
epss |
| scoring_elements |
0.89313 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.0468 |
| scoring_system |
epss |
| scoring_elements |
0.8933 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.0468 |
| scoring_system |
epss |
| scoring_elements |
0.89334 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.0468 |
| scoring_system |
epss |
| scoring_elements |
0.89343 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.0468 |
| scoring_system |
epss |
| scoring_elements |
0.8934 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.0468 |
| scoring_system |
epss |
| scoring_elements |
0.89336 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.0468 |
| scoring_system |
epss |
| scoring_elements |
0.8935 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2008-3882 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
|
| fixed_packages |
|
| aliases |
CVE-2008-3882
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zd7k-6rwb-qug5 |
|
| 59 |
| url |
VCID-zu3w-apm5-8bdw |
| vulnerability_id |
VCID-zu3w-apm5-8bdw |
| summary |
Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-10206 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32517 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32666 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32702 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32523 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.3257 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32596 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32598 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32561 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32533 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32548 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32516 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-10206 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-10206
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zu3w-apm5-8bdw |
|