{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","type":"deb","namespace":"debian","name":"zoneminder","version":"1.34.23-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.36.35+dfsg1-1","latest_non_vulnerable_version":"1.36.35+dfsg1-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96187?format=json","vulnerability_id":"VCID-3xuk-942c-kkbf","summary":"ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the montagereview via the displayinterval, speed, and scale parameters. This vulnerability is fixed in 1.36.34 and 1.37.61.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43359","reference_id":"","reference_type":"","scores":[{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.4949","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49518","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.4952","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49567","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49564","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49535","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49525","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49499","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49526","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49478","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49533","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49529","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49546","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43359"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/commit/6cc64dddff6144a98680f65ecf8dc249028431af","reference_id":"6cc64dddff6144a98680f65ecf8dc249028431af","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-13T17:03:34Z/"}],"url":"https://github.com/ZoneMinder/zoneminder/commit/6cc64dddff6144a98680f65ecf8dc249028431af"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/commit/b51c5df0cb869ca48fccfc6e6fd7c19bf717ecd2","reference_id":"b51c5df0cb869ca48fccfc6e6fd7c19bf717ecd2","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-13T17:03:34Z/"}],"url":"https://github.com/ZoneMinder/zoneminder/commit/b51c5df0cb869ca48fccfc6e6fd7c19bf717ecd2"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-pjjm-3qxp-6hj8","reference_id":"GHSA-pjjm-3qxp-6hj8","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-13T17:03:34Z/"}],"url":"https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-pjjm-3qxp-6hj8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994888?format=json","purl":"pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1"}],"aliases":["CVE-2024-43359"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3xuk-942c-kkbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96186?format=json","vulnerability_id":"VCID-4mfm-zzrx-6ffb","summary":"ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the filter view via the filter[Id]. This vulnerability is fixed in 1.36.34 and 1.37.61.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43358","reference_id":"","reference_type":"","scores":[{"value":"0.01323","scoring_system":"epss","scoring_elements":"0.79972","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01323","scoring_system":"epss","scoring_elements":"0.79895","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01323","scoring_system":"epss","scoring_elements":"0.79888","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01323","scoring_system":"epss","scoring_elements":"0.79917","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01323","scoring_system":"epss","scoring_elements":"0.7992","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01323","scoring_system":"epss","scoring_elements":"0.79949","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01323","scoring_system":"epss","scoring_elements":"0.79955","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01323","scoring_system":"epss","scoring_elements":"0.79847","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01323","scoring_system":"epss","scoring_elements":"0.79868","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01323","scoring_system":"epss","scoring_elements":"0.79856","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01323","scoring_system":"epss","scoring_elements":"0.79885","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01323","scoring_system":"epss","scoring_elements":"0.79892","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01323","scoring_system":"epss","scoring_elements":"0.79912","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43358"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/commit/062cf568a33fb6a8604ec327b1de8bb2e0d1ff77","reference_id":"062cf568a33fb6a8604ec327b1de8bb2e0d1ff77","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T13:39:31Z/"}],"url":"https://github.com/ZoneMinder/zoneminder/commit/062cf568a33fb6a8604ec327b1de8bb2e0d1ff77"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/commit/4602cd0470a3b90b18bcc44b3c86d963872d1ba0","reference_id":"4602cd0470a3b90b18bcc44b3c86d963872d1ba0","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T13:39:31Z/"}],"url":"https://github.com/ZoneMinder/zoneminder/commit/4602cd0470a3b90b18bcc44b3c86d963872d1ba0"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-6rrw-66rf-6g5f","reference_id":"GHSA-6rrw-66rf-6g5f","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T13:39:31Z/"}],"url":"https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-6rrw-66rf-6g5f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994888?format=json","purl":"pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1"}],"aliases":["CVE-2024-43358"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4mfm-zzrx-6ffb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95450?format=json","vulnerability_id":"VCID-4qtk-7myx-vfcd","summary":"ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26035","reference_id":"","reference_type":"","scores":[{"value":"0.55722","scoring_system":"epss","scoring_elements":"0.98074","published_at":"2026-04-02T12:55:00Z"},{"value":"0.55722","scoring_system":"epss","scoring_elements":"0.98078","published_at":"2026-04-04T12:55:00Z"},{"value":"0.55722","scoring_system":"epss","scoring_elements":"0.98079","published_at":"2026-04-07T12:55:00Z"},{"value":"0.55722","scoring_system":"epss","scoring_elements":"0.98083","published_at":"2026-04-08T12:55:00Z"},{"value":"0.55722","scoring_system":"epss","scoring_elements":"0.98084","published_at":"2026-04-09T12:55:00Z"},{"value":"0.55722","scoring_system":"epss","scoring_elements":"0.98089","published_at":"2026-04-12T12:55:00Z"},{"value":"0.55722","scoring_system":"epss","scoring_elements":"0.9809","published_at":"2026-04-13T12:55:00Z"},{"value":"0.55722","scoring_system":"epss","scoring_elements":"0.98095","published_at":"2026-04-26T12:55:00Z"},{"value":"0.55722","scoring_system":"epss","scoring_elements":"0.98097","published_at":"2026-04-29T12:55:00Z"},{"value":"0.55722","scoring_system":"epss","scoring_elements":"0.98093","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26035"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994887?format=json","purl":"pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-mdkd-vmcp-afa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1"}],"aliases":["CVE-2023-26035"],"risk_score":1.0,"exploitability":"2.0","weighted_severity":"0.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4qtk-7myx-vfcd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95251?format=json","vulnerability_id":"VCID-7vc9-wfjb-t3ba","summary":"ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current \"tr\" \"td\" brackets. This then allows a malicious user to provide code that will execute when a user views the specific log on the \"view=log\" page. This vulnerability allows an attacker to store code within the logs that will be executed when loaded by a legitimate user. These actions will be performed with the permission of the victim. This could lead to data loss and/or further exploitation including account takeover. This issue has been addressed in versions `1.36.27` and `1.37.24`. Users are advised to upgrade. Users unable to upgrade should disable database logging.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39285","reference_id":"","reference_type":"","scores":[{"value":"0.01852","scoring_system":"epss","scoring_elements":"0.83085","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01852","scoring_system":"epss","scoring_elements":"0.83045","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01852","scoring_system":"epss","scoring_elements":"0.83044","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01852","scoring_system":"epss","scoring_elements":"0.83047","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01852","scoring_system":"epss","scoring_elements":"0.8307","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01852","scoring_system":"epss","scoring_elements":"0.83078","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01852","scoring_system":"epss","scoring_elements":"0.82959","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01852","scoring_system":"epss","scoring_elements":"0.82972","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01852","scoring_system":"epss","scoring_elements":"0.82969","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01852","scoring_system":"epss","scoring_elements":"0.82994","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01852","scoring_system":"epss","scoring_elements":"0.83001","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01852","scoring_system":"epss","scoring_elements":"0.83017","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01852","scoring_system":"epss","scoring_elements":"0.83011","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01852","scoring_system":"epss","scoring_elements":"0.83006","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39285"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39285","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39285"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565","reference_id":"1021565","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/commit/c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d","reference_id":"c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:49Z/"}],"url":"https://github.com/ZoneMinder/zoneminder/commit/c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51071.py","reference_id":"CVE-2022-39291;CVE-2022-39290;CVE-2022-39285","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51071.py"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/commit/d289eb48601a76e34feea3c1683955337b1fae59","reference_id":"d289eb48601a76e34feea3c1683955337b1fae59","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:49Z/"}],"url":"https://github.com/ZoneMinder/zoneminder/commit/d289eb48601a76e34feea3c1683955337b1fae59"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-h6xp-cvwv-q433","reference_id":"GHSA-h6xp-cvwv-q433","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:49Z/"}],"url":"https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-h6xp-cvwv-q433"},{"reference_url":"http://packetstormsecurity.com/files/171498/Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html","reference_id":"Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:49Z/"}],"url":"http://packetstormsecurity.com/files/171498/Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994887?format=json","purl":"pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-mdkd-vmcp-afa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1"}],"aliases":["CVE-2022-39285"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7vc9-wfjb-t3ba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95697?format=json","vulnerability_id":"VCID-7x51-uyq2-9qax","summary":"ZoneMinder is a free, open source Closed-circuit television software application. In WWW/AJAX/watch.php, Line: 51 takes a few parameter in sql query without sanitizing it which makes it vulnerable to sql injection. This vulnerability is fixed in 1.36.34.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-41884","reference_id":"","reference_type":"","scores":[{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58093","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.5814","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.5812","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58151","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58127","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58108","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58094","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58115","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.5809","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58144","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58148","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58163","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-41884"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41884","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41884"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/commit/677f6a31551f128554f7b0110a52fd76453a657a","reference_id":"677f6a31551f128554f7b0110a52fd76453a657a","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-13T17:33:59Z/"}],"url":"https://github.com/ZoneMinder/zoneminder/commit/677f6a31551f128554f7b0110a52fd76453a657a"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/commit/a194fe81d34c5eea2ab1dc18dc8df615fca634a6","reference_id":"a194fe81d34c5eea2ab1dc18dc8df615fca634a6","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-13T17:33:59Z/"}],"url":"https://github.com/ZoneMinder/zoneminder/commit/a194fe81d34c5eea2ab1dc18dc8df615fca634a6"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-2qp3-fwpv-mc96","reference_id":"GHSA-2qp3-fwpv-mc96","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-13T17:33:59Z/"}],"url":"https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-2qp3-fwpv-mc96"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994888?format=json","purl":"pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1"}],"aliases":["CVE-2023-41884"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7x51-uyq2-9qax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95454?format=json","vulnerability_id":"VCID-95ub-6q5w-p3cm","summary":"ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an OS Command Injection via daemonControl() in (/web/api/app/Controller/HostController.php). Any authenticated user can construct an api command to execute any shell command as the web user. This issue is patched in versions 1.36.33 and 1.37.33.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26039","reference_id":"","reference_type":"","scores":[{"value":"0.05839","scoring_system":"epss","scoring_elements":"0.90568","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05839","scoring_system":"epss","scoring_elements":"0.90572","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05839","scoring_system":"epss","scoring_elements":"0.90504","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05839","scoring_system":"epss","scoring_elements":"0.90514","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05839","scoring_system":"epss","scoring_elements":"0.9052","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05839","scoring_system":"epss","scoring_elements":"0.90533","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05839","scoring_system":"epss","scoring_elements":"0.90539","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05839","scoring_system":"epss","scoring_elements":"0.90547","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05839","scoring_system":"epss","scoring_elements":"0.90541","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05839","scoring_system":"epss","scoring_elements":"0.90559","published_at":"2026-04-16T12:55:00Z"},{"value":"0.05839","scoring_system":"epss","scoring_elements":"0.90558","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05839","scoring_system":"epss","scoring_elements":"0.90557","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05839","scoring_system":"epss","scoring_elements":"0.90571","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26039"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-44q8-h2pw-cc9g","reference_id":"GHSA-44q8-h2pw-cc9g","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:56:57Z/"}],"url":"https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-44q8-h2pw-cc9g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994887?format=json","purl":"pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-mdkd-vmcp-afa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1"}],"aliases":["CVE-2023-26039"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-95ub-6q5w-p3cm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95253?format=json","vulnerability_id":"VCID-9kh5-715y-pud4","summary":"ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CSRF key from the request. An attacker can take advantage of this by using an HTTP GET request to perform actions with no CSRF protection. This could allow an attacker to cause an authenticated user to perform unexpected actions on the web application. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39290","reference_id":"","reference_type":"","scores":[{"value":"0.04003","scoring_system":"epss","scoring_elements":"0.88464","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04003","scoring_system":"epss","scoring_elements":"0.88448","published_at":"2026-04-16T12:55:00Z"},{"value":"0.04003","scoring_system":"epss","scoring_elements":"0.88445","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04003","scoring_system":"epss","scoring_elements":"0.88459","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04003","scoring_system":"epss","scoring_elements":"0.88392","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04003","scoring_system":"epss","scoring_elements":"0.88401","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04003","scoring_system":"epss","scoring_elements":"0.88405","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04003","scoring_system":"epss","scoring_elements":"0.88425","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04003","scoring_system":"epss","scoring_elements":"0.88431","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04003","scoring_system":"epss","scoring_elements":"0.88442","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04003","scoring_system":"epss","scoring_elements":"0.88434","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04003","scoring_system":"epss","scoring_elements":"0.88433","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39290"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565","reference_id":"1021565","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/commit/c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d","reference_id":"c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:40:55Z/"}],"url":"https://github.com/ZoneMinder/zoneminder/commit/c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-xgv6-qv6c-399q","reference_id":"GHSA-xgv6-qv6c-399q","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:40:55Z/"}],"url":"https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-xgv6-qv6c-399q"},{"reference_url":"http://packetstormsecurity.com/files/171498/Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html","reference_id":"Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:40:55Z/"}],"url":"http://packetstormsecurity.com/files/171498/Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994887?format=json","purl":"pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-mdkd-vmcp-afa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1"}],"aliases":["CVE-2022-39290"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"7.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9kh5-715y-pud4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95449?format=json","vulnerability_id":"VCID-d117-rhnc-rkhf","summary":"ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are affected by a SQL Injection vulnerability. The (blind) SQL Injection vulnerability is present within the `filter[Query][terms][0][attr]` query string parameter of the  `/zm/index.php` endpoint. A user with the View or Edit permissions of Events may execute arbitrary SQL. The resulting impact can include unauthorized data access (and modification), authentication and/or authorization bypass, and remote code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26034","reference_id":"","reference_type":"","scores":[{"value":"0.02063","scoring_system":"epss","scoring_elements":"0.8398","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02063","scoring_system":"epss","scoring_elements":"0.83985","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02063","scoring_system":"epss","scoring_elements":"0.83947","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02063","scoring_system":"epss","scoring_elements":"0.83973","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02352","scoring_system":"epss","scoring_elements":"0.84891","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02352","scoring_system":"epss","scoring_elements":"0.8491","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02352","scoring_system":"epss","scoring_elements":"0.84842","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02352","scoring_system":"epss","scoring_elements":"0.84902","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02352","scoring_system":"epss","scoring_elements":"0.84924","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02352","scoring_system":"epss","scoring_elements":"0.84925","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02352","scoring_system":"epss","scoring_elements":"0.84908","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02352","scoring_system":"epss","scoring_elements":"0.8486","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02352","scoring_system":"epss","scoring_elements":"0.84861","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02352","scoring_system":"epss","scoring_elements":"0.84884","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26034","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26034"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-222j-wh8m-xjrx","reference_id":"GHSA-222j-wh8m-xjrx","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-10T21:00:55Z/"}],"url":"https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-222j-wh8m-xjrx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994887?format=json","purl":"pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-mdkd-vmcp-afa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1"}],"aliases":["CVE-2023-26034"],"risk_score":4.3,"exploitability":"0.5","weighted_severity":"8.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d117-rhnc-rkhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95451?format=json","vulnerability_id":"VCID-fyy1-fwys-xkbj","summary":"ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via /web/index.php. By controlling $view, any local file ending in .php can be executed. This is supposed to be mitigated by calling detaintPath, however dentaintPath does not properly sandbox the path. This can be exploited by constructing paths like \"..././\", which get replaced by \"../\". This issue is patched in versions 1.36.33 and 1.37.33.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26036","reference_id":"","reference_type":"","scores":[{"value":"0.00417","scoring_system":"epss","scoring_elements":"0.61791","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00417","scoring_system":"epss","scoring_elements":"0.61798","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00417","scoring_system":"epss","scoring_elements":"0.61699","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00417","scoring_system":"epss","scoring_elements":"0.61729","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00417","scoring_system":"epss","scoring_elements":"0.617","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00417","scoring_system":"epss","scoring_elements":"0.61749","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00417","scoring_system":"epss","scoring_elements":"0.61764","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00417","scoring_system":"epss","scoring_elements":"0.61786","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00417","scoring_system":"epss","scoring_elements":"0.61773","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00417","scoring_system":"epss","scoring_elements":"0.61754","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00417","scoring_system":"epss","scoring_elements":"0.61796","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00417","scoring_system":"epss","scoring_elements":"0.61802","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00417","scoring_system":"epss","scoring_elements":"0.61785","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00417","scoring_system":"epss","scoring_elements":"0.6178","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26036"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26036","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26036"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-h5m9-6jjc-cgmw","reference_id":"GHSA-h5m9-6jjc-cgmw","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-10T21:00:52Z/"}],"url":"https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-h5m9-6jjc-cgmw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994887?format=json","purl":"pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-mdkd-vmcp-afa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1"}],"aliases":["CVE-2023-26036"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fyy1-fwys-xkbj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95447?format=json","vulnerability_id":"VCID-j283-1m9p-13hn","summary":"ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 are vulnerable to Cross-site Scripting. Log entries can be injected into the database logs, containing a malicious referrer field.  This is unescaped when viewing the logs in the web ui. This issue is patched in version 1.36.33.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25825","reference_id":"","reference_type":"","scores":[{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53012","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53066","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53049","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53087","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53094","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53076","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53042","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53051","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.52996","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53021","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.52988","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53039","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53032","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53082","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25825"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25825","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25825"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/commit/4637eaf9ea530193e0897ec48899f5638bdd6d81","reference_id":"4637eaf9ea530193e0897ec48899f5638bdd6d81","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:53Z/"}],"url":"https://github.com/ZoneMinder/zoneminder/commit/4637eaf9ea530193e0897ec48899f5638bdd6d81"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/commit/57bf25d39f12d620693f26068b8441b4f3f0b6c0","reference_id":"57bf25d39f12d620693f26068b8441b4f3f0b6c0","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:53Z/"}],"url":"https://github.com/ZoneMinder/zoneminder/commit/57bf25d39f12d620693f26068b8441b4f3f0b6c0"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/commit/e1028c1d7f23cc1e0941b7b37bb6ae5a04364308","reference_id":"e1028c1d7f23cc1e0941b7b37bb6ae5a04364308","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:53Z/"}],"url":"https://github.com/ZoneMinder/zoneminder/commit/e1028c1d7f23cc1e0941b7b37bb6ae5a04364308"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-68vf-g4qm-jr6v","reference_id":"GHSA-68vf-g4qm-jr6v","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:53Z/"}],"url":"https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-68vf-g4qm-jr6v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994887?format=json","purl":"pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-mdkd-vmcp-afa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1"}],"aliases":["CVE-2023-25825"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"6.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j283-1m9p-13hn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95254?format=json","vulnerability_id":"VCID-jukn-h868-5ugm","summary":"ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with \"View\" system permissions to inject new data into the logs stored by Zoneminder. This was observed through an HTTP POST request containing log information to the \"/zm/index.php\" endpoint. Submission is not rate controlled and could affect database performance and/or consume all storage resources. Users are advised to upgrade. There are no known workarounds for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39291","reference_id":"","reference_type":"","scores":[{"value":"0.07382","scoring_system":"epss","scoring_elements":"0.91743","published_at":"2026-04-29T12:55:00Z"},{"value":"0.07382","scoring_system":"epss","scoring_elements":"0.9172","published_at":"2026-04-08T12:55:00Z"},{"value":"0.07382","scoring_system":"epss","scoring_elements":"0.91727","published_at":"2026-04-13T12:55:00Z"},{"value":"0.07382","scoring_system":"epss","scoring_elements":"0.9173","published_at":"2026-04-11T12:55:00Z"},{"value":"0.07382","scoring_system":"epss","scoring_elements":"0.91732","published_at":"2026-04-12T12:55:00Z"},{"value":"0.07382","scoring_system":"epss","scoring_elements":"0.91748","published_at":"2026-04-16T12:55:00Z"},{"value":"0.07382","scoring_system":"epss","scoring_elements":"0.91741","published_at":"2026-04-18T12:55:00Z"},{"value":"0.07382","scoring_system":"epss","scoring_elements":"0.91742","published_at":"2026-04-21T12:55:00Z"},{"value":"0.07382","scoring_system":"epss","scoring_elements":"0.91747","published_at":"2026-04-24T12:55:00Z"},{"value":"0.07382","scoring_system":"epss","scoring_elements":"0.91745","published_at":"2026-04-26T12:55:00Z"},{"value":"0.07382","scoring_system":"epss","scoring_elements":"0.91694","published_at":"2026-04-02T12:55:00Z"},{"value":"0.07382","scoring_system":"epss","scoring_elements":"0.91699","published_at":"2026-04-04T12:55:00Z"},{"value":"0.07382","scoring_system":"epss","scoring_elements":"0.91707","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39291"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565","reference_id":"1021565","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4","reference_id":"34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:43Z/"}],"url":"https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/commit/73d9f2482cdcb238506388798d3cf92546f9e40c","reference_id":"73d9f2482cdcb238506388798d3cf92546f9e40c","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:43Z/"}],"url":"https://github.com/ZoneMinder/zoneminder/commit/73d9f2482cdcb238506388798d3cf92546f9e40c"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/commit/cb3fc5907da21a5111ae54128a5d0b49ae755e9b","reference_id":"cb3fc5907da21a5111ae54128a5d0b49ae755e9b","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:43Z/"}],"url":"https://github.com/ZoneMinder/zoneminder/commit/cb3fc5907da21a5111ae54128a5d0b49ae755e9b"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/commit/de2866f9574a2bf2690276fad53c91d607825408","reference_id":"de2866f9574a2bf2690276fad53c91d607825408","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:43Z/"}],"url":"https://github.com/ZoneMinder/zoneminder/commit/de2866f9574a2bf2690276fad53c91d607825408"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-cfcx-v52x-jh74","reference_id":"GHSA-cfcx-v52x-jh74","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:43Z/"}],"url":"https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-cfcx-v52x-jh74"},{"reference_url":"http://packetstormsecurity.com/files/171498/Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html","reference_id":"Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:43Z/"}],"url":"http://packetstormsecurity.com/files/171498/Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994887?format=json","purl":"pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-mdkd-vmcp-afa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1"}],"aliases":["CVE-2022-39291"],"risk_score":9.8,"exploitability":"2.0","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jukn-h868-5ugm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95140?format=json","vulnerability_id":"VCID-kk5d-y2z8-r3g2","summary":"ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29806","reference_id":"","reference_type":"","scores":[{"value":"0.70724","scoring_system":"epss","scoring_elements":"0.9871","published_at":"2026-04-29T12:55:00Z"},{"value":"0.77125","scoring_system":"epss","scoring_elements":"0.98962","published_at":"2026-04-04T12:55:00Z"},{"value":"0.77125","scoring_system":"epss","scoring_elements":"0.98964","published_at":"2026-04-07T12:55:00Z"},{"value":"0.77125","scoring_system":"epss","scoring_elements":"0.98966","published_at":"2026-04-09T12:55:00Z"},{"value":"0.77125","scoring_system":"epss","scoring_elements":"0.98967","published_at":"2026-04-11T12:55:00Z"},{"value":"0.77125","scoring_system":"epss","scoring_elements":"0.9896","published_at":"2026-04-02T12:55:00Z"},{"value":"0.77125","scoring_system":"epss","scoring_elements":"0.9897","published_at":"2026-04-18T12:55:00Z"},{"value":"0.77125","scoring_system":"epss","scoring_elements":"0.98971","published_at":"2026-04-21T12:55:00Z"},{"value":"0.77125","scoring_system":"epss","scoring_elements":"0.98975","published_at":"2026-04-24T12:55:00Z"},{"value":"0.77125","scoring_system":"epss","scoring_elements":"0.98977","published_at":"2026-04-26T12:55:00Z"},{"value":"0.77125","scoring_system":"epss","scoring_elements":"0.98968","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29806"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29806","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29806"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994887?format=json","purl":"pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-mdkd-vmcp-afa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1"}],"aliases":["CVE-2022-29806"],"risk_score":1.4,"exploitability":"2.0","weighted_severity":"0.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kk5d-y2z8-r3g2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96188?format=json","vulnerability_id":"VCID-mdkd-vmcp-afa8","summary":"ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43360","reference_id":"","reference_type":"","scores":[{"value":"0.62094","scoring_system":"epss","scoring_elements":"0.98339","published_at":"2026-04-04T12:55:00Z"},{"value":"0.62094","scoring_system":"epss","scoring_elements":"0.98337","published_at":"2026-04-02T12:55:00Z"},{"value":"0.62094","scoring_system":"epss","scoring_elements":"0.9835","published_at":"2026-04-13T12:55:00Z"},{"value":"0.62094","scoring_system":"epss","scoring_elements":"0.98347","published_at":"2026-04-09T12:55:00Z"},{"value":"0.62094","scoring_system":"epss","scoring_elements":"0.98341","published_at":"2026-04-07T12:55:00Z"},{"value":"0.63252","scoring_system":"epss","scoring_elements":"0.98405","published_at":"2026-04-21T12:55:00Z"},{"value":"0.63252","scoring_system":"epss","scoring_elements":"0.9841","published_at":"2026-04-29T12:55:00Z"},{"value":"0.63252","scoring_system":"epss","scoring_elements":"0.98409","published_at":"2026-04-24T12:55:00Z"},{"value":"0.63252","scoring_system":"epss","scoring_elements":"0.98407","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43360"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/commit/677f6a31551f128554f7b0110a52fd76453a657a","reference_id":"677f6a31551f128554f7b0110a52fd76453a657a","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-15T18:53:18Z/"}],"url":"https://github.com/ZoneMinder/zoneminder/commit/677f6a31551f128554f7b0110a52fd76453a657a"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/commit/a194fe81d34c5eea2ab1dc18dc8df615fca634a6","reference_id":"a194fe81d34c5eea2ab1dc18dc8df615fca634a6","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-15T18:53:18Z/"}],"url":"https://github.com/ZoneMinder/zoneminder/commit/a194fe81d34c5eea2ab1dc18dc8df615fca634a6"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/commit/bb07118118e23b5670c2c18be8be2cc6b8529397","reference_id":"bb07118118e23b5670c2c18be8be2cc6b8529397","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-15T18:53:18Z/"}],"url":"https://github.com/ZoneMinder/zoneminder/commit/bb07118118e23b5670c2c18be8be2cc6b8529397"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/commit/de8f387207e9c506e8e8007eda725741a25601c5","reference_id":"de8f387207e9c506e8e8007eda725741a25601c5","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-15T18:53:18Z/"}],"url":"https://github.com/ZoneMinder/zoneminder/commit/de8f387207e9c506e8e8007eda725741a25601c5"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-9cmr-7437-v9fj","reference_id":"GHSA-9cmr-7437-v9fj","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-15T18:53:18Z/"}],"url":"https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-9cmr-7437-v9fj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994888?format=json","purl":"pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1"}],"aliases":["CVE-2024-43360"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mdkd-vmcp-afa8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95453?format=json","vulnerability_id":"VCID-mk5h-586t-pyga","summary":"ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via web/ajax/modal.php, where an arbitrary php file path can be passed in the request and loaded. This issue is patched in versions 1.36.33 and 1.37.33.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26038","reference_id":"","reference_type":"","scores":[{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48089","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48144","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48124","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48145","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48095","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48148","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48143","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48167","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.4814","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48151","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48203","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48198","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48154","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48133","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26038","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26038"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-wrx3-r8c4-r24w","reference_id":"GHSA-wrx3-r8c4-r24w","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:50Z/"}],"url":"https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-wrx3-r8c4-r24w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994887?format=json","purl":"pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-mdkd-vmcp-afa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1"}],"aliases":["CVE-2023-26038"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mk5h-586t-pyga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95448?format=json","vulnerability_id":"VCID-n8y3-5fb9-kucb","summary":"ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain SQL Injection via malicious jason web token. The Username field of the JWT token was trusted when performing an SQL query to load the user.  If an attacker could determine the HASH key used by ZoneMinder, they could generate a malicious JWT token and use it to execute arbitrary SQL. This issue is fixed in versions 1.36.33 and 1.37.33.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26032","reference_id":"","reference_type":"","scores":[{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72415","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72419","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72287","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72306","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72283","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72322","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72334","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72357","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.7234","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72328","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.7237","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72379","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72367","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.7241","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26032"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26032","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26032"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-6c72-q9mw-mwx9","reference_id":"GHSA-6c72-q9mw-mwx9","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-10T20:57:37Z/"}],"url":"https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-6c72-q9mw-mwx9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994887?format=json","purl":"pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-mdkd-vmcp-afa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1"}],"aliases":["CVE-2023-26032"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n8y3-5fb9-kucb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95452?format=json","vulnerability_id":"VCID-tyu6-8h17-8yh5","summary":"ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be used execute arbitrary SQL. This issue is fixed in versions 1.36.33 and 1.37.33.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26037","reference_id":"","reference_type":"","scores":[{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72415","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72419","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72287","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72306","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72283","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72322","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72334","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72357","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.7234","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72328","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.7237","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72379","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72367","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.7241","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26037"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26037","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26037"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-65jp-2hj3-3733","reference_id":"GHSA-65jp-2hj3-3733","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-10T20:57:34Z/"}],"url":"https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-65jp-2hj3-3733"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994887?format=json","purl":"pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-mdkd-vmcp-afa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1"}],"aliases":["CVE-2023-26037"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tyu6-8h17-8yh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95252?format=json","vulnerability_id":"VCID-uybk-r4q9-gyac","summary":"ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as possible. Users unable to upgrade should disable database logging.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39289","reference_id":"","reference_type":"","scores":[{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58978","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58975","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.5901","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58992","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58947","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58969","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58936","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58987","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58993","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.59013","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58994","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39289"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39289","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39289"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565","reference_id":"1021565","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4","reference_id":"34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:36:54Z/"}],"url":"https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-mpcx-3gvh-9488","reference_id":"GHSA-mpcx-3gvh-9488","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:36:54Z/"}],"url":"https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-mpcx-3gvh-9488"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994887?format=json","purl":"pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-mdkd-vmcp-afa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1"}],"aliases":["CVE-2022-39289"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uybk-r4q9-gyac"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94237?format=json","vulnerability_id":"VCID-11zt-rw3z-87gx","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view download (download.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7333","reference_id":"","reference_type":"","scores":[{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58029","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58044","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57943","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.5805","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58025","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.5808","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58083","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.581","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58077","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58056","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58087","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58064","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.5803","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7333"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7333","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7333"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2441","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2441"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7333","reference_id":"CVE-2019-7333","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7333"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7333"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-11zt-rw3z-87gx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94256?format=json","vulnerability_id":"VCID-23ug-uzth-tybf","summary":"Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'state' (aka Run State) (state.php) does no input validation to the value supplied to the 'New State' (aka newState) field, allowing an attacker to execute HTML or JavaScript code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7352","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55738","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55761","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55661","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55772","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55795","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55775","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55826","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55829","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55837","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55818","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.558","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55838","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55842","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55744","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7352"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2475","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2475"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7352","reference_id":"CVE-2019-7352","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7352"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7352"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-23ug-uzth-tybf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94278?format=json","vulnerability_id":"VCID-35hj-x1e2-eug1","summary":"ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8428","reference_id":"","reference_type":"","scores":[{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.5578","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55805","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55707","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.5582","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55843","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55821","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55872","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55875","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55885","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55865","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55846","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55882","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55887","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.5586","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55787","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8428"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8428","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8428"},{"reference_url":"https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#skinsclassicviewscontrolphp-line-35-second-order-sqli","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#skinsclassicviewscontrolphp-line-35-second-order-sqli"},{"reference_url":"https://www.seebug.org/vuldb/ssvid-97765","reference_id":"","reference_type":"","scores":[],"url":"https://www.seebug.org/vuldb/ssvid-97765"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-8428","reference_id":"CVE-2019-8428","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-8428"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-8428"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-35hj-x1e2-eug1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94249?format=json","vulnerability_id":"VCID-3zrk-nztf-nqfd","summary":"Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'options' (options.php) does no input validation for the WEB_TITLE, HOME_URL, HOME_CONTENT, or WEB_CONSOLE_BANNER value, allowing an attacker to execute HTML or JavaScript code. This relates to functions.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7345","reference_id":"","reference_type":"","scores":[{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46423","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46443","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46374","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46415","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46435","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46383","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46439","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46463","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46434","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46444","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46501","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46498","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7345"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7345","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7345"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2468","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2468"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7345","reference_id":"CVE-2019-7345","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:N/I:P/A:N"},{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7345"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7345"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3zrk-nztf-nqfd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94229?format=json","vulnerability_id":"VCID-4zbd-b8b7-tfa4","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as multiple views under web/skins/classic/views insecurely utilize $_REQUEST['PHP_SELF'], without applying any proper filtration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7325","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55738","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56013","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55914","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55935","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55949","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.5597","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55948","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55999","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56002","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55837","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55993","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55975","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56011","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56014","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55988","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7325"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7325","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7325"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2450","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2450"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7325","reference_id":"CVE-2019-7325","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7325"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7325"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4zbd-b8b7-tfa4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94240?format=json","vulnerability_id":"VCID-5ba3-bxk1-pbht","summary":"Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view _monitor_filters.php contains takes in input from the user and saves it into the session, and retrieves it later (insecurely). The values of the MonitorName and Source parameters are being displayed without any output filtration being applied. This relates to the view=cycle value.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7336","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55738","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55761","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55661","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55772","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55795","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55775","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55826","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55829","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55837","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55818","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.558","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55838","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55842","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55744","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7336"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7336","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7336"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2457","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2457"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7336","reference_id":"CVE-2019-7336","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7336"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7336"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5ba3-bxk1-pbht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93217?format=json","vulnerability_id":"VCID-694p-mbsg-e7f6","summary":"Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, which allows a remote attacker to execute malicious scripts within an authenticated client's browser. The URL is /zm/index.php and sample parameters could include action=login&view=postlogin[XSS] view=console[XSS] view=groups[XSS] view=events&filter[terms][1][cnj]=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=[XSS]and view=events&limit=1%22%3E%3C/a%3E[XSS] (among others).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5367","reference_id":"","reference_type":"","scores":[{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65556","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65604","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65634","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.656","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65652","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65664","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65684","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.6567","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65641","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65676","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65689","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65672","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65687","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65699","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65698","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5367"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5367","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5367"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854733","reference_id":"854733","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854733"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2017-5367"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-694p-mbsg-e7f6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94246?format=json","vulnerability_id":"VCID-6mdb-h6fb-c7d6","summary":"POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[AutoExecuteCmd]' parameter value in the view filter (filter.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7342","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.5564","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55664","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55561","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55673","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55695","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55674","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55725","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55728","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55737","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55717","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.557","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.5574","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55744","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55722","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55647","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7342"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7342","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7342"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2461","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2461"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7342","reference_id":"CVE-2019-7342","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7342"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7342"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6mdb-h6fb-c7d6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94247?format=json","vulnerability_id":"VCID-6xnz-k4kg-eqhd","summary":"Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[Method]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7343","reference_id":"","reference_type":"","scores":[{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58029","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58044","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57943","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.5805","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58025","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.5808","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58083","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.581","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58077","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58056","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58087","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58064","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.5803","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7343"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7343","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7343"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2464","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2464"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7343","reference_id":"CVE-2019-7343","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7343"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7343"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6xnz-k4kg-eqhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94244?format=json","vulnerability_id":"VCID-7x1r-12y1-ekfk","summary":"POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[Query][terms][0][val]' parameter value in the view filter (filter.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7340","reference_id":"","reference_type":"","scores":[{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58029","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58044","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57943","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.5805","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58025","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.5808","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58083","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.581","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58077","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58056","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58087","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58064","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.5803","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7340"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7340","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7340"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2462","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2462"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7340","reference_id":"CVE-2019-7340","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7340"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7340"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7x1r-12y1-ekfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94235?format=json","vulnerability_id":"VCID-8uu9-g2r8-nyep","summary":"Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 while editing an existing monitor field named \"signal check color\" (monitor.php). There exists no input validation or output filtration, leaving it vulnerable to HTML Injection and an XSS attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7331","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55738","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56013","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55914","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55935","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55949","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.5597","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55948","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55999","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56002","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55837","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55993","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55975","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56011","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56014","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55988","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7331"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7331","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7331"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2451","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2451"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7331","reference_id":"CVE-2019-7331","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7331"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7331"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8uu9-g2r8-nyep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94216?format=json","vulnerability_id":"VCID-8vh1-pk4c-63hz","summary":"A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a crafted Zone NAME to the index.php?view=zones&action=zoneImage&mid=1 URI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6990","reference_id":"","reference_type":"","scores":[{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49482","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50567","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50501","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.5051","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50495","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50522","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50475","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50529","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50526","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50438","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50544","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50573","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50577","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50555","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6990"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6990","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6990"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/commit/a3e8fd4fd5b579865f35aac3b964bc78d5b7a94a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/commit/a3e8fd4fd5b579865f35aac3b964bc78d5b7a94a"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2444","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2444"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921001","reference_id":"921001","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921001"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6990","reference_id":"CVE-2019-6990","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:N/I:P/A:N"},{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6990"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-6990"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8vh1-pk4c-63hz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93433?format=json","vulnerability_id":"VCID-9rr3-tdb4-1kdm","summary":"ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000832","reference_id":"","reference_type":"","scores":[{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92151","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92158","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92164","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92167","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92179","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92182","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92187","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92188","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92184","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92194","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92196","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92199","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.922","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92198","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000832"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000832","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000832"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917024","reference_id":"917024","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917024"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2018-1000832"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9rr3-tdb4-1kdm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93303?format=json","vulnerability_id":"VCID-aqfu-4m9a-hbd4","summary":"A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data (postLoginQuery) passed to the \"ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7203","reference_id":"","reference_type":"","scores":[{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51666","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51706","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51622","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51673","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51698","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51659","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51713","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51709","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51758","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51736","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.5172","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51761","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51767","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51747","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.517","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7203","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7203"},{"reference_url":"https://github.com/ZoneMinder/ZoneMinder/issues/1797","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/ZoneMinder/issues/1797"},{"reference_url":"http://www.securityfocus.com/bid/97001","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97001"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858329","reference_id":"858329","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858329"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.30.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:1.30.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.30.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7203","reference_id":"CVE-2017-7203","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7203"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2017-7203"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aqfu-4m9a-hbd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94214?format=json","vulnerability_id":"VCID-cccj-wgfh-3fg4","summary":"An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in web/skins/classic/views/plugin.php via the zm/index.php?view=plugin pl parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6777","reference_id":"","reference_type":"","scores":[{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53703","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53899","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53874","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53885","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53819","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53846","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53871","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53868","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53916","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53799","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53883","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53921","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53926","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53907","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6777"},{"reference_url":"https://github.com/mnoorenberghe/ZoneMinder/commit/59cc65411f02c7e39a270fda3ecb4966d7b48d41","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mnoorenberghe/ZoneMinder/commit/59cc65411f02c7e39a270fda3ecb4966d7b48d41"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2436","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2436"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920375","reference_id":"920375","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920375"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.32.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:1.32.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.32.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6777","reference_id":"CVE-2019-6777","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6777"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-6777"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cccj-wgfh-3fg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94232?format=json","vulnerability_id":"VCID-dk87-j5dz-6bed","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) via /js/frame.js.php because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7328","reference_id":"","reference_type":"","scores":[{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58029","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58258","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58225","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58203","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58189","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58209","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58182","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58236","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58241","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58104","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58235","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58216","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58247","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.5825","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7328"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7328","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7328"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2449","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2449"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7328","reference_id":"CVE-2019-7328","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7328"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7328"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dk87-j5dz-6bed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93221?format=json","vulnerability_id":"VCID-dp5c-4aaa-uyaq","summary":"A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile(), which allows an authenticated attacker to read local system files (e.g., /etc/passwd) in the context of the web server user (www-data). The attack vector is a .. (dot dot) in the path parameter within a zm/index.php?view=file&path= request.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5595","reference_id":"","reference_type":"","scores":[{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43164","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43221","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43249","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43188","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43239","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43251","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43273","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43241","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43225","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43286","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43275","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.4321","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43145","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43147","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43067","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5595"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5595","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5595"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854733","reference_id":"854733","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854733"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2017-5595"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dp5c-4aaa-uyaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94217?format=json","vulnerability_id":"VCID-dpp2-3t2d-d3e4","summary":"A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6991","reference_id":"","reference_type":"","scores":[{"value":"0.05263","scoring_system":"epss","scoring_elements":"0.9002","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90023","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.9003","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90047","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.89975","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.89987","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.89993","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90008","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90014","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.89973","published_at":"2026-04-01T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90022","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90016","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90031","published_at":"2026-04-16T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90032","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6991"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2478","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2478"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/pull/2482","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/pull/2482"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921000","reference_id":"921000","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921000"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6991","reference_id":"CVE-2019-6991","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6991"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-6991"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dpp2-3t2d-d3e4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94236?format=json","vulnerability_id":"VCID-dz5v-tqce-a7ew","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'eid' (aka Event ID) parameter value in the view download (download.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7332","reference_id":"","reference_type":"","scores":[{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58029","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58258","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58225","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58203","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58189","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58209","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58182","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58236","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58241","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58104","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58235","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58216","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58247","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.5825","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7332"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7332","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7332"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2442","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2442"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7332","reference_id":"CVE-2019-7332","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7332"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7332"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dz5v-tqce-a7ew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94239?format=json","vulnerability_id":"VCID-edec-sj6n-n7d7","summary":"Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'log' as it insecurely prints the 'Log Message' value on the web page without applying any proper filtration. This relates to the view=logs value.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7335","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55738","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55761","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55661","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55772","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55795","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55775","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55826","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55829","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55837","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55818","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.558","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55838","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55842","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55744","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7335"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7335","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7335"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2453","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2453"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7335","reference_id":"CVE-2019-7335","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7335"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7335"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-edec-sj6n-n7d7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92837?format=json","vulnerability_id":"VCID-f9wt-f98j-ekeh","summary":"Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the path info to index.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10202","reference_id":"","reference_type":"","scores":[{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50914","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50968","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50993","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50951","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51008","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51004","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51047","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51026","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51009","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51046","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51053","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51031","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50978","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50986","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50947","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10202"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10202","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10202"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272","reference_id":"854272","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2016-10202"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f9wt-f98j-ekeh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94243?format=json","vulnerability_id":"VCID-fnhr-cs7k-gkeu","summary":"POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter value in the view log (log.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7339","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55738","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55761","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55661","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55772","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55795","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55775","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55826","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55829","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55837","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55818","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.558","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55838","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55842","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55744","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7339"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7339","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7339"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2460","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2460"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7339","reference_id":"CVE-2019-7339","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7339"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7339"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fnhr-cs7k-gkeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94218?format=json","vulnerability_id":"VCID-g1r5-fbsj-n3dr","summary":"A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6992","reference_id":"","reference_type":"","scores":[{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53728","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53932","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53889","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53901","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53833","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53861","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53835","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53887","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53885","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53814","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53914","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53898","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53936","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53942","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53922","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6992"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6992","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6992"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/commit/8c5687ca308e441742725e0aff9075779fa1a498","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/commit/8c5687ca308e441742725e0aff9075779fa1a498"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2445","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2445"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920999","reference_id":"920999","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920999"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6992","reference_id":"CVE-2019-6992","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6992"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-6992"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g1r5-fbsj-n3dr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93954?format=json","vulnerability_id":"VCID-hpah-sv5y-8bde","summary":"Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13072","reference_id":"","reference_type":"","scores":[{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49438","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49466","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49493","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49446","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49501","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49496","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49513","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49485","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49488","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49534","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49533","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49503","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49457","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13072"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13072","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13072"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-13072"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hpah-sv5y-8bde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94245?format=json","vulnerability_id":"VCID-jmdh-m4ty-gqch","summary":"Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[LinkedMonitors]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7341","reference_id":"","reference_type":"","scores":[{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58029","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58044","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57943","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.5805","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58025","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.5808","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58083","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.581","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58077","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58056","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58087","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58064","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.5803","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7341"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7341","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7341"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2463","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2463"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7341","reference_id":"CVE-2019-7341","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7341"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7341"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jmdh-m4ty-gqch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94230?format=json","vulnerability_id":"VCID-kgpe-97pr-suee","summary":"Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Host' parameter value in the view console (console.php) because proper filtration is omitted. This relates to the index.php?view=monitor Host Name field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7326","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55738","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56013","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55914","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55935","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55949","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.5597","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55948","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55999","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56002","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55837","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55993","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55975","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56011","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56014","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55988","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7326"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7326","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7326"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2452","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2452"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7326","reference_id":"CVE-2019-7326","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7326"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7326"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kgpe-97pr-suee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92830?format=json","vulnerability_id":"VCID-mx9e-1cur-mqfz","summary":"Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated attacker to browse all directories in the web root, e.g., a remote unauthenticated attacker can view all CCTV images on the server via the /events URI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10140","reference_id":"","reference_type":"","scores":[{"value":"0.34242","scoring_system":"epss","scoring_elements":"0.96951","published_at":"2026-04-01T12:55:00Z"},{"value":"0.34242","scoring_system":"epss","scoring_elements":"0.96958","published_at":"2026-04-02T12:55:00Z"},{"value":"0.34242","scoring_system":"epss","scoring_elements":"0.96963","published_at":"2026-04-04T12:55:00Z"},{"value":"0.34242","scoring_system":"epss","scoring_elements":"0.96966","published_at":"2026-04-07T12:55:00Z"},{"value":"0.34242","scoring_system":"epss","scoring_elements":"0.96974","published_at":"2026-04-08T12:55:00Z"},{"value":"0.34242","scoring_system":"epss","scoring_elements":"0.96975","published_at":"2026-04-09T12:55:00Z"},{"value":"0.34242","scoring_system":"epss","scoring_elements":"0.96978","published_at":"2026-04-11T12:55:00Z"},{"value":"0.34242","scoring_system":"epss","scoring_elements":"0.96979","published_at":"2026-04-12T12:55:00Z"},{"value":"0.34242","scoring_system":"epss","scoring_elements":"0.9698","published_at":"2026-04-13T12:55:00Z"},{"value":"0.34242","scoring_system":"epss","scoring_elements":"0.96988","published_at":"2026-04-16T12:55:00Z"},{"value":"0.34242","scoring_system":"epss","scoring_elements":"0.96991","published_at":"2026-04-18T12:55:00Z"},{"value":"0.34242","scoring_system":"epss","scoring_elements":"0.96993","published_at":"2026-04-21T12:55:00Z"},{"value":"0.34242","scoring_system":"epss","scoring_elements":"0.96994","published_at":"2026-04-24T12:55:00Z"},{"value":"0.34242","scoring_system":"epss","scoring_elements":"0.96996","published_at":"2026-04-26T12:55:00Z"},{"value":"0.34242","scoring_system":"epss","scoring_elements":"0.96998","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10140"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10140","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10140"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851710","reference_id":"851710","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851710"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2016-10140"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mx9e-1cur-mqfz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94251?format=json","vulnerability_id":"VCID-p916-xnk3-rkce","summary":"A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated user even after deletion from the users table. This allows a nonexistent user to access and modify records (add/delete Monitors, Users, etc.).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7347","reference_id":"","reference_type":"","scores":[{"value":"0.00534","scoring_system":"epss","scoring_elements":"0.67445","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00534","scoring_system":"epss","scoring_elements":"0.67434","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00534","scoring_system":"epss","scoring_elements":"0.67313","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00534","scoring_system":"epss","scoring_elements":"0.67349","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00534","scoring_system":"epss","scoring_elements":"0.67372","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00534","scoring_system":"epss","scoring_elements":"0.6735","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00534","scoring_system":"epss","scoring_elements":"0.67401","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00534","scoring_system":"epss","scoring_elements":"0.67414","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00534","scoring_system":"epss","scoring_elements":"0.67435","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00534","scoring_system":"epss","scoring_elements":"0.67423","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00534","scoring_system":"epss","scoring_elements":"0.67389","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00534","scoring_system":"epss","scoring_elements":"0.67425","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00534","scoring_system":"epss","scoring_elements":"0.67436","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7347"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7347","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7347"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2476","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2476"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7347","reference_id":"CVE-2019-7347","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:P/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7347"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7347"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p916-xnk3-rkce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94233?format=json","vulnerability_id":"VCID-pr1z-g8aw-tqez","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $_SERVER['PHP_SELF'] insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7329","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.5564","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55973","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55896","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55916","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55929","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55951","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.5598","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55983","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55993","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55817","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55955","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55991","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55994","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55969","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7329"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2446","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2446"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7329","reference_id":"CVE-2019-7329","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7329"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7329"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pr1z-g8aw-tqez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94234?format=json","vulnerability_id":"VCID-qn8h-k43x-p7cs","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'show' parameter value in the view frame (frame.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7330","reference_id":"","reference_type":"","scores":[{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58029","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58258","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58225","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58203","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58189","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58209","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58182","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58236","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58241","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58104","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58235","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58216","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58247","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.5825","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7330"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2448","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2448"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7330","reference_id":"CVE-2019-7330","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7330"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7330"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qn8h-k43x-p7cs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94276?format=json","vulnerability_id":"VCID-qs2j-ektc-2kf9","summary":"skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8426","reference_id":"","reference_type":"","scores":[{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55896","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.5592","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55821","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55933","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55955","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55984","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55987","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55997","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55977","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55959","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55995","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55998","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55973","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.559","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8426"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8426","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8426"},{"reference_url":"https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#skinsclassicviewscontrolcapphp-reflected-xss","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#skinsclassicviewscontrolcapphp-reflected-xss"},{"reference_url":"https://www.seebug.org/vuldb/ssvid-97766","reference_id":"","reference_type":"","scores":[],"url":"https://www.seebug.org/vuldb/ssvid-97766"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-8426","reference_id":"CVE-2019-8426","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-8426"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-8426"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qs2j-ektc-2kf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94242?format=json","vulnerability_id":"VCID-qxmt-szsx-y7a8","summary":"Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'group' as it insecurely prints the 'Group Name' value on the web page without applying any proper filtration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7338","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55738","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55761","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55661","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55772","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55795","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55775","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55826","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55829","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55837","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55818","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.558","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55838","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55842","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55744","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7338"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7338","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7338"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2454","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2454"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7338","reference_id":"CVE-2019-7338","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7338"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7338"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qxmt-szsx-y7a8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94252?format=json","vulnerability_id":"VCID-qxtk-taxx-1kde","summary":"Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username' parameter value in the view user (user.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7348","reference_id":"","reference_type":"","scores":[{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51734","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.5177","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51688","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51738","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51764","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51725","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51779","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51776","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51826","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51805","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.5179","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51832","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51839","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.5182","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7348"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7348","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7348"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2467","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2467"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7348","reference_id":"CVE-2019-7348","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7348"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7348"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qxtk-taxx-1kde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94516?format=json","vulnerability_id":"VCID-r3pj-815v-uubu","summary":"Cross Site Scripting (XSS) vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate privileges, and obtain sensitive information via PHP_SELF component in classic/views/download.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25730","reference_id":"","reference_type":"","scores":[{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48797","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48815","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48846","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48776","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.4884","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48795","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48849","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48845","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48861","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48835","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48844","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48893","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.4889","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48837","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25730"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25730","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25730"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/commit/9268db14a79c4ccd444c2bf8d24e62b13207b413","reference_id":"9268db14a79c4ccd444c2bf8d24e62b13207b413","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-04T15:46:50Z/"}],"url":"https://github.com/ZoneMinder/zoneminder/commit/9268db14a79c4ccd444c2bf8d24e62b13207b413"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2020-25730"],"risk_score":3.7,"exploitability":"0.5","weighted_severity":"7.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r3pj-815v-uubu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92838?format=json","vulnerability_id":"VCID-r4zz-6j52-cue5","summary":"Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10203","reference_id":"","reference_type":"","scores":[{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55467","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55579","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55603","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55581","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55633","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55636","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55645","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55624","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55607","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55648","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55628","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55555","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55573","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55547","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10203","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10203"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272","reference_id":"854272","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2016-10203"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r4zz-6j52-cue5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93434?format=json","vulnerability_id":"VCID-r751-csse-zuaq","summary":"ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000833","reference_id":"","reference_type":"","scores":[{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83503","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83515","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83529","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.8353","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83554","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83563","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83578","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83572","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83568","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83602","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83603","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83627","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83634","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83638","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000833"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917024","reference_id":"917024","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917024"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2018-1000833"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r751-csse-zuaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93218?format=json","vulnerability_id":"VCID-rdyb-mgsn-gyb5","summary":"ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF (Cross Site Request Forgery) which allows a remote attack to make changes to the web application as the current logged in victim. If the victim visits a malicious web page, the attacker can silently and automatically create a new admin user within the web application for remote persistence and further attacks. The URL is /zm/index.php and sample parameters could include action=user uid=0 newUser[Username]=attacker1 newUser[Password]=Password1234 conf_password=Password1234 newUser[System]=Edit (among others).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5368","reference_id":"","reference_type":"","scores":[{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.4257","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42641","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42669","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.4261","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42661","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42673","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42696","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.4266","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42643","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42703","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42689","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42626","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.4255","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42466","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5368"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5368","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5368"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854733","reference_id":"854733","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854733"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2017-5368"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rdyb-mgsn-gyb5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92840?format=json","vulnerability_id":"VCID-sdf7-gmgd-pkf8","summary":"Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10205","reference_id":"","reference_type":"","scores":[{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.72953","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.72965","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.72984","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.7296","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.72997","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.73011","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.73036","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.73015","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.73008","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.7305","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.7306","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.73052","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.73092","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.73103","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.731","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10205"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10205","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10205"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272","reference_id":"854272","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2016-10205"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sdf7-gmgd-pkf8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94241?format=json","vulnerability_id":"VCID-t5fd-hvgs-sue7","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 as the view 'events' (events.php) insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader() in functions.php, which insecurely returns the value of the limit query string parameter without applying any filtration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7337","reference_id":"","reference_type":"","scores":[{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55146","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55154","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55074","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55175","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55199","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55174","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55223","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55235","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55216","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55197","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55236","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55239","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55219","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7337"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7337","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7337"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2456","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2456"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7337","reference_id":"CVE-2019-7337","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:N/I:P/A:N"},{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7337"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7337"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t5fd-hvgs-sue7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94253?format=json","vulnerability_id":"VCID-ug2b-2eg5-jfbb","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[V4LCapturesPerFrame]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7349","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55738","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55761","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55661","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55772","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55795","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55775","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55826","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55829","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55837","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55818","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.558","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55838","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55842","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55744","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7349"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7349","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7349"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2465","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2465"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7349","reference_id":"CVE-2019-7349","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7349"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7349"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ug2b-2eg5-jfbb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94248?format=json","vulnerability_id":"VCID-ukjs-5za3-xqdb","summary":"Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'filter' as it insecurely prints the 'filter[Name]' (aka Filter name) value on the web page without applying any proper filtration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7344","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55738","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55761","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55661","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55772","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55795","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55775","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55826","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55829","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55837","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55818","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.558","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55838","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55842","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55744","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7344"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7344","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7344"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2455","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2455"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7344","reference_id":"CVE-2019-7344","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7344"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7344"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ukjs-5za3-xqdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94274?format=json","vulnerability_id":"VCID-v56x-raf9-kydq","summary":"ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8424","reference_id":"","reference_type":"","scores":[{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.5578","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55805","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55707","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.5582","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55843","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55821","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55872","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55875","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55885","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55865","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55846","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55882","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55887","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.5586","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55787","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8424"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8424","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8424"},{"reference_url":"https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#ajaxstatusphp-line-276-orderby-sql-injection","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#ajaxstatusphp-line-276-orderby-sql-injection"},{"reference_url":"https://www.seebug.org/vuldb/ssvid-97763","reference_id":"","reference_type":"","scores":[],"url":"https://www.seebug.org/vuldb/ssvid-97763"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-8424","reference_id":"CVE-2019-8424","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-8424"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-8424"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v56x-raf9-kydq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92839?format=json","vulnerability_id":"VCID-w96c-3tde-d7b1","summary":"SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10204","reference_id":"","reference_type":"","scores":[{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53376","published_at":"2026-04-24T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53389","published_at":"2026-04-26T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53351","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66702","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66751","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66766","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66785","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66663","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66743","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66777","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.6679","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66775","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66772","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66704","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66729","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10204"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10204","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10204"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272","reference_id":"854272","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2016-10204"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w96c-3tde-d7b1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94231?format=json","vulnerability_id":"VCID-wdng-puzu-5kah","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7327","reference_id":"","reference_type":"","scores":[{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58029","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58258","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58225","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58203","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58189","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58209","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58182","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58236","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58241","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58104","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58235","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58216","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58247","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.5825","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7327"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7327","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7327"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2447","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2447"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7327","reference_id":"CVE-2019-7327","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7327"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7327"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wdng-puzu-5kah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94250?format=json","vulnerability_id":"VCID-xj45-xv47-ruhe","summary":"A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a \"Try again\" button, which allows resending the failed request, making the CSRF attack successful.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7346","reference_id":"","reference_type":"","scores":[{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.38845","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.38926","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39065","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.3925","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39273","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39192","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39247","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39263","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39274","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39236","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39218","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39271","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39241","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39153","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.38945","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7346"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7346","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7346"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2469","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2469"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7346","reference_id":"CVE-2019-7346","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7346"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7346"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xj45-xv47-ruhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94238?format=json","vulnerability_id":"VCID-y3vt-x7b1-4yer","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view export (export.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7334","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55738","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55761","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55661","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55772","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55795","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55775","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55826","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55829","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55837","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55818","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.558","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55838","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55842","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55744","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7334"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7334","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7334"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2443","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2443"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7334","reference_id":"CVE-2019-7334","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7334"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7334"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y3vt-x7b1-4yer"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92836?format=json","vulnerability_id":"VCID-ys4w-ngmr-mbh9","summary":"Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10201","reference_id":"","reference_type":"","scores":[{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50914","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50968","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50993","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50951","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51008","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51004","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51047","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51026","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51009","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51046","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51053","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51031","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50978","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50986","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50947","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10201"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272","reference_id":"854272","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2016-10201"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ys4w-ngmr-mbh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94515?format=json","vulnerability_id":"VCID-yxpy-5fmj-cbb7","summary":"ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25729","reference_id":"","reference_type":"","scores":[{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67069","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67106","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.6713","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67104","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67154","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67167","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67186","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67172","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67141","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67175","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67189","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67169","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.6719","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67202","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67201","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25729"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25729","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25729"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2020-25729"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yxpy-5fmj-cbb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92841?format=json","vulnerability_id":"VCID-zu3w-apm5-8bdw","summary":"Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10206","reference_id":"","reference_type":"","scores":[{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32517","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32666","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32702","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32523","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.3257","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32596","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32598","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32561","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32533","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32548","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32516","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32347","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32231","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32146","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10206"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10206","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10206"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272","reference_id":"854272","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2016-10206"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zu3w-apm5-8bdw"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}