Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1
Typedeb
Namespacedebian
Namezoneminder
Version1.36.33+dfsg1-1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.36.35+dfsg1-1
Latest_non_vulnerable_version1.36.35+dfsg1-1
Affected_by_vulnerabilities
0
url VCID-3xuk-942c-kkbf
vulnerability_id VCID-3xuk-942c-kkbf
summary ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the montagereview via the displayinterval, speed, and scale parameters. This vulnerability is fixed in 1.36.34 and 1.37.61.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-43359
reference_id
reference_type
scores
0
value 0.00262
scoring_system epss
scoring_elements 0.4949
published_at 2026-04-29T12:55:00Z
1
value 0.00262
scoring_system epss
scoring_elements 0.49518
published_at 2026-04-12T12:55:00Z
2
value 0.00262
scoring_system epss
scoring_elements 0.4952
published_at 2026-04-13T12:55:00Z
3
value 0.00262
scoring_system epss
scoring_elements 0.49567
published_at 2026-04-16T12:55:00Z
4
value 0.00262
scoring_system epss
scoring_elements 0.49564
published_at 2026-04-18T12:55:00Z
5
value 0.00262
scoring_system epss
scoring_elements 0.49535
published_at 2026-04-26T12:55:00Z
6
value 0.00262
scoring_system epss
scoring_elements 0.49525
published_at 2026-04-24T12:55:00Z
7
value 0.00262
scoring_system epss
scoring_elements 0.49499
published_at 2026-04-02T12:55:00Z
8
value 0.00262
scoring_system epss
scoring_elements 0.49526
published_at 2026-04-04T12:55:00Z
9
value 0.00262
scoring_system epss
scoring_elements 0.49478
published_at 2026-04-07T12:55:00Z
10
value 0.00262
scoring_system epss
scoring_elements 0.49533
published_at 2026-04-08T12:55:00Z
11
value 0.00262
scoring_system epss
scoring_elements 0.49529
published_at 2026-04-09T12:55:00Z
12
value 0.00262
scoring_system epss
scoring_elements 0.49546
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-43359
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43359
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43359
2
reference_url https://github.com/ZoneMinder/zoneminder/commit/6cc64dddff6144a98680f65ecf8dc249028431af
reference_id 6cc64dddff6144a98680f65ecf8dc249028431af
reference_type
scores
0
value 0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-13T17:03:34Z/
url https://github.com/ZoneMinder/zoneminder/commit/6cc64dddff6144a98680f65ecf8dc249028431af
3
reference_url https://github.com/ZoneMinder/zoneminder/commit/b51c5df0cb869ca48fccfc6e6fd7c19bf717ecd2
reference_id b51c5df0cb869ca48fccfc6e6fd7c19bf717ecd2
reference_type
scores
0
value 0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-13T17:03:34Z/
url https://github.com/ZoneMinder/zoneminder/commit/b51c5df0cb869ca48fccfc6e6fd7c19bf717ecd2
4
reference_url https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-pjjm-3qxp-6hj8
reference_id GHSA-pjjm-3qxp-6hj8
reference_type
scores
0
value 0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-13T17:03:34Z/
url https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-pjjm-3qxp-6hj8
fixed_packages
0
url pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1
purl pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1
aliases CVE-2024-43359
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3xuk-942c-kkbf
1
url VCID-4mfm-zzrx-6ffb
vulnerability_id VCID-4mfm-zzrx-6ffb
summary ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the filter view via the filter[Id]. This vulnerability is fixed in 1.36.34 and 1.37.61.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-43358
reference_id
reference_type
scores
0
value 0.01323
scoring_system epss
scoring_elements 0.79972
published_at 2026-04-29T12:55:00Z
1
value 0.01323
scoring_system epss
scoring_elements 0.79895
published_at 2026-04-12T12:55:00Z
2
value 0.01323
scoring_system epss
scoring_elements 0.79888
published_at 2026-04-13T12:55:00Z
3
value 0.01323
scoring_system epss
scoring_elements 0.79917
published_at 2026-04-18T12:55:00Z
4
value 0.01323
scoring_system epss
scoring_elements 0.7992
published_at 2026-04-21T12:55:00Z
5
value 0.01323
scoring_system epss
scoring_elements 0.79949
published_at 2026-04-24T12:55:00Z
6
value 0.01323
scoring_system epss
scoring_elements 0.79955
published_at 2026-04-26T12:55:00Z
7
value 0.01323
scoring_system epss
scoring_elements 0.79847
published_at 2026-04-02T12:55:00Z
8
value 0.01323
scoring_system epss
scoring_elements 0.79868
published_at 2026-04-04T12:55:00Z
9
value 0.01323
scoring_system epss
scoring_elements 0.79856
published_at 2026-04-07T12:55:00Z
10
value 0.01323
scoring_system epss
scoring_elements 0.79885
published_at 2026-04-08T12:55:00Z
11
value 0.01323
scoring_system epss
scoring_elements 0.79892
published_at 2026-04-09T12:55:00Z
12
value 0.01323
scoring_system epss
scoring_elements 0.79912
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-43358
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43358
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43358
2
reference_url https://github.com/ZoneMinder/zoneminder/commit/062cf568a33fb6a8604ec327b1de8bb2e0d1ff77
reference_id 062cf568a33fb6a8604ec327b1de8bb2e0d1ff77
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T13:39:31Z/
url https://github.com/ZoneMinder/zoneminder/commit/062cf568a33fb6a8604ec327b1de8bb2e0d1ff77
3
reference_url https://github.com/ZoneMinder/zoneminder/commit/4602cd0470a3b90b18bcc44b3c86d963872d1ba0
reference_id 4602cd0470a3b90b18bcc44b3c86d963872d1ba0
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T13:39:31Z/
url https://github.com/ZoneMinder/zoneminder/commit/4602cd0470a3b90b18bcc44b3c86d963872d1ba0
4
reference_url https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-6rrw-66rf-6g5f
reference_id GHSA-6rrw-66rf-6g5f
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T13:39:31Z/
url https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-6rrw-66rf-6g5f
fixed_packages
0
url pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1
purl pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1
aliases CVE-2024-43358
risk_score 2.8
exploitability 0.5
weighted_severity 5.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4mfm-zzrx-6ffb
2
url VCID-7x51-uyq2-9qax
vulnerability_id VCID-7x51-uyq2-9qax
summary ZoneMinder is a free, open source Closed-circuit television software application. In WWW/AJAX/watch.php, Line: 51 takes a few parameter in sql query without sanitizing it which makes it vulnerable to sql injection. This vulnerability is fixed in 1.36.34.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-41884
reference_id
reference_type
scores
0
value 0.00359
scoring_system epss
scoring_elements 0.58093
published_at 2026-04-29T12:55:00Z
1
value 0.00359
scoring_system epss
scoring_elements 0.5814
published_at 2026-04-12T12:55:00Z
2
value 0.00359
scoring_system epss
scoring_elements 0.5812
published_at 2026-04-13T12:55:00Z
3
value 0.00359
scoring_system epss
scoring_elements 0.58151
published_at 2026-04-18T12:55:00Z
4
value 0.00359
scoring_system epss
scoring_elements 0.58127
published_at 2026-04-21T12:55:00Z
5
value 0.00359
scoring_system epss
scoring_elements 0.58108
published_at 2026-04-26T12:55:00Z
6
value 0.00359
scoring_system epss
scoring_elements 0.58094
published_at 2026-04-24T12:55:00Z
7
value 0.00359
scoring_system epss
scoring_elements 0.58115
published_at 2026-04-04T12:55:00Z
8
value 0.00359
scoring_system epss
scoring_elements 0.5809
published_at 2026-04-07T12:55:00Z
9
value 0.00359
scoring_system epss
scoring_elements 0.58144
published_at 2026-04-08T12:55:00Z
10
value 0.00359
scoring_system epss
scoring_elements 0.58148
published_at 2026-04-09T12:55:00Z
11
value 0.00359
scoring_system epss
scoring_elements 0.58163
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-41884
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41884
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41884
2
reference_url https://github.com/ZoneMinder/zoneminder/commit/677f6a31551f128554f7b0110a52fd76453a657a
reference_id 677f6a31551f128554f7b0110a52fd76453a657a
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-13T17:33:59Z/
url https://github.com/ZoneMinder/zoneminder/commit/677f6a31551f128554f7b0110a52fd76453a657a
3
reference_url https://github.com/ZoneMinder/zoneminder/commit/a194fe81d34c5eea2ab1dc18dc8df615fca634a6
reference_id a194fe81d34c5eea2ab1dc18dc8df615fca634a6
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-13T17:33:59Z/
url https://github.com/ZoneMinder/zoneminder/commit/a194fe81d34c5eea2ab1dc18dc8df615fca634a6
4
reference_url https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-2qp3-fwpv-mc96
reference_id GHSA-2qp3-fwpv-mc96
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-13T17:33:59Z/
url https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-2qp3-fwpv-mc96
fixed_packages
0
url pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1
purl pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1
aliases CVE-2023-41884
risk_score 3.2
exploitability 0.5
weighted_severity 6.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7x51-uyq2-9qax
3
url VCID-mdkd-vmcp-afa8
vulnerability_id VCID-mdkd-vmcp-afa8
summary ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-43360
reference_id
reference_type
scores
0
value 0.62094
scoring_system epss
scoring_elements 0.98339
published_at 2026-04-04T12:55:00Z
1
value 0.62094
scoring_system epss
scoring_elements 0.98337
published_at 2026-04-02T12:55:00Z
2
value 0.62094
scoring_system epss
scoring_elements 0.9835
published_at 2026-04-13T12:55:00Z
3
value 0.62094
scoring_system epss
scoring_elements 0.98347
published_at 2026-04-09T12:55:00Z
4
value 0.62094
scoring_system epss
scoring_elements 0.98341
published_at 2026-04-07T12:55:00Z
5
value 0.63252
scoring_system epss
scoring_elements 0.98405
published_at 2026-04-21T12:55:00Z
6
value 0.63252
scoring_system epss
scoring_elements 0.9841
published_at 2026-04-29T12:55:00Z
7
value 0.63252
scoring_system epss
scoring_elements 0.98409
published_at 2026-04-24T12:55:00Z
8
value 0.63252
scoring_system epss
scoring_elements 0.98407
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-43360
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43360
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43360
2
reference_url https://github.com/ZoneMinder/zoneminder/commit/677f6a31551f128554f7b0110a52fd76453a657a
reference_id 677f6a31551f128554f7b0110a52fd76453a657a
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-15T18:53:18Z/
url https://github.com/ZoneMinder/zoneminder/commit/677f6a31551f128554f7b0110a52fd76453a657a
3
reference_url https://github.com/ZoneMinder/zoneminder/commit/a194fe81d34c5eea2ab1dc18dc8df615fca634a6
reference_id a194fe81d34c5eea2ab1dc18dc8df615fca634a6
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-15T18:53:18Z/
url https://github.com/ZoneMinder/zoneminder/commit/a194fe81d34c5eea2ab1dc18dc8df615fca634a6
4
reference_url https://github.com/ZoneMinder/zoneminder/commit/bb07118118e23b5670c2c18be8be2cc6b8529397
reference_id bb07118118e23b5670c2c18be8be2cc6b8529397
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-15T18:53:18Z/
url https://github.com/ZoneMinder/zoneminder/commit/bb07118118e23b5670c2c18be8be2cc6b8529397
5
reference_url https://github.com/ZoneMinder/zoneminder/commit/de8f387207e9c506e8e8007eda725741a25601c5
reference_id de8f387207e9c506e8e8007eda725741a25601c5
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-15T18:53:18Z/
url https://github.com/ZoneMinder/zoneminder/commit/de8f387207e9c506e8e8007eda725741a25601c5
6
reference_url https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-9cmr-7437-v9fj
reference_id GHSA-9cmr-7437-v9fj
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-15T18:53:18Z/
url https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-9cmr-7437-v9fj
fixed_packages
0
url pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1
purl pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1
aliases CVE-2024-43360
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mdkd-vmcp-afa8
Fixing_vulnerabilities
0
url VCID-4qtk-7myx-vfcd
vulnerability_id VCID-4qtk-7myx-vfcd
summary ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-26035
reference_id
reference_type
scores
0
value 0.55722
scoring_system epss
scoring_elements 0.98074
published_at 2026-04-02T12:55:00Z
1
value 0.55722
scoring_system epss
scoring_elements 0.98078
published_at 2026-04-04T12:55:00Z
2
value 0.55722
scoring_system epss
scoring_elements 0.98079
published_at 2026-04-07T12:55:00Z
3
value 0.55722
scoring_system epss
scoring_elements 0.98083
published_at 2026-04-08T12:55:00Z
4
value 0.55722
scoring_system epss
scoring_elements 0.98084
published_at 2026-04-09T12:55:00Z
5
value 0.55722
scoring_system epss
scoring_elements 0.98089
published_at 2026-04-12T12:55:00Z
6
value 0.55722
scoring_system epss
scoring_elements 0.9809
published_at 2026-04-13T12:55:00Z
7
value 0.55722
scoring_system epss
scoring_elements 0.98095
published_at 2026-04-26T12:55:00Z
8
value 0.55722
scoring_system epss
scoring_elements 0.98097
published_at 2026-04-29T12:55:00Z
9
value 0.55722
scoring_system epss
scoring_elements 0.98093
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-26035
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26035
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26035
fixed_packages
0
url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1
purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xuk-942c-kkbf
1
vulnerability VCID-4mfm-zzrx-6ffb
2
vulnerability VCID-7x51-uyq2-9qax
3
vulnerability VCID-mdkd-vmcp-afa8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1
aliases CVE-2023-26035
risk_score 1.0
exploitability 2.0
weighted_severity 0.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4qtk-7myx-vfcd
1
url VCID-7vc9-wfjb-t3ba
vulnerability_id VCID-7vc9-wfjb-t3ba
summary ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views the specific log on the "view=log" page. This vulnerability allows an attacker to store code within the logs that will be executed when loaded by a legitimate user. These actions will be performed with the permission of the victim. This could lead to data loss and/or further exploitation including account takeover. This issue has been addressed in versions `1.36.27` and `1.37.24`. Users are advised to upgrade. Users unable to upgrade should disable database logging.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-39285
reference_id
reference_type
scores
0
value 0.01852
scoring_system epss
scoring_elements 0.83085
published_at 2026-04-29T12:55:00Z
1
value 0.01852
scoring_system epss
scoring_elements 0.83045
published_at 2026-04-16T12:55:00Z
2
value 0.01852
scoring_system epss
scoring_elements 0.83044
published_at 2026-04-18T12:55:00Z
3
value 0.01852
scoring_system epss
scoring_elements 0.83047
published_at 2026-04-21T12:55:00Z
4
value 0.01852
scoring_system epss
scoring_elements 0.8307
published_at 2026-04-24T12:55:00Z
5
value 0.01852
scoring_system epss
scoring_elements 0.83078
published_at 2026-04-26T12:55:00Z
6
value 0.01852
scoring_system epss
scoring_elements 0.82959
published_at 2026-04-02T12:55:00Z
7
value 0.01852
scoring_system epss
scoring_elements 0.82972
published_at 2026-04-04T12:55:00Z
8
value 0.01852
scoring_system epss
scoring_elements 0.82969
published_at 2026-04-07T12:55:00Z
9
value 0.01852
scoring_system epss
scoring_elements 0.82994
published_at 2026-04-08T12:55:00Z
10
value 0.01852
scoring_system epss
scoring_elements 0.83001
published_at 2026-04-09T12:55:00Z
11
value 0.01852
scoring_system epss
scoring_elements 0.83017
published_at 2026-04-11T12:55:00Z
12
value 0.01852
scoring_system epss
scoring_elements 0.83011
published_at 2026-04-12T12:55:00Z
13
value 0.01852
scoring_system epss
scoring_elements 0.83006
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-39285
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39285
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39285
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565
reference_id 1021565
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565
3
reference_url https://github.com/ZoneMinder/zoneminder/commit/c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d
reference_id c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:49Z/
url https://github.com/ZoneMinder/zoneminder/commit/c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d
4
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51071.py
reference_id CVE-2022-39291;CVE-2022-39290;CVE-2022-39285
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51071.py
5
reference_url https://github.com/ZoneMinder/zoneminder/commit/d289eb48601a76e34feea3c1683955337b1fae59
reference_id d289eb48601a76e34feea3c1683955337b1fae59
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:49Z/
url https://github.com/ZoneMinder/zoneminder/commit/d289eb48601a76e34feea3c1683955337b1fae59
6
reference_url https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-h6xp-cvwv-q433
reference_id GHSA-h6xp-cvwv-q433
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:49Z/
url https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-h6xp-cvwv-q433
7
reference_url http://packetstormsecurity.com/files/171498/Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html
reference_id Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:49Z/
url http://packetstormsecurity.com/files/171498/Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html
fixed_packages
0
url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1
purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xuk-942c-kkbf
1
vulnerability VCID-4mfm-zzrx-6ffb
2
vulnerability VCID-7x51-uyq2-9qax
3
vulnerability VCID-mdkd-vmcp-afa8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1
aliases CVE-2022-39285
risk_score 10.0
exploitability 2.0
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7vc9-wfjb-t3ba
2
url VCID-95ub-6q5w-p3cm
vulnerability_id VCID-95ub-6q5w-p3cm
summary ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an OS Command Injection via daemonControl() in (/web/api/app/Controller/HostController.php). Any authenticated user can construct an api command to execute any shell command as the web user. This issue is patched in versions 1.36.33 and 1.37.33.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-26039
reference_id
reference_type
scores
0
value 0.05839
scoring_system epss
scoring_elements 0.90568
published_at 2026-04-29T12:55:00Z
1
value 0.05839
scoring_system epss
scoring_elements 0.90572
published_at 2026-04-26T12:55:00Z
2
value 0.05839
scoring_system epss
scoring_elements 0.90504
published_at 2026-04-02T12:55:00Z
3
value 0.05839
scoring_system epss
scoring_elements 0.90514
published_at 2026-04-04T12:55:00Z
4
value 0.05839
scoring_system epss
scoring_elements 0.9052
published_at 2026-04-07T12:55:00Z
5
value 0.05839
scoring_system epss
scoring_elements 0.90533
published_at 2026-04-08T12:55:00Z
6
value 0.05839
scoring_system epss
scoring_elements 0.90539
published_at 2026-04-09T12:55:00Z
7
value 0.05839
scoring_system epss
scoring_elements 0.90547
published_at 2026-04-12T12:55:00Z
8
value 0.05839
scoring_system epss
scoring_elements 0.90541
published_at 2026-04-13T12:55:00Z
9
value 0.05839
scoring_system epss
scoring_elements 0.90559
published_at 2026-04-16T12:55:00Z
10
value 0.05839
scoring_system epss
scoring_elements 0.90558
published_at 2026-04-18T12:55:00Z
11
value 0.05839
scoring_system epss
scoring_elements 0.90557
published_at 2026-04-21T12:55:00Z
12
value 0.05839
scoring_system epss
scoring_elements 0.90571
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-26039
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26039
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26039
2
reference_url https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-44q8-h2pw-cc9g
reference_id GHSA-44q8-h2pw-cc9g
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:56:57Z/
url https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-44q8-h2pw-cc9g
fixed_packages
0
url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1
purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xuk-942c-kkbf
1
vulnerability VCID-4mfm-zzrx-6ffb
2
vulnerability VCID-7x51-uyq2-9qax
3
vulnerability VCID-mdkd-vmcp-afa8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1
aliases CVE-2023-26039
risk_score 3.2
exploitability 0.5
weighted_severity 6.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-95ub-6q5w-p3cm
3
url VCID-9kh5-715y-pud4
vulnerability_id VCID-9kh5-715y-pud4
summary ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CSRF key from the request. An attacker can take advantage of this by using an HTTP GET request to perform actions with no CSRF protection. This could allow an attacker to cause an authenticated user to perform unexpected actions on the web application. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-39290
reference_id
reference_type
scores
0
value 0.04003
scoring_system epss
scoring_elements 0.88464
published_at 2026-04-29T12:55:00Z
1
value 0.04003
scoring_system epss
scoring_elements 0.88448
published_at 2026-04-16T12:55:00Z
2
value 0.04003
scoring_system epss
scoring_elements 0.88445
published_at 2026-04-18T12:55:00Z
3
value 0.04003
scoring_system epss
scoring_elements 0.88459
published_at 2026-04-24T12:55:00Z
4
value 0.04003
scoring_system epss
scoring_elements 0.88392
published_at 2026-04-02T12:55:00Z
5
value 0.04003
scoring_system epss
scoring_elements 0.88401
published_at 2026-04-04T12:55:00Z
6
value 0.04003
scoring_system epss
scoring_elements 0.88405
published_at 2026-04-07T12:55:00Z
7
value 0.04003
scoring_system epss
scoring_elements 0.88425
published_at 2026-04-08T12:55:00Z
8
value 0.04003
scoring_system epss
scoring_elements 0.88431
published_at 2026-04-09T12:55:00Z
9
value 0.04003
scoring_system epss
scoring_elements 0.88442
published_at 2026-04-21T12:55:00Z
10
value 0.04003
scoring_system epss
scoring_elements 0.88434
published_at 2026-04-12T12:55:00Z
11
value 0.04003
scoring_system epss
scoring_elements 0.88433
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-39290
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39290
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39290
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565
reference_id 1021565
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565
3
reference_url https://github.com/ZoneMinder/zoneminder/commit/c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d
reference_id c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d
reference_type
scores
0
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:40:55Z/
url https://github.com/ZoneMinder/zoneminder/commit/c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d
4
reference_url https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-xgv6-qv6c-399q
reference_id GHSA-xgv6-qv6c-399q
reference_type
scores
0
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:40:55Z/
url https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-xgv6-qv6c-399q
5
reference_url http://packetstormsecurity.com/files/171498/Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html
reference_id Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html
reference_type
scores
0
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:40:55Z/
url http://packetstormsecurity.com/files/171498/Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html
fixed_packages
0
url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1
purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xuk-942c-kkbf
1
vulnerability VCID-4mfm-zzrx-6ffb
2
vulnerability VCID-7x51-uyq2-9qax
3
vulnerability VCID-mdkd-vmcp-afa8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1
aliases CVE-2022-39290
risk_score 10.0
exploitability 2.0
weighted_severity 7.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9kh5-715y-pud4
4
url VCID-d117-rhnc-rkhf
vulnerability_id VCID-d117-rhnc-rkhf
summary ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are affected by a SQL Injection vulnerability. The (blind) SQL Injection vulnerability is present within the `filter[Query][terms][0][attr]` query string parameter of the `/zm/index.php` endpoint. A user with the View or Edit permissions of Events may execute arbitrary SQL. The resulting impact can include unauthorized data access (and modification), authentication and/or authorization bypass, and remote code execution.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-26034
reference_id
reference_type
scores
0
value 0.02063
scoring_system epss
scoring_elements 0.8398
published_at 2026-04-26T12:55:00Z
1
value 0.02063
scoring_system epss
scoring_elements 0.83985
published_at 2026-04-29T12:55:00Z
2
value 0.02063
scoring_system epss
scoring_elements 0.83947
published_at 2026-04-21T12:55:00Z
3
value 0.02063
scoring_system epss
scoring_elements 0.83973
published_at 2026-04-24T12:55:00Z
4
value 0.02352
scoring_system epss
scoring_elements 0.84891
published_at 2026-04-09T12:55:00Z
5
value 0.02352
scoring_system epss
scoring_elements 0.8491
published_at 2026-04-11T12:55:00Z
6
value 0.02352
scoring_system epss
scoring_elements 0.84842
published_at 2026-04-02T12:55:00Z
7
value 0.02352
scoring_system epss
scoring_elements 0.84902
published_at 2026-04-13T12:55:00Z
8
value 0.02352
scoring_system epss
scoring_elements 0.84924
published_at 2026-04-16T12:55:00Z
9
value 0.02352
scoring_system epss
scoring_elements 0.84925
published_at 2026-04-18T12:55:00Z
10
value 0.02352
scoring_system epss
scoring_elements 0.84908
published_at 2026-04-12T12:55:00Z
11
value 0.02352
scoring_system epss
scoring_elements 0.8486
published_at 2026-04-04T12:55:00Z
12
value 0.02352
scoring_system epss
scoring_elements 0.84861
published_at 2026-04-07T12:55:00Z
13
value 0.02352
scoring_system epss
scoring_elements 0.84884
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-26034
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26034
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26034
2
reference_url https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-222j-wh8m-xjrx
reference_id GHSA-222j-wh8m-xjrx
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-10T21:00:55Z/
url https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-222j-wh8m-xjrx
fixed_packages
0
url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1
purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xuk-942c-kkbf
1
vulnerability VCID-4mfm-zzrx-6ffb
2
vulnerability VCID-7x51-uyq2-9qax
3
vulnerability VCID-mdkd-vmcp-afa8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1
aliases CVE-2023-26034
risk_score 4.3
exploitability 0.5
weighted_severity 8.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d117-rhnc-rkhf
5
url VCID-fyy1-fwys-xkbj
vulnerability_id VCID-fyy1-fwys-xkbj
summary ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via /web/index.php. By controlling $view, any local file ending in .php can be executed. This is supposed to be mitigated by calling detaintPath, however dentaintPath does not properly sandbox the path. This can be exploited by constructing paths like "..././", which get replaced by "../". This issue is patched in versions 1.36.33 and 1.37.33.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-26036
reference_id
reference_type
scores
0
value 0.00417
scoring_system epss
scoring_elements 0.61791
published_at 2026-04-29T12:55:00Z
1
value 0.00417
scoring_system epss
scoring_elements 0.61798
published_at 2026-04-26T12:55:00Z
2
value 0.00417
scoring_system epss
scoring_elements 0.61699
published_at 2026-04-02T12:55:00Z
3
value 0.00417
scoring_system epss
scoring_elements 0.61729
published_at 2026-04-04T12:55:00Z
4
value 0.00417
scoring_system epss
scoring_elements 0.617
published_at 2026-04-07T12:55:00Z
5
value 0.00417
scoring_system epss
scoring_elements 0.61749
published_at 2026-04-08T12:55:00Z
6
value 0.00417
scoring_system epss
scoring_elements 0.61764
published_at 2026-04-09T12:55:00Z
7
value 0.00417
scoring_system epss
scoring_elements 0.61786
published_at 2026-04-11T12:55:00Z
8
value 0.00417
scoring_system epss
scoring_elements 0.61773
published_at 2026-04-12T12:55:00Z
9
value 0.00417
scoring_system epss
scoring_elements 0.61754
published_at 2026-04-13T12:55:00Z
10
value 0.00417
scoring_system epss
scoring_elements 0.61796
published_at 2026-04-16T12:55:00Z
11
value 0.00417
scoring_system epss
scoring_elements 0.61802
published_at 2026-04-18T12:55:00Z
12
value 0.00417
scoring_system epss
scoring_elements 0.61785
published_at 2026-04-21T12:55:00Z
13
value 0.00417
scoring_system epss
scoring_elements 0.6178
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-26036
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26036
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26036
2
reference_url https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-h5m9-6jjc-cgmw
reference_id GHSA-h5m9-6jjc-cgmw
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-10T21:00:52Z/
url https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-h5m9-6jjc-cgmw
fixed_packages
0
url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1
purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xuk-942c-kkbf
1
vulnerability VCID-4mfm-zzrx-6ffb
2
vulnerability VCID-7x51-uyq2-9qax
3
vulnerability VCID-mdkd-vmcp-afa8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1
aliases CVE-2023-26036
risk_score 3.6
exploitability 0.5
weighted_severity 7.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fyy1-fwys-xkbj
6
url VCID-j283-1m9p-13hn
vulnerability_id VCID-j283-1m9p-13hn
summary ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 are vulnerable to Cross-site Scripting. Log entries can be injected into the database logs, containing a malicious referrer field. This is unescaped when viewing the logs in the web ui. This issue is patched in version 1.36.33.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25825
reference_id
reference_type
scores
0
value 0.00297
scoring_system epss
scoring_elements 0.53012
published_at 2026-04-29T12:55:00Z
1
value 0.00297
scoring_system epss
scoring_elements 0.53066
published_at 2026-04-12T12:55:00Z
2
value 0.00297
scoring_system epss
scoring_elements 0.53049
published_at 2026-04-13T12:55:00Z
3
value 0.00297
scoring_system epss
scoring_elements 0.53087
published_at 2026-04-16T12:55:00Z
4
value 0.00297
scoring_system epss
scoring_elements 0.53094
published_at 2026-04-18T12:55:00Z
5
value 0.00297
scoring_system epss
scoring_elements 0.53076
published_at 2026-04-21T12:55:00Z
6
value 0.00297
scoring_system epss
scoring_elements 0.53042
published_at 2026-04-24T12:55:00Z
7
value 0.00297
scoring_system epss
scoring_elements 0.53051
published_at 2026-04-26T12:55:00Z
8
value 0.00297
scoring_system epss
scoring_elements 0.52996
published_at 2026-04-02T12:55:00Z
9
value 0.00297
scoring_system epss
scoring_elements 0.53021
published_at 2026-04-04T12:55:00Z
10
value 0.00297
scoring_system epss
scoring_elements 0.52988
published_at 2026-04-07T12:55:00Z
11
value 0.00297
scoring_system epss
scoring_elements 0.53039
published_at 2026-04-08T12:55:00Z
12
value 0.00297
scoring_system epss
scoring_elements 0.53032
published_at 2026-04-09T12:55:00Z
13
value 0.00297
scoring_system epss
scoring_elements 0.53082
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25825
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25825
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25825
2
reference_url https://github.com/ZoneMinder/zoneminder/commit/4637eaf9ea530193e0897ec48899f5638bdd6d81
reference_id 4637eaf9ea530193e0897ec48899f5638bdd6d81
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:53Z/
url https://github.com/ZoneMinder/zoneminder/commit/4637eaf9ea530193e0897ec48899f5638bdd6d81
3
reference_url https://github.com/ZoneMinder/zoneminder/commit/57bf25d39f12d620693f26068b8441b4f3f0b6c0
reference_id 57bf25d39f12d620693f26068b8441b4f3f0b6c0
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:53Z/
url https://github.com/ZoneMinder/zoneminder/commit/57bf25d39f12d620693f26068b8441b4f3f0b6c0
4
reference_url https://github.com/ZoneMinder/zoneminder/commit/e1028c1d7f23cc1e0941b7b37bb6ae5a04364308
reference_id e1028c1d7f23cc1e0941b7b37bb6ae5a04364308
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:53Z/
url https://github.com/ZoneMinder/zoneminder/commit/e1028c1d7f23cc1e0941b7b37bb6ae5a04364308
5
reference_url https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-68vf-g4qm-jr6v
reference_id GHSA-68vf-g4qm-jr6v
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:53Z/
url https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-68vf-g4qm-jr6v
fixed_packages
0
url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1
purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xuk-942c-kkbf
1
vulnerability VCID-4mfm-zzrx-6ffb
2
vulnerability VCID-7x51-uyq2-9qax
3
vulnerability VCID-mdkd-vmcp-afa8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1
aliases CVE-2023-25825
risk_score 3.5
exploitability 0.5
weighted_severity 6.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j283-1m9p-13hn
7
url VCID-jukn-h868-5ugm
vulnerability_id VCID-jukn-h868-5ugm
summary ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with "View" system permissions to inject new data into the logs stored by Zoneminder. This was observed through an HTTP POST request containing log information to the "/zm/index.php" endpoint. Submission is not rate controlled and could affect database performance and/or consume all storage resources. Users are advised to upgrade. There are no known workarounds for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-39291
reference_id
reference_type
scores
0
value 0.07382
scoring_system epss
scoring_elements 0.91743
published_at 2026-04-29T12:55:00Z
1
value 0.07382
scoring_system epss
scoring_elements 0.9172
published_at 2026-04-08T12:55:00Z
2
value 0.07382
scoring_system epss
scoring_elements 0.91727
published_at 2026-04-13T12:55:00Z
3
value 0.07382
scoring_system epss
scoring_elements 0.9173
published_at 2026-04-11T12:55:00Z
4
value 0.07382
scoring_system epss
scoring_elements 0.91732
published_at 2026-04-12T12:55:00Z
5
value 0.07382
scoring_system epss
scoring_elements 0.91748
published_at 2026-04-16T12:55:00Z
6
value 0.07382
scoring_system epss
scoring_elements 0.91741
published_at 2026-04-18T12:55:00Z
7
value 0.07382
scoring_system epss
scoring_elements 0.91742
published_at 2026-04-21T12:55:00Z
8
value 0.07382
scoring_system epss
scoring_elements 0.91747
published_at 2026-04-24T12:55:00Z
9
value 0.07382
scoring_system epss
scoring_elements 0.91745
published_at 2026-04-26T12:55:00Z
10
value 0.07382
scoring_system epss
scoring_elements 0.91694
published_at 2026-04-02T12:55:00Z
11
value 0.07382
scoring_system epss
scoring_elements 0.91699
published_at 2026-04-04T12:55:00Z
12
value 0.07382
scoring_system epss
scoring_elements 0.91707
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-39291
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39291
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39291
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565
reference_id 1021565
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565
3
reference_url https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4
reference_id 34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:43Z/
url https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4
4
reference_url https://github.com/ZoneMinder/zoneminder/commit/73d9f2482cdcb238506388798d3cf92546f9e40c
reference_id 73d9f2482cdcb238506388798d3cf92546f9e40c
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:43Z/
url https://github.com/ZoneMinder/zoneminder/commit/73d9f2482cdcb238506388798d3cf92546f9e40c
5
reference_url https://github.com/ZoneMinder/zoneminder/commit/cb3fc5907da21a5111ae54128a5d0b49ae755e9b
reference_id cb3fc5907da21a5111ae54128a5d0b49ae755e9b
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:43Z/
url https://github.com/ZoneMinder/zoneminder/commit/cb3fc5907da21a5111ae54128a5d0b49ae755e9b
6
reference_url https://github.com/ZoneMinder/zoneminder/commit/de2866f9574a2bf2690276fad53c91d607825408
reference_id de2866f9574a2bf2690276fad53c91d607825408
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:43Z/
url https://github.com/ZoneMinder/zoneminder/commit/de2866f9574a2bf2690276fad53c91d607825408
7
reference_url https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-cfcx-v52x-jh74
reference_id GHSA-cfcx-v52x-jh74
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:43Z/
url https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-cfcx-v52x-jh74
8
reference_url http://packetstormsecurity.com/files/171498/Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html
reference_id Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:43Z/
url http://packetstormsecurity.com/files/171498/Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html
fixed_packages
0
url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1
purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xuk-942c-kkbf
1
vulnerability VCID-4mfm-zzrx-6ffb
2
vulnerability VCID-7x51-uyq2-9qax
3
vulnerability VCID-mdkd-vmcp-afa8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1
aliases CVE-2022-39291
risk_score 9.8
exploitability 2.0
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jukn-h868-5ugm
8
url VCID-kk5d-y2z8-r3g2
vulnerability_id VCID-kk5d-y2z8-r3g2
summary ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-29806
reference_id
reference_type
scores
0
value 0.70724
scoring_system epss
scoring_elements 0.9871
published_at 2026-04-29T12:55:00Z
1
value 0.77125
scoring_system epss
scoring_elements 0.98962
published_at 2026-04-04T12:55:00Z
2
value 0.77125
scoring_system epss
scoring_elements 0.98964
published_at 2026-04-07T12:55:00Z
3
value 0.77125
scoring_system epss
scoring_elements 0.98966
published_at 2026-04-09T12:55:00Z
4
value 0.77125
scoring_system epss
scoring_elements 0.98967
published_at 2026-04-11T12:55:00Z
5
value 0.77125
scoring_system epss
scoring_elements 0.9896
published_at 2026-04-02T12:55:00Z
6
value 0.77125
scoring_system epss
scoring_elements 0.9897
published_at 2026-04-18T12:55:00Z
7
value 0.77125
scoring_system epss
scoring_elements 0.98971
published_at 2026-04-21T12:55:00Z
8
value 0.77125
scoring_system epss
scoring_elements 0.98975
published_at 2026-04-24T12:55:00Z
9
value 0.77125
scoring_system epss
scoring_elements 0.98977
published_at 2026-04-26T12:55:00Z
10
value 0.77125
scoring_system epss
scoring_elements 0.98968
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-29806
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29806
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29806
2
reference_url https://usn.ubuntu.com/5889-1/
reference_id USN-5889-1
reference_type
scores
url https://usn.ubuntu.com/5889-1/
fixed_packages
0
url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1
purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xuk-942c-kkbf
1
vulnerability VCID-4mfm-zzrx-6ffb
2
vulnerability VCID-7x51-uyq2-9qax
3
vulnerability VCID-mdkd-vmcp-afa8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1
aliases CVE-2022-29806
risk_score 1.4
exploitability 2.0
weighted_severity 0.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kk5d-y2z8-r3g2
9
url VCID-mk5h-586t-pyga
vulnerability_id VCID-mk5h-586t-pyga
summary ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via web/ajax/modal.php, where an arbitrary php file path can be passed in the request and loaded. This issue is patched in versions 1.36.33 and 1.37.33.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-26038
reference_id
reference_type
scores
0
value 0.00249
scoring_system epss
scoring_elements 0.48089
published_at 2026-04-29T12:55:00Z
1
value 0.00249
scoring_system epss
scoring_elements 0.48144
published_at 2026-04-26T12:55:00Z
2
value 0.00249
scoring_system epss
scoring_elements 0.48124
published_at 2026-04-02T12:55:00Z
3
value 0.00249
scoring_system epss
scoring_elements 0.48145
published_at 2026-04-04T12:55:00Z
4
value 0.00249
scoring_system epss
scoring_elements 0.48095
published_at 2026-04-07T12:55:00Z
5
value 0.00249
scoring_system epss
scoring_elements 0.48148
published_at 2026-04-08T12:55:00Z
6
value 0.00249
scoring_system epss
scoring_elements 0.48143
published_at 2026-04-09T12:55:00Z
7
value 0.00249
scoring_system epss
scoring_elements 0.48167
published_at 2026-04-11T12:55:00Z
8
value 0.00249
scoring_system epss
scoring_elements 0.4814
published_at 2026-04-12T12:55:00Z
9
value 0.00249
scoring_system epss
scoring_elements 0.48151
published_at 2026-04-13T12:55:00Z
10
value 0.00249
scoring_system epss
scoring_elements 0.48203
published_at 2026-04-16T12:55:00Z
11
value 0.00249
scoring_system epss
scoring_elements 0.48198
published_at 2026-04-18T12:55:00Z
12
value 0.00249
scoring_system epss
scoring_elements 0.48154
published_at 2026-04-21T12:55:00Z
13
value 0.00249
scoring_system epss
scoring_elements 0.48133
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-26038
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26038
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26038
2
reference_url https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-wrx3-r8c4-r24w
reference_id GHSA-wrx3-r8c4-r24w
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:50Z/
url https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-wrx3-r8c4-r24w
fixed_packages
0
url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1
purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xuk-942c-kkbf
1
vulnerability VCID-4mfm-zzrx-6ffb
2
vulnerability VCID-7x51-uyq2-9qax
3
vulnerability VCID-mdkd-vmcp-afa8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1
aliases CVE-2023-26038
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mk5h-586t-pyga
10
url VCID-n8y3-5fb9-kucb
vulnerability_id VCID-n8y3-5fb9-kucb
summary ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain SQL Injection via malicious jason web token. The Username field of the JWT token was trusted when performing an SQL query to load the user. If an attacker could determine the HASH key used by ZoneMinder, they could generate a malicious JWT token and use it to execute arbitrary SQL. This issue is fixed in versions 1.36.33 and 1.37.33.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-26032
reference_id
reference_type
scores
0
value 0.00714
scoring_system epss
scoring_elements 0.72415
published_at 2026-04-29T12:55:00Z
1
value 0.00714
scoring_system epss
scoring_elements 0.72419
published_at 2026-04-26T12:55:00Z
2
value 0.00714
scoring_system epss
scoring_elements 0.72287
published_at 2026-04-02T12:55:00Z
3
value 0.00714
scoring_system epss
scoring_elements 0.72306
published_at 2026-04-04T12:55:00Z
4
value 0.00714
scoring_system epss
scoring_elements 0.72283
published_at 2026-04-07T12:55:00Z
5
value 0.00714
scoring_system epss
scoring_elements 0.72322
published_at 2026-04-08T12:55:00Z
6
value 0.00714
scoring_system epss
scoring_elements 0.72334
published_at 2026-04-09T12:55:00Z
7
value 0.00714
scoring_system epss
scoring_elements 0.72357
published_at 2026-04-11T12:55:00Z
8
value 0.00714
scoring_system epss
scoring_elements 0.7234
published_at 2026-04-12T12:55:00Z
9
value 0.00714
scoring_system epss
scoring_elements 0.72328
published_at 2026-04-13T12:55:00Z
10
value 0.00714
scoring_system epss
scoring_elements 0.7237
published_at 2026-04-16T12:55:00Z
11
value 0.00714
scoring_system epss
scoring_elements 0.72379
published_at 2026-04-18T12:55:00Z
12
value 0.00714
scoring_system epss
scoring_elements 0.72367
published_at 2026-04-21T12:55:00Z
13
value 0.00714
scoring_system epss
scoring_elements 0.7241
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-26032
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26032
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26032
2
reference_url https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-6c72-q9mw-mwx9
reference_id GHSA-6c72-q9mw-mwx9
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-10T20:57:37Z/
url https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-6c72-q9mw-mwx9
fixed_packages
0
url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1
purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xuk-942c-kkbf
1
vulnerability VCID-4mfm-zzrx-6ffb
2
vulnerability VCID-7x51-uyq2-9qax
3
vulnerability VCID-mdkd-vmcp-afa8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1
aliases CVE-2023-26032
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n8y3-5fb9-kucb
11
url VCID-tyu6-8h17-8yh5
vulnerability_id VCID-tyu6-8h17-8yh5
summary ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be used execute arbitrary SQL. This issue is fixed in versions 1.36.33 and 1.37.33.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-26037
reference_id
reference_type
scores
0
value 0.00714
scoring_system epss
scoring_elements 0.72415
published_at 2026-04-29T12:55:00Z
1
value 0.00714
scoring_system epss
scoring_elements 0.72419
published_at 2026-04-26T12:55:00Z
2
value 0.00714
scoring_system epss
scoring_elements 0.72287
published_at 2026-04-02T12:55:00Z
3
value 0.00714
scoring_system epss
scoring_elements 0.72306
published_at 2026-04-04T12:55:00Z
4
value 0.00714
scoring_system epss
scoring_elements 0.72283
published_at 2026-04-07T12:55:00Z
5
value 0.00714
scoring_system epss
scoring_elements 0.72322
published_at 2026-04-08T12:55:00Z
6
value 0.00714
scoring_system epss
scoring_elements 0.72334
published_at 2026-04-09T12:55:00Z
7
value 0.00714
scoring_system epss
scoring_elements 0.72357
published_at 2026-04-11T12:55:00Z
8
value 0.00714
scoring_system epss
scoring_elements 0.7234
published_at 2026-04-12T12:55:00Z
9
value 0.00714
scoring_system epss
scoring_elements 0.72328
published_at 2026-04-13T12:55:00Z
10
value 0.00714
scoring_system epss
scoring_elements 0.7237
published_at 2026-04-16T12:55:00Z
11
value 0.00714
scoring_system epss
scoring_elements 0.72379
published_at 2026-04-18T12:55:00Z
12
value 0.00714
scoring_system epss
scoring_elements 0.72367
published_at 2026-04-21T12:55:00Z
13
value 0.00714
scoring_system epss
scoring_elements 0.7241
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-26037
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26037
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26037
2
reference_url https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-65jp-2hj3-3733
reference_id GHSA-65jp-2hj3-3733
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-10T20:57:34Z/
url https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-65jp-2hj3-3733
fixed_packages
0
url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1
purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xuk-942c-kkbf
1
vulnerability VCID-4mfm-zzrx-6ffb
2
vulnerability VCID-7x51-uyq2-9qax
3
vulnerability VCID-mdkd-vmcp-afa8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1
aliases CVE-2023-26037
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tyu6-8h17-8yh5
12
url VCID-uybk-r4q9-gyac
vulnerability_id VCID-uybk-r4q9-gyac
summary ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as possible. Users unable to upgrade should disable database logging.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-39289
reference_id
reference_type
scores
0
value 0.00372
scoring_system epss
scoring_elements 0.58978
published_at 2026-04-29T12:55:00Z
1
value 0.00372
scoring_system epss
scoring_elements 0.58975
published_at 2026-04-24T12:55:00Z
2
value 0.00372
scoring_system epss
scoring_elements 0.5901
published_at 2026-04-16T12:55:00Z
3
value 0.00372
scoring_system epss
scoring_elements 0.58992
published_at 2026-04-26T12:55:00Z
4
value 0.00372
scoring_system epss
scoring_elements 0.58947
published_at 2026-04-02T12:55:00Z
5
value 0.00372
scoring_system epss
scoring_elements 0.58969
published_at 2026-04-04T12:55:00Z
6
value 0.00372
scoring_system epss
scoring_elements 0.58936
published_at 2026-04-07T12:55:00Z
7
value 0.00372
scoring_system epss
scoring_elements 0.58987
published_at 2026-04-08T12:55:00Z
8
value 0.00372
scoring_system epss
scoring_elements 0.58993
published_at 2026-04-21T12:55:00Z
9
value 0.00372
scoring_system epss
scoring_elements 0.59013
published_at 2026-04-18T12:55:00Z
10
value 0.00372
scoring_system epss
scoring_elements 0.58994
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-39289
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39289
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39289
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565
reference_id 1021565
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565
3
reference_url https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4
reference_id 34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:36:54Z/
url https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4
4
reference_url https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-mpcx-3gvh-9488
reference_id GHSA-mpcx-3gvh-9488
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:36:54Z/
url https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-mpcx-3gvh-9488
fixed_packages
0
url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1
purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xuk-942c-kkbf
1
vulnerability VCID-4mfm-zzrx-6ffb
2
vulnerability VCID-7x51-uyq2-9qax
3
vulnerability VCID-mdkd-vmcp-afa8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1
aliases CVE-2022-39289
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uybk-r4q9-gyac
Risk_score4.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1