| 0 |
| url |
VCID-11zt-rw3z-87gx |
| vulnerability_id |
VCID-11zt-rw3z-87gx |
| summary |
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view download (download.php) because proper filtration is omitted. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7333 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58044 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.5803 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.57943 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58027 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.5805 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58025 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.5808 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58083 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.581 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58077 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58056 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58087 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58064 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7333 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7333
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-11zt-rw3z-87gx |
|
| 1 |
| url |
VCID-1b3u-17mt-5qfe |
| vulnerability_id |
VCID-1b3u-17mt-5qfe |
| summary |
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37.* <= 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-51482 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.48284 |
| scoring_system |
epss |
| scoring_elements |
0.97745 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.48284 |
| scoring_system |
epss |
| scoring_elements |
0.97744 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.48481 |
| scoring_system |
epss |
| scoring_elements |
0.97756 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.53071 |
| scoring_system |
epss |
| scoring_elements |
0.97949 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.53071 |
| scoring_system |
epss |
| scoring_elements |
0.97954 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.53071 |
| scoring_system |
epss |
| scoring_elements |
0.97945 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.53071 |
| scoring_system |
epss |
| scoring_elements |
0.97946 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.549 |
| scoring_system |
epss |
| scoring_elements |
0.98043 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.549 |
| scoring_system |
epss |
| scoring_elements |
0.98048 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.549 |
| scoring_system |
epss |
| scoring_elements |
0.98049 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.549 |
| scoring_system |
epss |
| scoring_elements |
0.98055 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-51482 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-51482
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1b3u-17mt-5qfe |
|
| 2 |
| url |
VCID-23ug-uzth-tybf |
| vulnerability_id |
VCID-23ug-uzth-tybf |
| summary |
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'state' (aka Run State) (state.php) does no input validation to the value supplied to the 'New State' (aka newState) field, allowing an attacker to execute HTML or JavaScript code. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7352 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55761 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55744 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55661 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55772 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55795 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55775 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55826 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55829 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55837 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55818 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.558 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55838 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55842 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7352 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7352
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-23ug-uzth-tybf |
|
| 3 |
| url |
VCID-35hj-x1e2-eug1 |
| vulnerability_id |
VCID-35hj-x1e2-eug1 |
| summary |
ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-8428 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55805 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55787 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55707 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.5582 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55843 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55821 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55872 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55875 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55885 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55865 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55846 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55882 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55887 |
| published_at |
2026-04-18T12:55:00Z |
|
| 13 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.5586 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-8428 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-8428
|
| risk_score |
4.4 |
| exploitability |
0.5 |
| weighted_severity |
8.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-35hj-x1e2-eug1 |
|
| 4 |
| url |
VCID-3xuk-942c-kkbf |
| vulnerability_id |
VCID-3xuk-942c-kkbf |
| summary |
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the montagereview via the displayinterval, speed, and scale parameters. This vulnerability is fixed in 1.36.34 and 1.37.61. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-43359 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00262 |
| scoring_system |
epss |
| scoring_elements |
0.49525 |
| published_at |
2026-04-24T12:55:00Z |
|
| 1 |
| value |
0.00262 |
| scoring_system |
epss |
| scoring_elements |
0.49546 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00262 |
| scoring_system |
epss |
| scoring_elements |
0.49518 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00262 |
| scoring_system |
epss |
| scoring_elements |
0.4952 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00262 |
| scoring_system |
epss |
| scoring_elements |
0.49567 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.00262 |
| scoring_system |
epss |
| scoring_elements |
0.49564 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.00262 |
| scoring_system |
epss |
| scoring_elements |
0.49535 |
| published_at |
2026-04-26T12:55:00Z |
|
| 7 |
| value |
0.00262 |
| scoring_system |
epss |
| scoring_elements |
0.49499 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.00262 |
| scoring_system |
epss |
| scoring_elements |
0.49526 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00262 |
| scoring_system |
epss |
| scoring_elements |
0.49478 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.00262 |
| scoring_system |
epss |
| scoring_elements |
0.49533 |
| published_at |
2026-04-08T12:55:00Z |
|
| 11 |
| value |
0.00262 |
| scoring_system |
epss |
| scoring_elements |
0.49529 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-43359 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-43359
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3xuk-942c-kkbf |
|
| 5 |
| url |
VCID-3zrk-nztf-nqfd |
| vulnerability_id |
VCID-3zrk-nztf-nqfd |
| summary |
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'options' (options.php) does no input validation for the WEB_TITLE, HOME_URL, HOME_CONTENT, or WEB_CONSOLE_BANNER value, allowing an attacker to execute HTML or JavaScript code. This relates to functions.php. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7345 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46423 |
| published_at |
2026-04-24T12:55:00Z |
|
| 1 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46443 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46374 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46415 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46435 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46383 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46439 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46463 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46434 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46444 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46501 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46498 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7345 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7345
|
| risk_score |
2.1 |
| exploitability |
0.5 |
| weighted_severity |
4.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3zrk-nztf-nqfd |
|
| 6 |
| url |
VCID-4mfm-zzrx-6ffb |
| vulnerability_id |
VCID-4mfm-zzrx-6ffb |
| summary |
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the filter view via the filter[Id]. This vulnerability is fixed in 1.36.34 and 1.37.61. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-43358 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01323 |
| scoring_system |
epss |
| scoring_elements |
0.79955 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.01323 |
| scoring_system |
epss |
| scoring_elements |
0.79912 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.01323 |
| scoring_system |
epss |
| scoring_elements |
0.79895 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.01323 |
| scoring_system |
epss |
| scoring_elements |
0.79888 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.01323 |
| scoring_system |
epss |
| scoring_elements |
0.79917 |
| published_at |
2026-04-18T12:55:00Z |
|
| 5 |
| value |
0.01323 |
| scoring_system |
epss |
| scoring_elements |
0.7992 |
| published_at |
2026-04-21T12:55:00Z |
|
| 6 |
| value |
0.01323 |
| scoring_system |
epss |
| scoring_elements |
0.79949 |
| published_at |
2026-04-24T12:55:00Z |
|
| 7 |
| value |
0.01323 |
| scoring_system |
epss |
| scoring_elements |
0.79847 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.01323 |
| scoring_system |
epss |
| scoring_elements |
0.79868 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.01323 |
| scoring_system |
epss |
| scoring_elements |
0.79856 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.01323 |
| scoring_system |
epss |
| scoring_elements |
0.79885 |
| published_at |
2026-04-08T12:55:00Z |
|
| 11 |
| value |
0.01323 |
| scoring_system |
epss |
| scoring_elements |
0.79892 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-43358 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-43358
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4mfm-zzrx-6ffb |
|
| 7 |
| url |
VCID-4qtk-7myx-vfcd |
| vulnerability_id |
VCID-4qtk-7myx-vfcd |
| summary |
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-26035 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.55722 |
| scoring_system |
epss |
| scoring_elements |
0.98074 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.55722 |
| scoring_system |
epss |
| scoring_elements |
0.98078 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.55722 |
| scoring_system |
epss |
| scoring_elements |
0.98079 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.55722 |
| scoring_system |
epss |
| scoring_elements |
0.98083 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.55722 |
| scoring_system |
epss |
| scoring_elements |
0.98084 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.55722 |
| scoring_system |
epss |
| scoring_elements |
0.98089 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.55722 |
| scoring_system |
epss |
| scoring_elements |
0.9809 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.55722 |
| scoring_system |
epss |
| scoring_elements |
0.98095 |
| published_at |
2026-04-26T12:55:00Z |
|
| 8 |
| value |
0.55722 |
| scoring_system |
epss |
| scoring_elements |
0.98097 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.55722 |
| scoring_system |
epss |
| scoring_elements |
0.98093 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-26035 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-26035
|
| risk_score |
1.0 |
| exploitability |
2.0 |
| weighted_severity |
0.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4qtk-7myx-vfcd |
|
| 8 |
| url |
VCID-4zbd-b8b7-tfa4 |
| vulnerability_id |
VCID-4zbd-b8b7-tfa4 |
| summary |
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as multiple views under web/skins/classic/views insecurely utilize $_REQUEST['PHP_SELF'], without applying any proper filtration. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7325 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55935 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55914 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55837 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55949 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.5597 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55948 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55999 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56002 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56013 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55993 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55975 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56011 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56014 |
| published_at |
2026-04-18T12:55:00Z |
|
| 13 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55988 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7325 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7325
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4zbd-b8b7-tfa4 |
|
| 9 |
| url |
VCID-578u-3ew5-qyh5 |
| vulnerability_id |
VCID-578u-3ew5-qyh5 |
| summary |
Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) view, (2) request, or (3) action parameter. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-0332 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.31131 |
| scoring_system |
epss |
| scoring_elements |
0.96769 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.31131 |
| scoring_system |
epss |
| scoring_elements |
0.96725 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.31131 |
| scoring_system |
epss |
| scoring_elements |
0.96735 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.31131 |
| scoring_system |
epss |
| scoring_elements |
0.96736 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.31131 |
| scoring_system |
epss |
| scoring_elements |
0.96741 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.31131 |
| scoring_system |
epss |
| scoring_elements |
0.96748 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.31131 |
| scoring_system |
epss |
| scoring_elements |
0.96749 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.31131 |
| scoring_system |
epss |
| scoring_elements |
0.96752 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.31131 |
| scoring_system |
epss |
| scoring_elements |
0.96755 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.31131 |
| scoring_system |
epss |
| scoring_elements |
0.96761 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.31131 |
| scoring_system |
epss |
| scoring_elements |
0.96765 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.31131 |
| scoring_system |
epss |
| scoring_elements |
0.96768 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.31131 |
| scoring_system |
epss |
| scoring_elements |
0.96767 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-0332 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-0332
|
| risk_score |
9.0 |
| exploitability |
2.0 |
| weighted_severity |
4.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-578u-3ew5-qyh5 |
|
| 10 |
| url |
VCID-5ba3-bxk1-pbht |
| vulnerability_id |
VCID-5ba3-bxk1-pbht |
| summary |
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view _monitor_filters.php contains takes in input from the user and saves it into the session, and retrieves it later (insecurely). The values of the MonitorName and Source parameters are being displayed without any output filtration being applied. This relates to the view=cycle value. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7336 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55761 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55744 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55661 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55772 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55795 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55775 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55826 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55829 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55837 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55818 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.558 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55838 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55842 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7336 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7336
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5ba3-bxk1-pbht |
|
| 11 |
| url |
VCID-619e-k5cr-nyap |
| vulnerability_id |
VCID-619e-k5cr-nyap |
| summary |
Multiple cross-site scripting (XSS) vulnerabilities in ZoneMinder 1.23.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified "zm_html_view_*.php" files. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2008-3881 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00285 |
| scoring_system |
epss |
| scoring_elements |
0.51961 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00285 |
| scoring_system |
epss |
| scoring_elements |
0.51871 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00285 |
| scoring_system |
epss |
| scoring_elements |
0.51919 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00285 |
| scoring_system |
epss |
| scoring_elements |
0.51946 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00285 |
| scoring_system |
epss |
| scoring_elements |
0.5191 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00285 |
| scoring_system |
epss |
| scoring_elements |
0.51964 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00285 |
| scoring_system |
epss |
| scoring_elements |
0.51963 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00285 |
| scoring_system |
epss |
| scoring_elements |
0.52015 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00285 |
| scoring_system |
epss |
| scoring_elements |
0.51997 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00285 |
| scoring_system |
epss |
| scoring_elements |
0.51981 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00285 |
| scoring_system |
epss |
| scoring_elements |
0.52023 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00285 |
| scoring_system |
epss |
| scoring_elements |
0.52029 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.00285 |
| scoring_system |
epss |
| scoring_elements |
0.52009 |
| published_at |
2026-04-21T12:55:00Z |
|
| 13 |
| value |
0.00285 |
| scoring_system |
epss |
| scoring_elements |
0.51955 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2008-3881 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
|
| fixed_packages |
|
| aliases |
CVE-2008-3881
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-619e-k5cr-nyap |
|
| 12 |
| url |
VCID-643r-dxjk-63d2 |
| vulnerability_id |
VCID-643r-dxjk-63d2 |
| summary |
zoneminder: command injection, SQL injection and multiple XSS issues (CVE-2008-3882, CVE-2008-3880, CVE-2008-3881) |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2008-3880 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.62118 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.61944 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.62015 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.62047 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.62065 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.62083 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.62103 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.62093 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.62072 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.62115 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.6212 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.62104 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.62101 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2008-3880 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
|
| fixed_packages |
|
| aliases |
CVE-2008-3880
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-643r-dxjk-63d2 |
|
| 13 |
| url |
VCID-64wa-wgn6-nub8 |
| vulnerability_id |
VCID-64wa-wgn6-nub8 |
| summary |
ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2008-6756 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11464 |
| published_at |
2026-04-24T12:55:00Z |
|
| 1 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11591 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11645 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11434 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.1152 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11579 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.1159 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11555 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.1153 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11389 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11511 |
| published_at |
2026-04-21T12:55:00Z |
|
| 11 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11424 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2008-6756 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2008-6756
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-64wa-wgn6-nub8 |
|
| 14 |
| url |
VCID-694p-mbsg-e7f6 |
| vulnerability_id |
VCID-694p-mbsg-e7f6 |
| summary |
Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, which allows a remote attacker to execute malicious scripts within an authenticated client's browser. The URL is /zm/index.php and sample parameters could include action=login&view=postlogin[XSS] view=console[XSS] view=groups[XSS] view=events&filter[terms][1][cnj]=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=[XSS]and view=events&limit=1%22%3E%3C/a%3E[XSS] (among others). |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-5367 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65556 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65604 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65634 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.656 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65652 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65664 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65684 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.6567 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65641 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65676 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65689 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65672 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65687 |
| published_at |
2026-04-24T12:55:00Z |
|
| 13 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65699 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-5367 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-5367
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-694p-mbsg-e7f6 |
|
| 15 |
| url |
VCID-6mdb-h6fb-c7d6 |
| vulnerability_id |
VCID-6mdb-h6fb-c7d6 |
| summary |
POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[AutoExecuteCmd]' parameter value in the view filter (filter.php) because proper filtration is omitted. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7342 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55664 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55647 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55561 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55673 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55695 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55674 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55725 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55728 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55737 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55717 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.557 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.5574 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55744 |
| published_at |
2026-04-18T12:55:00Z |
|
| 13 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55722 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7342 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7342
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6mdb-h6fb-c7d6 |
|
| 16 |
| url |
VCID-6xnz-k4kg-eqhd |
| vulnerability_id |
VCID-6xnz-k4kg-eqhd |
| summary |
Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[Method]' parameter value in the view monitor (monitor.php) because proper filtration is omitted. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7343 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58044 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.5803 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.57943 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58027 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.5805 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58025 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.5808 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58083 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.581 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58077 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58056 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58087 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58064 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7343 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7343
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6xnz-k4kg-eqhd |
|
| 17 |
| url |
VCID-7vc9-wfjb-t3ba |
| vulnerability_id |
VCID-7vc9-wfjb-t3ba |
| summary |
ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views the specific log on the "view=log" page. This vulnerability allows an attacker to store code within the logs that will be executed when loaded by a legitimate user. These actions will be performed with the permission of the victim. This could lead to data loss and/or further exploitation including account takeover. This issue has been addressed in versions `1.36.27` and `1.37.24`. Users are advised to upgrade. Users unable to upgrade should disable database logging. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-39285 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01852 |
| scoring_system |
epss |
| scoring_elements |
0.83078 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.01852 |
| scoring_system |
epss |
| scoring_elements |
0.83006 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.01852 |
| scoring_system |
epss |
| scoring_elements |
0.83045 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.01852 |
| scoring_system |
epss |
| scoring_elements |
0.83044 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.01852 |
| scoring_system |
epss |
| scoring_elements |
0.83047 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.01852 |
| scoring_system |
epss |
| scoring_elements |
0.8307 |
| published_at |
2026-04-24T12:55:00Z |
|
| 6 |
| value |
0.01852 |
| scoring_system |
epss |
| scoring_elements |
0.82959 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.01852 |
| scoring_system |
epss |
| scoring_elements |
0.82972 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.01852 |
| scoring_system |
epss |
| scoring_elements |
0.82969 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.01852 |
| scoring_system |
epss |
| scoring_elements |
0.82994 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.01852 |
| scoring_system |
epss |
| scoring_elements |
0.83001 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.01852 |
| scoring_system |
epss |
| scoring_elements |
0.83017 |
| published_at |
2026-04-11T12:55:00Z |
|
| 12 |
| value |
0.01852 |
| scoring_system |
epss |
| scoring_elements |
0.83011 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-39285 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-39285
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7vc9-wfjb-t3ba |
|
| 18 |
| url |
VCID-7x1r-12y1-ekfk |
| vulnerability_id |
VCID-7x1r-12y1-ekfk |
| summary |
POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[Query][terms][0][val]' parameter value in the view filter (filter.php) because proper filtration is omitted. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7340 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58044 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.5803 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.57943 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58027 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.5805 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58025 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.5808 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58083 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.581 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58077 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58056 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58087 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58064 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7340 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7340
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7x1r-12y1-ekfk |
|
| 19 |
| url |
VCID-7x51-uyq2-9qax |
| vulnerability_id |
VCID-7x51-uyq2-9qax |
| summary |
ZoneMinder is a free, open source Closed-circuit television software application. In WWW/AJAX/watch.php, Line: 51 takes a few parameter in sql query without sanitizing it which makes it vulnerable to sql injection. This vulnerability is fixed in 1.36.34. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-41884 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00359 |
| scoring_system |
epss |
| scoring_elements |
0.58108 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00359 |
| scoring_system |
epss |
| scoring_elements |
0.58163 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00359 |
| scoring_system |
epss |
| scoring_elements |
0.5814 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00359 |
| scoring_system |
epss |
| scoring_elements |
0.5812 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00359 |
| scoring_system |
epss |
| scoring_elements |
0.58151 |
| published_at |
2026-04-18T12:55:00Z |
|
| 5 |
| value |
0.00359 |
| scoring_system |
epss |
| scoring_elements |
0.58127 |
| published_at |
2026-04-21T12:55:00Z |
|
| 6 |
| value |
0.00359 |
| scoring_system |
epss |
| scoring_elements |
0.58094 |
| published_at |
2026-04-24T12:55:00Z |
|
| 7 |
| value |
0.00359 |
| scoring_system |
epss |
| scoring_elements |
0.58115 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00359 |
| scoring_system |
epss |
| scoring_elements |
0.5809 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00359 |
| scoring_system |
epss |
| scoring_elements |
0.58144 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.00359 |
| scoring_system |
epss |
| scoring_elements |
0.58148 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-41884 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-41884
|
| risk_score |
3.2 |
| exploitability |
0.5 |
| weighted_severity |
6.4 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7x51-uyq2-9qax |
|
| 20 |
| url |
VCID-8uu9-g2r8-nyep |
| vulnerability_id |
VCID-8uu9-g2r8-nyep |
| summary |
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 while editing an existing monitor field named "signal check color" (monitor.php). There exists no input validation or output filtration, leaving it vulnerable to HTML Injection and an XSS attack. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7331 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55935 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55914 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55837 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55949 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.5597 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55948 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55999 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56002 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56013 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55993 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55975 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56011 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56014 |
| published_at |
2026-04-18T12:55:00Z |
|
| 13 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55988 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7331 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7331
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8uu9-g2r8-nyep |
|
| 21 |
| url |
VCID-8vh1-pk4c-63hz |
| vulnerability_id |
VCID-8vh1-pk4c-63hz |
| summary |
A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a crafted Zone NAME to the index.php?view=zones&action=zoneImage&mid=1 URI. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-6990 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0027 |
| scoring_system |
epss |
| scoring_elements |
0.5051 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.0027 |
| scoring_system |
epss |
| scoring_elements |
0.50501 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.0027 |
| scoring_system |
epss |
| scoring_elements |
0.50438 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.0027 |
| scoring_system |
epss |
| scoring_elements |
0.50495 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.0027 |
| scoring_system |
epss |
| scoring_elements |
0.50522 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.0027 |
| scoring_system |
epss |
| scoring_elements |
0.50475 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.0027 |
| scoring_system |
epss |
| scoring_elements |
0.50529 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.0027 |
| scoring_system |
epss |
| scoring_elements |
0.50526 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.0027 |
| scoring_system |
epss |
| scoring_elements |
0.50567 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.0027 |
| scoring_system |
epss |
| scoring_elements |
0.50544 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.0027 |
| scoring_system |
epss |
| scoring_elements |
0.50573 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.0027 |
| scoring_system |
epss |
| scoring_elements |
0.50577 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.0027 |
| scoring_system |
epss |
| scoring_elements |
0.50555 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-6990 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-6990
|
| risk_score |
2.5 |
| exploitability |
0.5 |
| weighted_severity |
4.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8vh1-pk4c-63hz |
|
| 22 |
| url |
VCID-95ub-6q5w-p3cm |
| vulnerability_id |
VCID-95ub-6q5w-p3cm |
| summary |
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an OS Command Injection via daemonControl() in (/web/api/app/Controller/HostController.php). Any authenticated user can construct an api command to execute any shell command as the web user. This issue is patched in versions 1.36.33 and 1.37.33. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-26039 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.05839 |
| scoring_system |
epss |
| scoring_elements |
0.90572 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.05839 |
| scoring_system |
epss |
| scoring_elements |
0.90571 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.05839 |
| scoring_system |
epss |
| scoring_elements |
0.90504 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.05839 |
| scoring_system |
epss |
| scoring_elements |
0.90514 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.05839 |
| scoring_system |
epss |
| scoring_elements |
0.9052 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.05839 |
| scoring_system |
epss |
| scoring_elements |
0.90533 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.05839 |
| scoring_system |
epss |
| scoring_elements |
0.90539 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.05839 |
| scoring_system |
epss |
| scoring_elements |
0.90547 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.05839 |
| scoring_system |
epss |
| scoring_elements |
0.90541 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.05839 |
| scoring_system |
epss |
| scoring_elements |
0.90559 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.05839 |
| scoring_system |
epss |
| scoring_elements |
0.90558 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.05839 |
| scoring_system |
epss |
| scoring_elements |
0.90557 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-26039 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-26039
|
| risk_score |
3.2 |
| exploitability |
0.5 |
| weighted_severity |
6.4 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-95ub-6q5w-p3cm |
|
| 23 |
| url |
VCID-9kh5-715y-pud4 |
| vulnerability_id |
VCID-9kh5-715y-pud4 |
| summary |
ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CSRF key from the request. An attacker can take advantage of this by using an HTTP GET request to perform actions with no CSRF protection. This could allow an attacker to cause an authenticated user to perform unexpected actions on the web application. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-39290 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.04003 |
| scoring_system |
epss |
| scoring_elements |
0.88464 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.04003 |
| scoring_system |
epss |
| scoring_elements |
0.88448 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.04003 |
| scoring_system |
epss |
| scoring_elements |
0.88445 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.04003 |
| scoring_system |
epss |
| scoring_elements |
0.88459 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.04003 |
| scoring_system |
epss |
| scoring_elements |
0.88392 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.04003 |
| scoring_system |
epss |
| scoring_elements |
0.88401 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.04003 |
| scoring_system |
epss |
| scoring_elements |
0.88405 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.04003 |
| scoring_system |
epss |
| scoring_elements |
0.88425 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.04003 |
| scoring_system |
epss |
| scoring_elements |
0.88431 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.04003 |
| scoring_system |
epss |
| scoring_elements |
0.88442 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.04003 |
| scoring_system |
epss |
| scoring_elements |
0.88434 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.04003 |
| scoring_system |
epss |
| scoring_elements |
0.88433 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-39290 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-39290
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
7.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9kh5-715y-pud4 |
|
| 24 |
| url |
VCID-9rr3-tdb4-1kdm |
| vulnerability_id |
VCID-9rr3-tdb4-1kdm |
| summary |
ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1000832 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0816 |
| scoring_system |
epss |
| scoring_elements |
0.92151 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.0816 |
| scoring_system |
epss |
| scoring_elements |
0.92158 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.0816 |
| scoring_system |
epss |
| scoring_elements |
0.92164 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.0816 |
| scoring_system |
epss |
| scoring_elements |
0.92167 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.0816 |
| scoring_system |
epss |
| scoring_elements |
0.92179 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.0816 |
| scoring_system |
epss |
| scoring_elements |
0.92182 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.0816 |
| scoring_system |
epss |
| scoring_elements |
0.92187 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.0816 |
| scoring_system |
epss |
| scoring_elements |
0.92188 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.0816 |
| scoring_system |
epss |
| scoring_elements |
0.92184 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.0816 |
| scoring_system |
epss |
| scoring_elements |
0.92194 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.0816 |
| scoring_system |
epss |
| scoring_elements |
0.92196 |
| published_at |
2026-04-21T12:55:00Z |
|
| 11 |
| value |
0.0816 |
| scoring_system |
epss |
| scoring_elements |
0.92199 |
| published_at |
2026-04-24T12:55:00Z |
|
| 12 |
| value |
0.0816 |
| scoring_system |
epss |
| scoring_elements |
0.922 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1000832 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-1000832
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9rr3-tdb4-1kdm |
|
| 25 |
| url |
VCID-aqfu-4m9a-hbd4 |
| vulnerability_id |
VCID-aqfu-4m9a-hbd4 |
| summary |
A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data (postLoginQuery) passed to the "ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-7203 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51706 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.517 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51622 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51673 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51698 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51659 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51713 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51709 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51758 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51736 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.5172 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51761 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51767 |
| published_at |
2026-04-18T12:55:00Z |
|
| 13 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51747 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-7203 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-7203
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-aqfu-4m9a-hbd4 |
|
| 26 |
| url |
VCID-cccj-wgfh-3fg4 |
| vulnerability_id |
VCID-cccj-wgfh-3fg4 |
| summary |
An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in web/skins/classic/views/plugin.php via the zm/index.php?view=plugin pl parameter. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-6777 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53885 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53874 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53799 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53819 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53846 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53871 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53868 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53916 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53899 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53883 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53921 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53926 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53907 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-6777 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-6777
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cccj-wgfh-3fg4 |
|
| 27 |
| url |
VCID-ce64-m9xt-wkec |
| vulnerability_id |
VCID-ce64-m9xt-wkec |
| summary |
ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2008-6755 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43099 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43158 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43185 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43123 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43176 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43189 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.4321 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43177 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43162 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43221 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43211 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43144 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43078 |
| published_at |
2026-04-24T12:55:00Z |
|
| 13 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.4308 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2008-6755 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2008-6755
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ce64-m9xt-wkec |
|
| 28 |
| url |
VCID-d117-rhnc-rkhf |
| vulnerability_id |
VCID-d117-rhnc-rkhf |
| summary |
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are affected by a SQL Injection vulnerability. The (blind) SQL Injection vulnerability is present within the `filter[Query][terms][0][attr]` query string parameter of the `/zm/index.php` endpoint. A user with the View or Edit permissions of Events may execute arbitrary SQL. The resulting impact can include unauthorized data access (and modification), authentication and/or authorization bypass, and remote code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-26034 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02063 |
| scoring_system |
epss |
| scoring_elements |
0.83973 |
| published_at |
2026-04-24T12:55:00Z |
|
| 1 |
| value |
0.02063 |
| scoring_system |
epss |
| scoring_elements |
0.8398 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.02063 |
| scoring_system |
epss |
| scoring_elements |
0.83947 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.02352 |
| scoring_system |
epss |
| scoring_elements |
0.84884 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.02352 |
| scoring_system |
epss |
| scoring_elements |
0.84891 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.02352 |
| scoring_system |
epss |
| scoring_elements |
0.84842 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.02352 |
| scoring_system |
epss |
| scoring_elements |
0.84908 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.02352 |
| scoring_system |
epss |
| scoring_elements |
0.84902 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.02352 |
| scoring_system |
epss |
| scoring_elements |
0.84924 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.02352 |
| scoring_system |
epss |
| scoring_elements |
0.84925 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.02352 |
| scoring_system |
epss |
| scoring_elements |
0.8491 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.02352 |
| scoring_system |
epss |
| scoring_elements |
0.8486 |
| published_at |
2026-04-04T12:55:00Z |
|
| 12 |
| value |
0.02352 |
| scoring_system |
epss |
| scoring_elements |
0.84861 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-26034 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-26034
|
| risk_score |
4.3 |
| exploitability |
0.5 |
| weighted_severity |
8.6 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-d117-rhnc-rkhf |
|
| 29 |
| url |
VCID-dk87-j5dz-6bed |
| vulnerability_id |
VCID-dk87-j5dz-6bed |
| summary |
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) via /js/frame.js.php because proper filtration is omitted. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7328 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58203 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58225 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58104 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58189 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58209 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58182 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58236 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58241 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58258 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58235 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58216 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58247 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.5825 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7328 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7328
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dk87-j5dz-6bed |
|
| 30 |
| url |
VCID-dp5c-4aaa-uyaq |
| vulnerability_id |
VCID-dp5c-4aaa-uyaq |
| summary |
A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile(), which allows an authenticated attacker to read local system files (e.g., /etc/passwd) in the context of the web server user (www-data). The attack vector is a .. (dot dot) in the path parameter within a zm/index.php?view=file&path= request. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-5595 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43164 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43221 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43249 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43188 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43239 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43251 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43273 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43241 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43225 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43286 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43275 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.4321 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43145 |
| published_at |
2026-04-24T12:55:00Z |
|
| 13 |
| value |
0.00208 |
| scoring_system |
epss |
| scoring_elements |
0.43147 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-5595 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-5595
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dp5c-4aaa-uyaq |
|
| 31 |
| url |
VCID-dpp2-3t2d-d3e4 |
| vulnerability_id |
VCID-dpp2-3t2d-d3e4 |
| summary |
A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-6991 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.05293 |
| scoring_system |
epss |
| scoring_elements |
0.90047 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.05293 |
| scoring_system |
epss |
| scoring_elements |
0.9003 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.05293 |
| scoring_system |
epss |
| scoring_elements |
0.89973 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.05293 |
| scoring_system |
epss |
| scoring_elements |
0.89975 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.05293 |
| scoring_system |
epss |
| scoring_elements |
0.89987 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.05293 |
| scoring_system |
epss |
| scoring_elements |
0.89993 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.05293 |
| scoring_system |
epss |
| scoring_elements |
0.90008 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.05293 |
| scoring_system |
epss |
| scoring_elements |
0.90014 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.05293 |
| scoring_system |
epss |
| scoring_elements |
0.90023 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.05293 |
| scoring_system |
epss |
| scoring_elements |
0.90022 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.05293 |
| scoring_system |
epss |
| scoring_elements |
0.90016 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.05293 |
| scoring_system |
epss |
| scoring_elements |
0.90031 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.05293 |
| scoring_system |
epss |
| scoring_elements |
0.90032 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-6991 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-6991
|
| risk_score |
4.4 |
| exploitability |
0.5 |
| weighted_severity |
8.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dpp2-3t2d-d3e4 |
|
| 32 |
| url |
VCID-dz5v-tqce-a7ew |
| vulnerability_id |
VCID-dz5v-tqce-a7ew |
| summary |
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'eid' (aka Event ID) parameter value in the view download (download.php) because proper filtration is omitted. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7332 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58203 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58225 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58104 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58189 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58209 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58182 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58236 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58241 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58258 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58235 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58216 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58247 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.5825 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7332 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7332
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dz5v-tqce-a7ew |
|
| 33 |
| url |
VCID-edec-sj6n-n7d7 |
| vulnerability_id |
VCID-edec-sj6n-n7d7 |
| summary |
Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'log' as it insecurely prints the 'Log Message' value on the web page without applying any proper filtration. This relates to the view=logs value. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7335 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55761 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55744 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55661 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55772 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55795 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55775 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55826 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55829 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55837 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55818 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.558 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55838 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55842 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7335 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7335
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-edec-sj6n-n7d7 |
|
| 34 |
| url |
VCID-f9wt-f98j-ekeh |
| vulnerability_id |
VCID-f9wt-f98j-ekeh |
| summary |
Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the path info to index.php. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-10202 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.50914 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.50968 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.50993 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.50951 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.51008 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.51004 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.51047 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.51026 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.51009 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.51046 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.51053 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.51031 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.50978 |
| published_at |
2026-04-24T12:55:00Z |
|
| 13 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.50986 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-10202 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-10202
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-f9wt-f98j-ekeh |
|
| 35 |
| url |
VCID-fnhr-cs7k-gkeu |
| vulnerability_id |
VCID-fnhr-cs7k-gkeu |
| summary |
POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter value in the view log (log.php) because proper filtration is omitted. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7339 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55761 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55744 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55661 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55772 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55795 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55775 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55826 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55829 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55837 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55818 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.558 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55838 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55842 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7339 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7339
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fnhr-cs7k-gkeu |
|
| 36 |
| url |
VCID-fyy1-fwys-xkbj |
| vulnerability_id |
VCID-fyy1-fwys-xkbj |
| summary |
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via /web/index.php. By controlling $view, any local file ending in .php can be executed. This is supposed to be mitigated by calling detaintPath, however dentaintPath does not properly sandbox the path. This can be exploited by constructing paths like "..././", which get replaced by "../". This issue is patched in versions 1.36.33 and 1.37.33. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-26036 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00417 |
| scoring_system |
epss |
| scoring_elements |
0.61798 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00417 |
| scoring_system |
epss |
| scoring_elements |
0.6178 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.00417 |
| scoring_system |
epss |
| scoring_elements |
0.61699 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00417 |
| scoring_system |
epss |
| scoring_elements |
0.61729 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00417 |
| scoring_system |
epss |
| scoring_elements |
0.617 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00417 |
| scoring_system |
epss |
| scoring_elements |
0.61749 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00417 |
| scoring_system |
epss |
| scoring_elements |
0.61764 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00417 |
| scoring_system |
epss |
| scoring_elements |
0.61786 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00417 |
| scoring_system |
epss |
| scoring_elements |
0.61773 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00417 |
| scoring_system |
epss |
| scoring_elements |
0.61754 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00417 |
| scoring_system |
epss |
| scoring_elements |
0.61796 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00417 |
| scoring_system |
epss |
| scoring_elements |
0.61802 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.00417 |
| scoring_system |
epss |
| scoring_elements |
0.61785 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-26036 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-26036
|
| risk_score |
3.6 |
| exploitability |
0.5 |
| weighted_severity |
7.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fyy1-fwys-xkbj |
|
| 37 |
| url |
VCID-g1r5-fbsj-n3dr |
| vulnerability_id |
VCID-g1r5-fbsj-n3dr |
| summary |
A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-6992 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53901 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53889 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53814 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53833 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53861 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53835 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53887 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53885 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53932 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53914 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53898 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53936 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53942 |
| published_at |
2026-04-18T12:55:00Z |
|
| 13 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53922 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-6992 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-6992
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-g1r5-fbsj-n3dr |
|
| 38 |
| url |
VCID-hpah-sv5y-8bde |
| vulnerability_id |
VCID-hpah-sv5y-8bde |
| summary |
Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-13072 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49438 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49466 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49493 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49446 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49501 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49496 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49513 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49485 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49488 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49534 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49533 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49503 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-13072 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-13072
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hpah-sv5y-8bde |
|
| 39 |
| url |
VCID-j283-1m9p-13hn |
| vulnerability_id |
VCID-j283-1m9p-13hn |
| summary |
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 are vulnerable to Cross-site Scripting. Log entries can be injected into the database logs, containing a malicious referrer field. This is unescaped when viewing the logs in the web ui. This issue is patched in version 1.36.33. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-25825 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00297 |
| scoring_system |
epss |
| scoring_elements |
0.53051 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00297 |
| scoring_system |
epss |
| scoring_elements |
0.53082 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00297 |
| scoring_system |
epss |
| scoring_elements |
0.53066 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00297 |
| scoring_system |
epss |
| scoring_elements |
0.53049 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00297 |
| scoring_system |
epss |
| scoring_elements |
0.53087 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.00297 |
| scoring_system |
epss |
| scoring_elements |
0.53094 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.00297 |
| scoring_system |
epss |
| scoring_elements |
0.53076 |
| published_at |
2026-04-21T12:55:00Z |
|
| 7 |
| value |
0.00297 |
| scoring_system |
epss |
| scoring_elements |
0.53042 |
| published_at |
2026-04-24T12:55:00Z |
|
| 8 |
| value |
0.00297 |
| scoring_system |
epss |
| scoring_elements |
0.52996 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.00297 |
| scoring_system |
epss |
| scoring_elements |
0.53021 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.00297 |
| scoring_system |
epss |
| scoring_elements |
0.52988 |
| published_at |
2026-04-07T12:55:00Z |
|
| 11 |
| value |
0.00297 |
| scoring_system |
epss |
| scoring_elements |
0.53039 |
| published_at |
2026-04-08T12:55:00Z |
|
| 12 |
| value |
0.00297 |
| scoring_system |
epss |
| scoring_elements |
0.53032 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-25825 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-25825
|
| risk_score |
3.5 |
| exploitability |
0.5 |
| weighted_severity |
6.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-j283-1m9p-13hn |
|
| 40 |
| url |
VCID-jmdh-m4ty-gqch |
| vulnerability_id |
VCID-jmdh-m4ty-gqch |
| summary |
Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[LinkedMonitors]' parameter value in the view monitor (monitor.php) because proper filtration is omitted. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7341 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58044 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.5803 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.57943 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58027 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.5805 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58025 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.5808 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58083 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.581 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58077 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58056 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58087 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58064 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7341 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7341
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jmdh-m4ty-gqch |
|
| 41 |
| url |
VCID-jukn-h868-5ugm |
| vulnerability_id |
VCID-jukn-h868-5ugm |
| summary |
ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with "View" system permissions to inject new data into the logs stored by Zoneminder. This was observed through an HTTP POST request containing log information to the "/zm/index.php" endpoint. Submission is not rate controlled and could affect database performance and/or consume all storage resources. Users are advised to upgrade. There are no known workarounds for this issue. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-39291 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.07382 |
| scoring_system |
epss |
| scoring_elements |
0.91745 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.07382 |
| scoring_system |
epss |
| scoring_elements |
0.91707 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.07382 |
| scoring_system |
epss |
| scoring_elements |
0.9172 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.07382 |
| scoring_system |
epss |
| scoring_elements |
0.91727 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.07382 |
| scoring_system |
epss |
| scoring_elements |
0.9173 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.07382 |
| scoring_system |
epss |
| scoring_elements |
0.91732 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.07382 |
| scoring_system |
epss |
| scoring_elements |
0.91748 |
| published_at |
2026-04-16T12:55:00Z |
|
| 7 |
| value |
0.07382 |
| scoring_system |
epss |
| scoring_elements |
0.91741 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.07382 |
| scoring_system |
epss |
| scoring_elements |
0.91742 |
| published_at |
2026-04-21T12:55:00Z |
|
| 9 |
| value |
0.07382 |
| scoring_system |
epss |
| scoring_elements |
0.91747 |
| published_at |
2026-04-24T12:55:00Z |
|
| 10 |
| value |
0.07382 |
| scoring_system |
epss |
| scoring_elements |
0.91694 |
| published_at |
2026-04-02T12:55:00Z |
|
| 11 |
| value |
0.07382 |
| scoring_system |
epss |
| scoring_elements |
0.91699 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-39291 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-39291
|
| risk_score |
9.8 |
| exploitability |
2.0 |
| weighted_severity |
4.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jukn-h868-5ugm |
|
| 42 |
| url |
VCID-kgpe-97pr-suee |
| vulnerability_id |
VCID-kgpe-97pr-suee |
| summary |
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Host' parameter value in the view console (console.php) because proper filtration is omitted. This relates to the index.php?view=monitor Host Name field. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7326 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55935 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55914 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55837 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55949 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.5597 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55948 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55999 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56002 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56013 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55993 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55975 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56011 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56014 |
| published_at |
2026-04-18T12:55:00Z |
|
| 13 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55988 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7326 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7326
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kgpe-97pr-suee |
|
| 43 |
| url |
VCID-kk5d-y2z8-r3g2 |
| vulnerability_id |
VCID-kk5d-y2z8-r3g2 |
| summary |
ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-29806 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.77125 |
| scoring_system |
epss |
| scoring_elements |
0.9896 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.77125 |
| scoring_system |
epss |
| scoring_elements |
0.98962 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.77125 |
| scoring_system |
epss |
| scoring_elements |
0.98964 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.77125 |
| scoring_system |
epss |
| scoring_elements |
0.98966 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.77125 |
| scoring_system |
epss |
| scoring_elements |
0.98967 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.77125 |
| scoring_system |
epss |
| scoring_elements |
0.98968 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.77125 |
| scoring_system |
epss |
| scoring_elements |
0.9897 |
| published_at |
2026-04-18T12:55:00Z |
|
| 7 |
| value |
0.77125 |
| scoring_system |
epss |
| scoring_elements |
0.98971 |
| published_at |
2026-04-21T12:55:00Z |
|
| 8 |
| value |
0.77125 |
| scoring_system |
epss |
| scoring_elements |
0.98975 |
| published_at |
2026-04-24T12:55:00Z |
|
| 9 |
| value |
0.77125 |
| scoring_system |
epss |
| scoring_elements |
0.98977 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-29806 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-29806
|
| risk_score |
1.4 |
| exploitability |
2.0 |
| weighted_severity |
0.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kk5d-y2z8-r3g2 |
|
| 44 |
| url |
VCID-mdkd-vmcp-afa8 |
| vulnerability_id |
VCID-mdkd-vmcp-afa8 |
| summary |
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-43360 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.62094 |
| scoring_system |
epss |
| scoring_elements |
0.98339 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.62094 |
| scoring_system |
epss |
| scoring_elements |
0.98337 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.62094 |
| scoring_system |
epss |
| scoring_elements |
0.9835 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.62094 |
| scoring_system |
epss |
| scoring_elements |
0.98347 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.62094 |
| scoring_system |
epss |
| scoring_elements |
0.98341 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.63252 |
| scoring_system |
epss |
| scoring_elements |
0.98405 |
| published_at |
2026-04-21T12:55:00Z |
|
| 6 |
| value |
0.63252 |
| scoring_system |
epss |
| scoring_elements |
0.9841 |
| published_at |
2026-04-26T12:55:00Z |
|
| 7 |
| value |
0.63252 |
| scoring_system |
epss |
| scoring_elements |
0.98409 |
| published_at |
2026-04-24T12:55:00Z |
|
| 8 |
| value |
0.63252 |
| scoring_system |
epss |
| scoring_elements |
0.98407 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-43360 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-43360
|
| risk_score |
4.4 |
| exploitability |
0.5 |
| weighted_severity |
8.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mdkd-vmcp-afa8 |
|
| 45 |
| url |
VCID-mk5h-586t-pyga |
| vulnerability_id |
VCID-mk5h-586t-pyga |
| summary |
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via web/ajax/modal.php, where an arbitrary php file path can be passed in the request and loaded. This issue is patched in versions 1.36.33 and 1.37.33. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-26038 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00249 |
| scoring_system |
epss |
| scoring_elements |
0.48144 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00249 |
| scoring_system |
epss |
| scoring_elements |
0.48133 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.00249 |
| scoring_system |
epss |
| scoring_elements |
0.48124 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00249 |
| scoring_system |
epss |
| scoring_elements |
0.48145 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00249 |
| scoring_system |
epss |
| scoring_elements |
0.48095 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00249 |
| scoring_system |
epss |
| scoring_elements |
0.48148 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00249 |
| scoring_system |
epss |
| scoring_elements |
0.48143 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00249 |
| scoring_system |
epss |
| scoring_elements |
0.48167 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00249 |
| scoring_system |
epss |
| scoring_elements |
0.4814 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00249 |
| scoring_system |
epss |
| scoring_elements |
0.48151 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00249 |
| scoring_system |
epss |
| scoring_elements |
0.48203 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00249 |
| scoring_system |
epss |
| scoring_elements |
0.48198 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.00249 |
| scoring_system |
epss |
| scoring_elements |
0.48154 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-26038 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-26038
|
| risk_score |
2.5 |
| exploitability |
0.5 |
| weighted_severity |
4.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mk5h-586t-pyga |
|
| 46 |
| url |
VCID-mx9e-1cur-mqfz |
| vulnerability_id |
VCID-mx9e-1cur-mqfz |
| summary |
Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated attacker to browse all directories in the web root, e.g., a remote unauthenticated attacker can view all CCTV images on the server via the /events URI. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-10140 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.34242 |
| scoring_system |
epss |
| scoring_elements |
0.96951 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.34242 |
| scoring_system |
epss |
| scoring_elements |
0.96958 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.34242 |
| scoring_system |
epss |
| scoring_elements |
0.96963 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.34242 |
| scoring_system |
epss |
| scoring_elements |
0.96966 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.34242 |
| scoring_system |
epss |
| scoring_elements |
0.96974 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.34242 |
| scoring_system |
epss |
| scoring_elements |
0.96975 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.34242 |
| scoring_system |
epss |
| scoring_elements |
0.96978 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.34242 |
| scoring_system |
epss |
| scoring_elements |
0.96979 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.34242 |
| scoring_system |
epss |
| scoring_elements |
0.9698 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.34242 |
| scoring_system |
epss |
| scoring_elements |
0.96988 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.34242 |
| scoring_system |
epss |
| scoring_elements |
0.96991 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.34242 |
| scoring_system |
epss |
| scoring_elements |
0.96993 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.34242 |
| scoring_system |
epss |
| scoring_elements |
0.96994 |
| published_at |
2026-04-24T12:55:00Z |
|
| 13 |
| value |
0.34242 |
| scoring_system |
epss |
| scoring_elements |
0.96996 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-10140 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-10140
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mx9e-1cur-mqfz |
|
| 47 |
| url |
VCID-myxu-h49e-77f1 |
| vulnerability_id |
VCID-myxu-h49e-77f1 |
| summary |
In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-7464 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00179 |
| scoring_system |
epss |
| scoring_elements |
0.39391 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00179 |
| scoring_system |
epss |
| scoring_elements |
0.39553 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00179 |
| scoring_system |
epss |
| scoring_elements |
0.39576 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00179 |
| scoring_system |
epss |
| scoring_elements |
0.39491 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00179 |
| scoring_system |
epss |
| scoring_elements |
0.39546 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00179 |
| scoring_system |
epss |
| scoring_elements |
0.39562 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00179 |
| scoring_system |
epss |
| scoring_elements |
0.39572 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00179 |
| scoring_system |
epss |
| scoring_elements |
0.39534 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00179 |
| scoring_system |
epss |
| scoring_elements |
0.39517 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00179 |
| scoring_system |
epss |
| scoring_elements |
0.39567 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00179 |
| scoring_system |
epss |
| scoring_elements |
0.3954 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00179 |
| scoring_system |
epss |
| scoring_elements |
0.39455 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00179 |
| scoring_system |
epss |
| scoring_elements |
0.39261 |
| published_at |
2026-04-24T12:55:00Z |
|
| 13 |
| value |
0.00179 |
| scoring_system |
epss |
| scoring_elements |
0.39245 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-7464 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-7464
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-myxu-h49e-77f1 |
|
| 48 |
| url |
VCID-n8y3-5fb9-kucb |
| vulnerability_id |
VCID-n8y3-5fb9-kucb |
| summary |
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain SQL Injection via malicious jason web token. The Username field of the JWT token was trusted when performing an SQL query to load the user. If an attacker could determine the HASH key used by ZoneMinder, they could generate a malicious JWT token and use it to execute arbitrary SQL. This issue is fixed in versions 1.36.33 and 1.37.33. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-26032 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00714 |
| scoring_system |
epss |
| scoring_elements |
0.72419 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00714 |
| scoring_system |
epss |
| scoring_elements |
0.7241 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.00714 |
| scoring_system |
epss |
| scoring_elements |
0.72287 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00714 |
| scoring_system |
epss |
| scoring_elements |
0.72306 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00714 |
| scoring_system |
epss |
| scoring_elements |
0.72283 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00714 |
| scoring_system |
epss |
| scoring_elements |
0.72322 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00714 |
| scoring_system |
epss |
| scoring_elements |
0.72334 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00714 |
| scoring_system |
epss |
| scoring_elements |
0.72357 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00714 |
| scoring_system |
epss |
| scoring_elements |
0.7234 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00714 |
| scoring_system |
epss |
| scoring_elements |
0.72328 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00714 |
| scoring_system |
epss |
| scoring_elements |
0.7237 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00714 |
| scoring_system |
epss |
| scoring_elements |
0.72379 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.00714 |
| scoring_system |
epss |
| scoring_elements |
0.72367 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-26032 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-26032
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n8y3-5fb9-kucb |
|
| 49 |
| url |
VCID-p916-xnk3-rkce |
| vulnerability_id |
VCID-p916-xnk3-rkce |
| summary |
A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated user even after deletion from the users table. This allows a nonexistent user to access and modify records (add/delete Monitors, Users, etc.). |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7347 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00534 |
| scoring_system |
epss |
| scoring_elements |
0.67445 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00534 |
| scoring_system |
epss |
| scoring_elements |
0.67434 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.00534 |
| scoring_system |
epss |
| scoring_elements |
0.67313 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00534 |
| scoring_system |
epss |
| scoring_elements |
0.67349 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00534 |
| scoring_system |
epss |
| scoring_elements |
0.67372 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00534 |
| scoring_system |
epss |
| scoring_elements |
0.6735 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00534 |
| scoring_system |
epss |
| scoring_elements |
0.67401 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00534 |
| scoring_system |
epss |
| scoring_elements |
0.67414 |
| published_at |
2026-04-21T12:55:00Z |
|
| 8 |
| value |
0.00534 |
| scoring_system |
epss |
| scoring_elements |
0.67435 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00534 |
| scoring_system |
epss |
| scoring_elements |
0.67423 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00534 |
| scoring_system |
epss |
| scoring_elements |
0.67389 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00534 |
| scoring_system |
epss |
| scoring_elements |
0.67425 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.00534 |
| scoring_system |
epss |
| scoring_elements |
0.67436 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7347 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7347
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p916-xnk3-rkce |
|
| 50 |
| url |
VCID-pr1z-g8aw-tqez |
| vulnerability_id |
VCID-pr1z-g8aw-tqez |
| summary |
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $_SERVER['PHP_SELF'] insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7329 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55916 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55896 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55817 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55929 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55951 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.5598 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55983 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55993 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55973 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55955 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55991 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55994 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55969 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7329 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7329
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pr1z-g8aw-tqez |
|
| 51 |
| url |
VCID-qb3h-yn1c-m3cx |
| vulnerability_id |
VCID-qb3h-yn1c-m3cx |
| summary |
zoneminder: command injection via unescaped php exec() calls |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2008-1381 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01505 |
| scoring_system |
epss |
| scoring_elements |
0.811 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.01505 |
| scoring_system |
epss |
| scoring_elements |
0.81109 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.01505 |
| scoring_system |
epss |
| scoring_elements |
0.81133 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.01505 |
| scoring_system |
epss |
| scoring_elements |
0.81132 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.01505 |
| scoring_system |
epss |
| scoring_elements |
0.8116 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.01505 |
| scoring_system |
epss |
| scoring_elements |
0.81166 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.01505 |
| scoring_system |
epss |
| scoring_elements |
0.81185 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.01505 |
| scoring_system |
epss |
| scoring_elements |
0.81171 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.01505 |
| scoring_system |
epss |
| scoring_elements |
0.81165 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.01505 |
| scoring_system |
epss |
| scoring_elements |
0.81202 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.01505 |
| scoring_system |
epss |
| scoring_elements |
0.81203 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.01505 |
| scoring_system |
epss |
| scoring_elements |
0.812 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.01505 |
| scoring_system |
epss |
| scoring_elements |
0.81223 |
| published_at |
2026-04-24T12:55:00Z |
|
| 13 |
| value |
0.01505 |
| scoring_system |
epss |
| scoring_elements |
0.8123 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2008-1381 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2008-1381
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qb3h-yn1c-m3cx |
|
| 52 |
| url |
VCID-qcxm-vr2w-6ka7 |
| vulnerability_id |
VCID-qcxm-vr2w-6ka7 |
| summary |
Buffer overflow in the zms script in ZoneMinder before 1.19.2 may allow a remote attacker to execute arbitrary code via a long query string. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2004-0227 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03422 |
| scoring_system |
epss |
| scoring_elements |
0.87403 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.03422 |
| scoring_system |
epss |
| scoring_elements |
0.87413 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.03422 |
| scoring_system |
epss |
| scoring_elements |
0.87427 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.03422 |
| scoring_system |
epss |
| scoring_elements |
0.87428 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.03422 |
| scoring_system |
epss |
| scoring_elements |
0.87446 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.03422 |
| scoring_system |
epss |
| scoring_elements |
0.87453 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.03422 |
| scoring_system |
epss |
| scoring_elements |
0.87465 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.03422 |
| scoring_system |
epss |
| scoring_elements |
0.8746 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.03422 |
| scoring_system |
epss |
| scoring_elements |
0.87457 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.03422 |
| scoring_system |
epss |
| scoring_elements |
0.87471 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.03422 |
| scoring_system |
epss |
| scoring_elements |
0.87473 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.03422 |
| scoring_system |
epss |
| scoring_elements |
0.87487 |
| published_at |
2026-04-24T12:55:00Z |
|
| 12 |
| value |
0.03422 |
| scoring_system |
epss |
| scoring_elements |
0.87494 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2004-0227 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2004-0227
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qcxm-vr2w-6ka7 |
|
| 53 |
| url |
VCID-qn8h-k43x-p7cs |
| vulnerability_id |
VCID-qn8h-k43x-p7cs |
| summary |
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'show' parameter value in the view frame (frame.php) because proper filtration is omitted. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7330 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58203 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58225 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58104 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58189 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58209 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58182 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58236 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58241 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58258 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58235 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58216 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58247 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.5825 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7330 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7330
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qn8h-k43x-p7cs |
|
| 54 |
| url |
VCID-qs2j-ektc-2kf9 |
| vulnerability_id |
VCID-qs2j-ektc-2kf9 |
| summary |
skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-8426 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.5592 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.559 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55821 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55933 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55955 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55984 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55987 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55997 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55977 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55959 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55995 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55998 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55973 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-8426 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-8426
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qs2j-ektc-2kf9 |
|
| 55 |
| url |
VCID-qxmt-szsx-y7a8 |
| vulnerability_id |
VCID-qxmt-szsx-y7a8 |
| summary |
Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'group' as it insecurely prints the 'Group Name' value on the web page without applying any proper filtration. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7338 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55761 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55744 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55661 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55772 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55795 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55775 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55826 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55829 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55837 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55818 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.558 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55838 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55842 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7338 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7338
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qxmt-szsx-y7a8 |
|
| 56 |
| url |
VCID-qxtk-taxx-1kde |
| vulnerability_id |
VCID-qxtk-taxx-1kde |
| summary |
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username' parameter value in the view user (user.php) because proper filtration is omitted. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7348 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.5177 |
| published_at |
2026-04-24T12:55:00Z |
|
| 1 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.5182 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51688 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51738 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51764 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51725 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51779 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51776 |
| published_at |
2026-04-26T12:55:00Z |
|
| 8 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51826 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51805 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.5179 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51832 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51839 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7348 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7348
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qxtk-taxx-1kde |
|
| 57 |
| url |
VCID-r3pj-815v-uubu |
| vulnerability_id |
VCID-r3pj-815v-uubu |
| summary |
Cross Site Scripting (XSS) vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate privileges, and obtain sensitive information via PHP_SELF component in classic/views/download.php. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-25730 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.48846 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.48815 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.48837 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.48776 |
| published_at |
2026-04-01T12:55:00Z |
|
| 4 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.4884 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.48795 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.48849 |
| published_at |
2026-04-21T12:55:00Z |
|
| 7 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.48845 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.48861 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.48835 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.48844 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.48893 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.4889 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-25730 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-25730
|
| risk_score |
3.7 |
| exploitability |
0.5 |
| weighted_severity |
7.4 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r3pj-815v-uubu |
|
| 58 |
| url |
VCID-r4zz-6j52-cue5 |
| vulnerability_id |
VCID-r4zz-6j52-cue5 |
| summary |
Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-10203 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00326 |
| scoring_system |
epss |
| scoring_elements |
0.55467 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00326 |
| scoring_system |
epss |
| scoring_elements |
0.55579 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00326 |
| scoring_system |
epss |
| scoring_elements |
0.55603 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00326 |
| scoring_system |
epss |
| scoring_elements |
0.55581 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00326 |
| scoring_system |
epss |
| scoring_elements |
0.55633 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00326 |
| scoring_system |
epss |
| scoring_elements |
0.55636 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00326 |
| scoring_system |
epss |
| scoring_elements |
0.55645 |
| published_at |
2026-04-16T12:55:00Z |
|
| 7 |
| value |
0.00326 |
| scoring_system |
epss |
| scoring_elements |
0.55624 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00326 |
| scoring_system |
epss |
| scoring_elements |
0.55607 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00326 |
| scoring_system |
epss |
| scoring_elements |
0.55648 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00326 |
| scoring_system |
epss |
| scoring_elements |
0.55628 |
| published_at |
2026-04-21T12:55:00Z |
|
| 11 |
| value |
0.00326 |
| scoring_system |
epss |
| scoring_elements |
0.55555 |
| published_at |
2026-04-24T12:55:00Z |
|
| 12 |
| value |
0.00326 |
| scoring_system |
epss |
| scoring_elements |
0.55573 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-10203 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-10203
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r4zz-6j52-cue5 |
|
| 59 |
| url |
VCID-r751-csse-zuaq |
| vulnerability_id |
VCID-r751-csse-zuaq |
| summary |
ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1000833 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01979 |
| scoring_system |
epss |
| scoring_elements |
0.83503 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.01979 |
| scoring_system |
epss |
| scoring_elements |
0.83515 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.01979 |
| scoring_system |
epss |
| scoring_elements |
0.83529 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.01979 |
| scoring_system |
epss |
| scoring_elements |
0.8353 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.01979 |
| scoring_system |
epss |
| scoring_elements |
0.83554 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.01979 |
| scoring_system |
epss |
| scoring_elements |
0.83563 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.01979 |
| scoring_system |
epss |
| scoring_elements |
0.83578 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.01979 |
| scoring_system |
epss |
| scoring_elements |
0.83572 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.01979 |
| scoring_system |
epss |
| scoring_elements |
0.83568 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.01979 |
| scoring_system |
epss |
| scoring_elements |
0.83602 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.01979 |
| scoring_system |
epss |
| scoring_elements |
0.83603 |
| published_at |
2026-04-21T12:55:00Z |
|
| 11 |
| value |
0.01979 |
| scoring_system |
epss |
| scoring_elements |
0.83627 |
| published_at |
2026-04-24T12:55:00Z |
|
| 12 |
| value |
0.01979 |
| scoring_system |
epss |
| scoring_elements |
0.83634 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1000833 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-1000833
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r751-csse-zuaq |
|
| 60 |
| url |
VCID-rdyb-mgsn-gyb5 |
| vulnerability_id |
VCID-rdyb-mgsn-gyb5 |
| summary |
ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF (Cross Site Request Forgery) which allows a remote attack to make changes to the web application as the current logged in victim. If the victim visits a malicious web page, the attacker can silently and automatically create a new admin user within the web application for remote persistence and further attacks. The URL is /zm/index.php and sample parameters could include action=user uid=0 newUser[Username]=attacker1 newUser[Password]=Password1234 conf_password=Password1234 newUser[System]=Edit (among others). |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-5368 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00205 |
| scoring_system |
epss |
| scoring_elements |
0.4257 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00205 |
| scoring_system |
epss |
| scoring_elements |
0.42641 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00205 |
| scoring_system |
epss |
| scoring_elements |
0.42669 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00205 |
| scoring_system |
epss |
| scoring_elements |
0.4261 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00205 |
| scoring_system |
epss |
| scoring_elements |
0.42661 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00205 |
| scoring_system |
epss |
| scoring_elements |
0.42673 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00205 |
| scoring_system |
epss |
| scoring_elements |
0.42696 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00205 |
| scoring_system |
epss |
| scoring_elements |
0.4266 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00205 |
| scoring_system |
epss |
| scoring_elements |
0.42643 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00205 |
| scoring_system |
epss |
| scoring_elements |
0.42703 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00205 |
| scoring_system |
epss |
| scoring_elements |
0.42689 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00205 |
| scoring_system |
epss |
| scoring_elements |
0.42626 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00205 |
| scoring_system |
epss |
| scoring_elements |
0.4255 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-5368 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-5368
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rdyb-mgsn-gyb5 |
|
| 61 |
| url |
VCID-sdf7-gmgd-pkf8 |
| vulnerability_id |
VCID-sdf7-gmgd-pkf8 |
| summary |
Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-10205 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00743 |
| scoring_system |
epss |
| scoring_elements |
0.72953 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00743 |
| scoring_system |
epss |
| scoring_elements |
0.72965 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00743 |
| scoring_system |
epss |
| scoring_elements |
0.72984 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00743 |
| scoring_system |
epss |
| scoring_elements |
0.7296 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00743 |
| scoring_system |
epss |
| scoring_elements |
0.72997 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00743 |
| scoring_system |
epss |
| scoring_elements |
0.73011 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00743 |
| scoring_system |
epss |
| scoring_elements |
0.73036 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00743 |
| scoring_system |
epss |
| scoring_elements |
0.73015 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00743 |
| scoring_system |
epss |
| scoring_elements |
0.73008 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00743 |
| scoring_system |
epss |
| scoring_elements |
0.7305 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00743 |
| scoring_system |
epss |
| scoring_elements |
0.7306 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00743 |
| scoring_system |
epss |
| scoring_elements |
0.73052 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00743 |
| scoring_system |
epss |
| scoring_elements |
0.73092 |
| published_at |
2026-04-24T12:55:00Z |
|
| 13 |
| value |
0.00743 |
| scoring_system |
epss |
| scoring_elements |
0.73103 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-10205 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-10205
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sdf7-gmgd-pkf8 |
|
| 62 |
| url |
VCID-t5fd-hvgs-sue7 |
| vulnerability_id |
VCID-t5fd-hvgs-sue7 |
| summary |
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 as the view 'events' (events.php) insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader() in functions.php, which insecurely returns the value of the limit query string parameter without applying any filtration. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7337 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00321 |
| scoring_system |
epss |
| scoring_elements |
0.55154 |
| published_at |
2026-04-24T12:55:00Z |
|
| 1 |
| value |
0.00321 |
| scoring_system |
epss |
| scoring_elements |
0.55219 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00321 |
| scoring_system |
epss |
| scoring_elements |
0.55074 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00321 |
| scoring_system |
epss |
| scoring_elements |
0.55175 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.00321 |
| scoring_system |
epss |
| scoring_elements |
0.55199 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00321 |
| scoring_system |
epss |
| scoring_elements |
0.55174 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00321 |
| scoring_system |
epss |
| scoring_elements |
0.55223 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00321 |
| scoring_system |
epss |
| scoring_elements |
0.55235 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00321 |
| scoring_system |
epss |
| scoring_elements |
0.55216 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00321 |
| scoring_system |
epss |
| scoring_elements |
0.55197 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00321 |
| scoring_system |
epss |
| scoring_elements |
0.55236 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00321 |
| scoring_system |
epss |
| scoring_elements |
0.55239 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7337 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7337
|
| risk_score |
2.1 |
| exploitability |
0.5 |
| weighted_severity |
4.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t5fd-hvgs-sue7 |
|
| 63 |
| url |
VCID-tj5u-pm5u-4ug6 |
| vulnerability_id |
VCID-tj5u-pm5u-4ug6 |
| summary |
includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) runState parameter in the packageControl function; or (2) key or (3) command parameter in the setDeviceStatusX10 function. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-0232 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.7823 |
| scoring_system |
epss |
| scoring_elements |
0.99028 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.7823 |
| scoring_system |
epss |
| scoring_elements |
0.99012 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.7823 |
| scoring_system |
epss |
| scoring_elements |
0.99013 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.7823 |
| scoring_system |
epss |
| scoring_elements |
0.99016 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.7823 |
| scoring_system |
epss |
| scoring_elements |
0.99018 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.7823 |
| scoring_system |
epss |
| scoring_elements |
0.99019 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.7823 |
| scoring_system |
epss |
| scoring_elements |
0.9902 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.7823 |
| scoring_system |
epss |
| scoring_elements |
0.99022 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.7823 |
| scoring_system |
epss |
| scoring_elements |
0.99024 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.7823 |
| scoring_system |
epss |
| scoring_elements |
0.99025 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.7823 |
| scoring_system |
epss |
| scoring_elements |
0.99026 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-0232 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-0232
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tj5u-pm5u-4ug6 |
|
| 64 |
| url |
VCID-tyu6-8h17-8yh5 |
| vulnerability_id |
VCID-tyu6-8h17-8yh5 |
| summary |
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be used execute arbitrary SQL. This issue is fixed in versions 1.36.33 and 1.37.33. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-26037 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00714 |
| scoring_system |
epss |
| scoring_elements |
0.72419 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00714 |
| scoring_system |
epss |
| scoring_elements |
0.7241 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.00714 |
| scoring_system |
epss |
| scoring_elements |
0.72287 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00714 |
| scoring_system |
epss |
| scoring_elements |
0.72306 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00714 |
| scoring_system |
epss |
| scoring_elements |
0.72283 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00714 |
| scoring_system |
epss |
| scoring_elements |
0.72322 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00714 |
| scoring_system |
epss |
| scoring_elements |
0.72334 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00714 |
| scoring_system |
epss |
| scoring_elements |
0.72357 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00714 |
| scoring_system |
epss |
| scoring_elements |
0.7234 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00714 |
| scoring_system |
epss |
| scoring_elements |
0.72328 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00714 |
| scoring_system |
epss |
| scoring_elements |
0.7237 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00714 |
| scoring_system |
epss |
| scoring_elements |
0.72379 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.00714 |
| scoring_system |
epss |
| scoring_elements |
0.72367 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-26037 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-26037
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tyu6-8h17-8yh5 |
|
| 65 |
| url |
VCID-ug2b-2eg5-jfbb |
| vulnerability_id |
VCID-ug2b-2eg5-jfbb |
| summary |
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[V4LCapturesPerFrame]' parameter value in the view monitor (monitor.php) because proper filtration is omitted. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7349 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55761 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55744 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55661 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55772 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55795 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55775 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55826 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55829 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55837 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55818 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.558 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55838 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55842 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7349 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7349
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ug2b-2eg5-jfbb |
|
| 66 |
| url |
VCID-ukjs-5za3-xqdb |
| vulnerability_id |
VCID-ukjs-5za3-xqdb |
| summary |
Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'filter' as it insecurely prints the 'filter[Name]' (aka Filter name) value on the web page without applying any proper filtration. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7344 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55761 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55744 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55661 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55772 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55795 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55775 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55826 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55829 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55837 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55818 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.558 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55838 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55842 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7344 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7344
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ukjs-5za3-xqdb |
|
| 67 |
| url |
VCID-uybk-r4q9-gyac |
| vulnerability_id |
VCID-uybk-r4q9-gyac |
| summary |
ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as possible. Users unable to upgrade should disable database logging. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-39289 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00372 |
| scoring_system |
epss |
| scoring_elements |
0.58992 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00372 |
| scoring_system |
epss |
| scoring_elements |
0.58994 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00372 |
| scoring_system |
epss |
| scoring_elements |
0.58975 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.00372 |
| scoring_system |
epss |
| scoring_elements |
0.5901 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.00372 |
| scoring_system |
epss |
| scoring_elements |
0.58947 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00372 |
| scoring_system |
epss |
| scoring_elements |
0.58969 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00372 |
| scoring_system |
epss |
| scoring_elements |
0.58936 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00372 |
| scoring_system |
epss |
| scoring_elements |
0.58987 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00372 |
| scoring_system |
epss |
| scoring_elements |
0.58993 |
| published_at |
2026-04-21T12:55:00Z |
|
| 9 |
| value |
0.00372 |
| scoring_system |
epss |
| scoring_elements |
0.59013 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-39289 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-39289
|
| risk_score |
4.1 |
| exploitability |
0.5 |
| weighted_severity |
8.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-uybk-r4q9-gyac |
|
| 68 |
| url |
VCID-v56x-raf9-kydq |
| vulnerability_id |
VCID-v56x-raf9-kydq |
| summary |
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-8424 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55805 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55787 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55707 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.5582 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55843 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55821 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55872 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55875 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55885 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55865 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55846 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55882 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55887 |
| published_at |
2026-04-18T12:55:00Z |
|
| 13 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.5586 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-8424 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-8424
|
| risk_score |
4.4 |
| exploitability |
0.5 |
| weighted_severity |
8.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-v56x-raf9-kydq |
|
| 69 |
| url |
VCID-w96c-3tde-d7b1 |
| vulnerability_id |
VCID-w96c-3tde-d7b1 |
| summary |
SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-10204 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.003 |
| scoring_system |
epss |
| scoring_elements |
0.53376 |
| published_at |
2026-04-24T12:55:00Z |
|
| 1 |
| value |
0.003 |
| scoring_system |
epss |
| scoring_elements |
0.53389 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.00518 |
| scoring_system |
epss |
| scoring_elements |
0.66729 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00518 |
| scoring_system |
epss |
| scoring_elements |
0.66702 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00518 |
| scoring_system |
epss |
| scoring_elements |
0.66751 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00518 |
| scoring_system |
epss |
| scoring_elements |
0.66766 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00518 |
| scoring_system |
epss |
| scoring_elements |
0.66785 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00518 |
| scoring_system |
epss |
| scoring_elements |
0.66663 |
| published_at |
2026-04-01T12:55:00Z |
|
| 8 |
| value |
0.00518 |
| scoring_system |
epss |
| scoring_elements |
0.66743 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00518 |
| scoring_system |
epss |
| scoring_elements |
0.66777 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00518 |
| scoring_system |
epss |
| scoring_elements |
0.6679 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00518 |
| scoring_system |
epss |
| scoring_elements |
0.66775 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00518 |
| scoring_system |
epss |
| scoring_elements |
0.66772 |
| published_at |
2026-04-12T12:55:00Z |
|
| 13 |
| value |
0.00518 |
| scoring_system |
epss |
| scoring_elements |
0.66704 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-10204 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-10204
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w96c-3tde-d7b1 |
|
| 70 |
| url |
VCID-wdng-puzu-5kah |
| vulnerability_id |
VCID-wdng-puzu-5kah |
| summary |
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) because proper filtration is omitted. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7327 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58203 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58225 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58104 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58189 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58209 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58182 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58236 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58241 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58258 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58235 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58216 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58247 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.5825 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7327 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7327
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wdng-puzu-5kah |
|
| 71 |
| url |
VCID-xj45-xv47-ruhe |
| vulnerability_id |
VCID-xj45-xv47-ruhe |
| summary |
A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a "Try again" button, which allows resending the failed request, making the CSRF attack successful. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7346 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.38926 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.38945 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39065 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.3925 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39273 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39192 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39247 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39263 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39274 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39236 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39218 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39271 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39241 |
| published_at |
2026-04-18T12:55:00Z |
|
| 13 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39153 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7346 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7346
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
7.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xj45-xv47-ruhe |
|
| 72 |
| url |
VCID-y3vt-x7b1-4yer |
| vulnerability_id |
VCID-y3vt-x7b1-4yer |
| summary |
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view export (export.php) because proper filtration is omitted. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7334 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55761 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55744 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55661 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55772 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55795 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55775 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55826 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55829 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55837 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55818 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.558 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55838 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55842 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7334 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7334
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-y3vt-x7b1-4yer |
|
| 73 |
| url |
VCID-ys4w-ngmr-mbh9 |
| vulnerability_id |
VCID-ys4w-ngmr-mbh9 |
| summary |
Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-10201 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.50914 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.50968 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.50993 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.50951 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.51008 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.51004 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.51047 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.51026 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.51009 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.51046 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.51053 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.51031 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.50978 |
| published_at |
2026-04-24T12:55:00Z |
|
| 13 |
| value |
0.00275 |
| scoring_system |
epss |
| scoring_elements |
0.50986 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-10201 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-10201
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ys4w-ngmr-mbh9 |
|
| 74 |
| url |
VCID-yxpy-5fmj-cbb7 |
| vulnerability_id |
VCID-yxpy-5fmj-cbb7 |
| summary |
ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-25729 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00528 |
| scoring_system |
epss |
| scoring_elements |
0.67069 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00528 |
| scoring_system |
epss |
| scoring_elements |
0.67106 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00528 |
| scoring_system |
epss |
| scoring_elements |
0.6713 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00528 |
| scoring_system |
epss |
| scoring_elements |
0.67104 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00528 |
| scoring_system |
epss |
| scoring_elements |
0.67154 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00528 |
| scoring_system |
epss |
| scoring_elements |
0.67167 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00528 |
| scoring_system |
epss |
| scoring_elements |
0.67186 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00528 |
| scoring_system |
epss |
| scoring_elements |
0.67172 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00528 |
| scoring_system |
epss |
| scoring_elements |
0.67141 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00528 |
| scoring_system |
epss |
| scoring_elements |
0.67175 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00528 |
| scoring_system |
epss |
| scoring_elements |
0.67189 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00528 |
| scoring_system |
epss |
| scoring_elements |
0.67169 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00528 |
| scoring_system |
epss |
| scoring_elements |
0.6719 |
| published_at |
2026-04-24T12:55:00Z |
|
| 13 |
| value |
0.00528 |
| scoring_system |
epss |
| scoring_elements |
0.67202 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-25729 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-25729
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yxpy-5fmj-cbb7 |
|
| 75 |
| url |
VCID-zd7k-6rwb-qug5 |
| vulnerability_id |
VCID-zd7k-6rwb-qug5 |
| summary |
Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary commands via (1) the executeFilter function in zm_html_view_events.php and (2) the run_state parameter to zm_html_view_state.php. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2008-3882 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0468 |
| scoring_system |
epss |
| scoring_elements |
0.89369 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.0468 |
| scoring_system |
epss |
| scoring_elements |
0.89292 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.0468 |
| scoring_system |
epss |
| scoring_elements |
0.89298 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.0468 |
| scoring_system |
epss |
| scoring_elements |
0.89311 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.0468 |
| scoring_system |
epss |
| scoring_elements |
0.89313 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.0468 |
| scoring_system |
epss |
| scoring_elements |
0.8933 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.0468 |
| scoring_system |
epss |
| scoring_elements |
0.89334 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.0468 |
| scoring_system |
epss |
| scoring_elements |
0.89343 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.0468 |
| scoring_system |
epss |
| scoring_elements |
0.8934 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.0468 |
| scoring_system |
epss |
| scoring_elements |
0.89336 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.0468 |
| scoring_system |
epss |
| scoring_elements |
0.8935 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.0468 |
| scoring_system |
epss |
| scoring_elements |
0.89347 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.0468 |
| scoring_system |
epss |
| scoring_elements |
0.89364 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2008-3882 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
|
| fixed_packages |
|
| aliases |
CVE-2008-3882
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zd7k-6rwb-qug5 |
|
| 76 |
| url |
VCID-zu3w-apm5-8bdw |
| vulnerability_id |
VCID-zu3w-apm5-8bdw |
| summary |
Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-10206 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32517 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32666 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32702 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32523 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.3257 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32596 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32598 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32561 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32533 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32548 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32516 |
| published_at |
2026-04-21T12:55:00Z |
|
| 11 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32347 |
| published_at |
2026-04-24T12:55:00Z |
|
| 12 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32231 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-10206 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-10206
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zu3w-apm5-8bdw |
|