Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/994887?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/994887?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1", "type": "deb", "namespace": "debian", "name": "zoneminder", "version": "1.36.33+dfsg1-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.36.35+dfsg1-1", "latest_non_vulnerable_version": "1.36.35+dfsg1-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96187?format=api", "vulnerability_id": "VCID-3xuk-942c-kkbf", "summary": "ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the montagereview via the displayinterval, speed, and scale parameters. This vulnerability is fixed in 1.36.34 and 1.37.61.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43359", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49497", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49564", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49535", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49525", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.4949", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49408", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49468", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49499", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49526", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49478", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49533", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49529", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49546", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49518", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.4952", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49567", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43359" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/commit/6cc64dddff6144a98680f65ecf8dc249028431af", "reference_id": "6cc64dddff6144a98680f65ecf8dc249028431af", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-13T17:03:34Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/commit/6cc64dddff6144a98680f65ecf8dc249028431af" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/commit/b51c5df0cb869ca48fccfc6e6fd7c19bf717ecd2", "reference_id": "b51c5df0cb869ca48fccfc6e6fd7c19bf717ecd2", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-13T17:03:34Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/commit/b51c5df0cb869ca48fccfc6e6fd7c19bf717ecd2" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-pjjm-3qxp-6hj8", "reference_id": "GHSA-pjjm-3qxp-6hj8", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-13T17:03:34Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-pjjm-3qxp-6hj8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994888?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1" } ], "aliases": [ "CVE-2024-43359" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3xuk-942c-kkbf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96186?format=api", "vulnerability_id": "VCID-4mfm-zzrx-6ffb", "summary": "ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the filter view via the filter[Id]. This vulnerability is fixed in 1.36.34 and 1.37.61.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43358", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01323", "scoring_system": "epss", "scoring_elements": "0.80023", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01323", "scoring_system": "epss", "scoring_elements": "0.7992", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01323", "scoring_system": "epss", "scoring_elements": "0.79949", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01323", "scoring_system": "epss", "scoring_elements": "0.79955", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01323", "scoring_system": "epss", "scoring_elements": "0.79972", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01323", "scoring_system": "epss", "scoring_elements": "0.79986", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01323", "scoring_system": "epss", "scoring_elements": "0.80009", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01323", "scoring_system": "epss", "scoring_elements": "0.79847", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01323", "scoring_system": "epss", "scoring_elements": "0.79868", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01323", "scoring_system": "epss", "scoring_elements": "0.79856", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01323", "scoring_system": "epss", "scoring_elements": "0.79885", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01323", "scoring_system": "epss", "scoring_elements": "0.79892", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01323", "scoring_system": "epss", "scoring_elements": "0.79912", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01323", "scoring_system": "epss", "scoring_elements": "0.79895", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01323", "scoring_system": "epss", "scoring_elements": "0.79888", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01323", "scoring_system": "epss", "scoring_elements": "0.79917", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43358" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/commit/062cf568a33fb6a8604ec327b1de8bb2e0d1ff77", "reference_id": "062cf568a33fb6a8604ec327b1de8bb2e0d1ff77", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T13:39:31Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/commit/062cf568a33fb6a8604ec327b1de8bb2e0d1ff77" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/commit/4602cd0470a3b90b18bcc44b3c86d963872d1ba0", "reference_id": "4602cd0470a3b90b18bcc44b3c86d963872d1ba0", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T13:39:31Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/commit/4602cd0470a3b90b18bcc44b3c86d963872d1ba0" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-6rrw-66rf-6g5f", "reference_id": "GHSA-6rrw-66rf-6g5f", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T13:39:31Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-6rrw-66rf-6g5f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994888?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1" } ], "aliases": [ "CVE-2024-43358" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4mfm-zzrx-6ffb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95697?format=api", "vulnerability_id": "VCID-7x51-uyq2-9qax", "summary": "ZoneMinder is a free, open source Closed-circuit television software application. In WWW/AJAX/watch.php, Line: 51 takes a few parameter in sql query without sanitizing it which makes it vulnerable to sql injection. This vulnerability is fixed in 1.36.34.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-41884", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58157", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58127", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58108", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58093", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58054", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58095", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58094", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58115", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.5809", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58144", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58148", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58163", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.5814", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.5812", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58151", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-41884" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41884", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41884" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/commit/677f6a31551f128554f7b0110a52fd76453a657a", "reference_id": "677f6a31551f128554f7b0110a52fd76453a657a", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-13T17:33:59Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/commit/677f6a31551f128554f7b0110a52fd76453a657a" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/commit/a194fe81d34c5eea2ab1dc18dc8df615fca634a6", "reference_id": "a194fe81d34c5eea2ab1dc18dc8df615fca634a6", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-13T17:33:59Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/commit/a194fe81d34c5eea2ab1dc18dc8df615fca634a6" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-2qp3-fwpv-mc96", "reference_id": "GHSA-2qp3-fwpv-mc96", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-13T17:33:59Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-2qp3-fwpv-mc96" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994888?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1" } ], "aliases": [ "CVE-2023-41884" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7x51-uyq2-9qax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96188?format=api", "vulnerability_id": "VCID-mdkd-vmcp-afa8", "summary": "ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43360", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.62094", "scoring_system": "epss", "scoring_elements": "0.98337", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.62094", "scoring_system": "epss", "scoring_elements": "0.9835", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.62094", "scoring_system": "epss", "scoring_elements": "0.98347", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.62094", "scoring_system": "epss", "scoring_elements": "0.98341", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.62094", "scoring_system": "epss", "scoring_elements": "0.98339", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.63252", "scoring_system": "epss", "scoring_elements": "0.98418", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.63252", "scoring_system": "epss", "scoring_elements": "0.98407", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.63252", "scoring_system": "epss", "scoring_elements": "0.98405", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.63252", "scoring_system": "epss", "scoring_elements": "0.98409", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.63252", "scoring_system": "epss", "scoring_elements": "0.9841", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.63252", "scoring_system": "epss", "scoring_elements": "0.98414", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.63252", "scoring_system": "epss", "scoring_elements": "0.98415", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43360" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/commit/677f6a31551f128554f7b0110a52fd76453a657a", "reference_id": "677f6a31551f128554f7b0110a52fd76453a657a", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-15T18:53:18Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/commit/677f6a31551f128554f7b0110a52fd76453a657a" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/commit/a194fe81d34c5eea2ab1dc18dc8df615fca634a6", "reference_id": "a194fe81d34c5eea2ab1dc18dc8df615fca634a6", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-15T18:53:18Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/commit/a194fe81d34c5eea2ab1dc18dc8df615fca634a6" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/commit/bb07118118e23b5670c2c18be8be2cc6b8529397", "reference_id": "bb07118118e23b5670c2c18be8be2cc6b8529397", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-15T18:53:18Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/commit/bb07118118e23b5670c2c18be8be2cc6b8529397" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/commit/de8f387207e9c506e8e8007eda725741a25601c5", "reference_id": "de8f387207e9c506e8e8007eda725741a25601c5", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-15T18:53:18Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/commit/de8f387207e9c506e8e8007eda725741a25601c5" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-9cmr-7437-v9fj", "reference_id": "GHSA-9cmr-7437-v9fj", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-15T18:53:18Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-9cmr-7437-v9fj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994888?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1" } ], "aliases": [ "CVE-2024-43360" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mdkd-vmcp-afa8" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95450?format=api", "vulnerability_id": "VCID-4qtk-7myx-vfcd", "summary": "ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-26035", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.55722", "scoring_system": "epss", "scoring_elements": "0.98074", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.55722", "scoring_system": "epss", "scoring_elements": "0.98078", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.55722", "scoring_system": "epss", "scoring_elements": "0.98079", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.55722", "scoring_system": "epss", "scoring_elements": "0.98083", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.55722", "scoring_system": "epss", "scoring_elements": "0.98084", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.55722", "scoring_system": "epss", "scoring_elements": "0.98089", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.55722", "scoring_system": "epss", "scoring_elements": "0.9809", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.55722", "scoring_system": "epss", "scoring_elements": "0.98095", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.55722", "scoring_system": "epss", "scoring_elements": "0.98097", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.55722", "scoring_system": "epss", "scoring_elements": "0.98093", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.55722", "scoring_system": "epss", "scoring_elements": "0.98104", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.55722", "scoring_system": "epss", "scoring_elements": "0.98102", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.55722", "scoring_system": "epss", "scoring_elements": "0.98105", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-26035" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26035", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26035" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994887?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1" } ], "aliases": [ "CVE-2023-26035" ], "risk_score": 1.0, "exploitability": "2.0", "weighted_severity": "0.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4qtk-7myx-vfcd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95251?format=api", "vulnerability_id": "VCID-7vc9-wfjb-t3ba", "summary": "ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current \"tr\" \"td\" brackets. This then allows a malicious user to provide code that will execute when a user views the specific log on the \"view=log\" page. This vulnerability allows an attacker to store code within the logs that will be executed when loaded by a legitimate user. These actions will be performed with the permission of the victim. This could lead to data loss and/or further exploitation including account takeover. This issue has been addressed in versions `1.36.27` and `1.37.24`. Users are advised to upgrade. Users unable to upgrade should disable database logging.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-39285", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01852", "scoring_system": "epss", "scoring_elements": "0.8315", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01852", "scoring_system": "epss", "scoring_elements": "0.8307", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01852", "scoring_system": "epss", "scoring_elements": "0.83078", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01852", "scoring_system": "epss", "scoring_elements": "0.83085", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01852", "scoring_system": "epss", "scoring_elements": "0.83108", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01852", "scoring_system": "epss", "scoring_elements": "0.83129", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01852", "scoring_system": "epss", "scoring_elements": "0.82959", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01852", "scoring_system": "epss", "scoring_elements": "0.82972", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01852", "scoring_system": "epss", "scoring_elements": "0.82969", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01852", "scoring_system": "epss", "scoring_elements": "0.82994", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01852", "scoring_system": "epss", "scoring_elements": "0.83001", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01852", "scoring_system": "epss", "scoring_elements": "0.83017", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01852", "scoring_system": "epss", "scoring_elements": "0.83011", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01852", "scoring_system": "epss", "scoring_elements": "0.83006", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01852", "scoring_system": "epss", "scoring_elements": "0.83045", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01852", "scoring_system": "epss", "scoring_elements": "0.83044", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01852", "scoring_system": "epss", "scoring_elements": "0.83047", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-39285" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39285", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39285" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565", "reference_id": "1021565", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/commit/c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d", "reference_id": "c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:49Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/commit/c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51071.py", "reference_id": "CVE-2022-39291;CVE-2022-39290;CVE-2022-39285", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51071.py" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/commit/d289eb48601a76e34feea3c1683955337b1fae59", "reference_id": "d289eb48601a76e34feea3c1683955337b1fae59", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:49Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/commit/d289eb48601a76e34feea3c1683955337b1fae59" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-h6xp-cvwv-q433", "reference_id": "GHSA-h6xp-cvwv-q433", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:49Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-h6xp-cvwv-q433" }, { "reference_url": "http://packetstormsecurity.com/files/171498/Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html", "reference_id": "Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:49Z/" } ], "url": "http://packetstormsecurity.com/files/171498/Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994887?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1" } ], "aliases": [ "CVE-2022-39285" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7vc9-wfjb-t3ba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95454?format=api", "vulnerability_id": "VCID-95ub-6q5w-p3cm", "summary": "ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an OS Command Injection via daemonControl() in (/web/api/app/Controller/HostController.php). Any authenticated user can construct an api command to execute any shell command as the web user. This issue is patched in versions 1.36.33 and 1.37.33.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-26039", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05839", "scoring_system": "epss", "scoring_elements": "0.9061", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.05839", "scoring_system": "epss", "scoring_elements": "0.90598", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.05839", "scoring_system": "epss", "scoring_elements": "0.90504", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05839", "scoring_system": "epss", "scoring_elements": "0.90514", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05839", "scoring_system": "epss", "scoring_elements": "0.9052", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05839", "scoring_system": "epss", "scoring_elements": "0.90533", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05839", "scoring_system": "epss", "scoring_elements": "0.90539", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05839", "scoring_system": "epss", "scoring_elements": "0.90547", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05839", "scoring_system": "epss", "scoring_elements": "0.90541", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05839", "scoring_system": "epss", "scoring_elements": "0.90559", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.05839", "scoring_system": "epss", "scoring_elements": "0.90558", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.05839", "scoring_system": "epss", "scoring_elements": "0.90557", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.05839", "scoring_system": "epss", "scoring_elements": "0.90571", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.05839", "scoring_system": "epss", "scoring_elements": "0.90572", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.05839", "scoring_system": "epss", "scoring_elements": "0.90568", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.05839", "scoring_system": "epss", "scoring_elements": "0.9058", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-26039" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26039", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26039" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-44q8-h2pw-cc9g", "reference_id": "GHSA-44q8-h2pw-cc9g", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:56:57Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-44q8-h2pw-cc9g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994887?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1" } ], "aliases": [ "CVE-2023-26039" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-95ub-6q5w-p3cm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95253?format=api", "vulnerability_id": "VCID-9kh5-715y-pud4", "summary": "ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CSRF key from the request. An attacker can take advantage of this by using an HTTP GET request to perform actions with no CSRF protection. This could allow an attacker to cause an authenticated user to perform unexpected actions on the web application. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-39290", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04003", "scoring_system": "epss", "scoring_elements": "0.88506", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.04003", "scoring_system": "epss", "scoring_elements": "0.88464", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.04003", "scoring_system": "epss", "scoring_elements": "0.88476", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.04003", "scoring_system": "epss", "scoring_elements": "0.88492", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.04003", "scoring_system": "epss", "scoring_elements": "0.88392", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04003", "scoring_system": "epss", "scoring_elements": "0.88401", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04003", "scoring_system": "epss", "scoring_elements": "0.88405", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04003", "scoring_system": "epss", "scoring_elements": "0.88425", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04003", "scoring_system": "epss", "scoring_elements": "0.88431", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04003", "scoring_system": "epss", "scoring_elements": "0.88442", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.04003", "scoring_system": "epss", "scoring_elements": "0.88434", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04003", "scoring_system": "epss", "scoring_elements": "0.88433", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04003", "scoring_system": "epss", "scoring_elements": "0.88448", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.04003", "scoring_system": "epss", "scoring_elements": "0.88445", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.04003", "scoring_system": "epss", "scoring_elements": "0.88459", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-39290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39290", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39290" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565", "reference_id": "1021565", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/commit/c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d", "reference_id": "c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:40:55Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/commit/c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-xgv6-qv6c-399q", "reference_id": "GHSA-xgv6-qv6c-399q", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:40:55Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-xgv6-qv6c-399q" }, { "reference_url": "http://packetstormsecurity.com/files/171498/Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html", "reference_id": "Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:40:55Z/" } ], "url": "http://packetstormsecurity.com/files/171498/Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994887?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1" } ], "aliases": [ "CVE-2022-39290" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "7.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9kh5-715y-pud4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95449?format=api", "vulnerability_id": "VCID-d117-rhnc-rkhf", "summary": "ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are affected by a SQL Injection vulnerability. The (blind) SQL Injection vulnerability is present within the `filter[Query][terms][0][attr]` query string parameter of the `/zm/index.php` endpoint. A user with the View or Edit permissions of Events may execute arbitrary SQL. The resulting impact can include unauthorized data access (and modification), authentication and/or authorization bypass, and remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-26034", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02063", "scoring_system": "epss", "scoring_elements": "0.84029", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.02063", "scoring_system": "epss", "scoring_elements": "0.84046", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.02063", "scoring_system": "epss", "scoring_elements": "0.83947", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02063", "scoring_system": "epss", "scoring_elements": "0.83973", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02063", "scoring_system": "epss", "scoring_elements": "0.8398", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.02063", "scoring_system": "epss", "scoring_elements": "0.83985", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02063", "scoring_system": "epss", "scoring_elements": "0.84007", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.02352", "scoring_system": "epss", "scoring_elements": "0.84842", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02352", "scoring_system": "epss", "scoring_elements": "0.84924", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02352", "scoring_system": "epss", "scoring_elements": "0.84925", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02352", "scoring_system": "epss", "scoring_elements": "0.84902", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02352", "scoring_system": "epss", "scoring_elements": "0.8486", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02352", "scoring_system": "epss", "scoring_elements": "0.84861", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02352", "scoring_system": "epss", "scoring_elements": "0.84884", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02352", "scoring_system": "epss", "scoring_elements": "0.84891", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02352", "scoring_system": "epss", "scoring_elements": "0.8491", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02352", "scoring_system": "epss", "scoring_elements": "0.84908", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-26034" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26034", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26034" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-222j-wh8m-xjrx", "reference_id": "GHSA-222j-wh8m-xjrx", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-10T21:00:55Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-222j-wh8m-xjrx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994887?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1" } ], "aliases": [ "CVE-2023-26034" ], "risk_score": 4.3, "exploitability": "0.5", "weighted_severity": "8.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d117-rhnc-rkhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95451?format=api", "vulnerability_id": "VCID-fyy1-fwys-xkbj", "summary": "ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via /web/index.php. By controlling $view, any local file ending in .php can be executed. This is supposed to be mitigated by calling detaintPath, however dentaintPath does not properly sandbox the path. This can be exploited by constructing paths like \"..././\", which get replaced by \"../\". This issue is patched in versions 1.36.33 and 1.37.33.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-26036", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.61844", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.61781", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.61699", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.61729", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.617", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.61749", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.61764", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.61786", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.61773", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.61754", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.61796", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.61802", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.61785", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.6178", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.61798", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.61791", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.61734", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-26036" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26036", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26036" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-h5m9-6jjc-cgmw", "reference_id": "GHSA-h5m9-6jjc-cgmw", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-10T21:00:52Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-h5m9-6jjc-cgmw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994887?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1" } ], "aliases": [ "CVE-2023-26036" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fyy1-fwys-xkbj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95447?format=api", "vulnerability_id": "VCID-j283-1m9p-13hn", "summary": "ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 are vulnerable to Cross-site Scripting. Log entries can be injected into the database logs, containing a malicious referrer field. This is unescaped when viewing the logs in the web ui. This issue is patched in version 1.36.33.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25825", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53054", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53094", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53076", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53042", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53051", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53012", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.52962", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53013", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.52996", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53021", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.52988", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53039", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53032", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53082", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53066", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53049", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53087", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25825" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25825", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25825" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/commit/4637eaf9ea530193e0897ec48899f5638bdd6d81", "reference_id": "4637eaf9ea530193e0897ec48899f5638bdd6d81", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:53Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/commit/4637eaf9ea530193e0897ec48899f5638bdd6d81" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/commit/57bf25d39f12d620693f26068b8441b4f3f0b6c0", "reference_id": "57bf25d39f12d620693f26068b8441b4f3f0b6c0", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:53Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/commit/57bf25d39f12d620693f26068b8441b4f3f0b6c0" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/commit/e1028c1d7f23cc1e0941b7b37bb6ae5a04364308", "reference_id": "e1028c1d7f23cc1e0941b7b37bb6ae5a04364308", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:53Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/commit/e1028c1d7f23cc1e0941b7b37bb6ae5a04364308" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-68vf-g4qm-jr6v", "reference_id": "GHSA-68vf-g4qm-jr6v", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:53Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-68vf-g4qm-jr6v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994887?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1" } ], "aliases": [ "CVE-2023-25825" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "6.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j283-1m9p-13hn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95254?format=api", "vulnerability_id": "VCID-jukn-h868-5ugm", "summary": "ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with \"View\" system permissions to inject new data into the logs stored by Zoneminder. This was observed through an HTTP POST request containing log information to the \"/zm/index.php\" endpoint. Submission is not rate controlled and could affect database performance and/or consume all storage resources. Users are advised to upgrade. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-39291", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07382", "scoring_system": "epss", "scoring_elements": "0.91778", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.07382", "scoring_system": "epss", "scoring_elements": "0.91732", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.07382", "scoring_system": "epss", "scoring_elements": "0.91748", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.07382", "scoring_system": "epss", "scoring_elements": "0.91741", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.07382", "scoring_system": "epss", "scoring_elements": "0.91742", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.07382", "scoring_system": "epss", "scoring_elements": "0.91747", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.07382", "scoring_system": "epss", "scoring_elements": "0.91745", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.07382", "scoring_system": "epss", "scoring_elements": "0.91743", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.07382", "scoring_system": "epss", "scoring_elements": "0.91756", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.07382", "scoring_system": "epss", "scoring_elements": "0.91768", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.07382", "scoring_system": "epss", "scoring_elements": "0.91694", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.07382", "scoring_system": "epss", "scoring_elements": "0.91699", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.07382", "scoring_system": "epss", "scoring_elements": "0.91707", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.07382", "scoring_system": "epss", "scoring_elements": "0.9172", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.07382", "scoring_system": "epss", "scoring_elements": "0.91727", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.07382", "scoring_system": "epss", "scoring_elements": "0.9173", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-39291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39291" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565", "reference_id": "1021565", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4", "reference_id": "34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:43Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/commit/73d9f2482cdcb238506388798d3cf92546f9e40c", "reference_id": "73d9f2482cdcb238506388798d3cf92546f9e40c", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:43Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/commit/73d9f2482cdcb238506388798d3cf92546f9e40c" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/commit/cb3fc5907da21a5111ae54128a5d0b49ae755e9b", "reference_id": "cb3fc5907da21a5111ae54128a5d0b49ae755e9b", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:43Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/commit/cb3fc5907da21a5111ae54128a5d0b49ae755e9b" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/commit/de2866f9574a2bf2690276fad53c91d607825408", "reference_id": "de2866f9574a2bf2690276fad53c91d607825408", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:43Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/commit/de2866f9574a2bf2690276fad53c91d607825408" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-cfcx-v52x-jh74", "reference_id": "GHSA-cfcx-v52x-jh74", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:43Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-cfcx-v52x-jh74" }, { "reference_url": "http://packetstormsecurity.com/files/171498/Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html", "reference_id": "Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:43Z/" } ], "url": "http://packetstormsecurity.com/files/171498/Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994887?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1" } ], "aliases": [ "CVE-2022-39291" ], "risk_score": 9.8, "exploitability": "2.0", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jukn-h868-5ugm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95140?format=api", "vulnerability_id": "VCID-kk5d-y2z8-r3g2", "summary": "ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29806", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.70724", "scoring_system": "epss", "scoring_elements": "0.9871", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.70724", "scoring_system": "epss", "scoring_elements": "0.98713", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.70724", "scoring_system": "epss", "scoring_elements": "0.98716", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.77125", "scoring_system": "epss", "scoring_elements": "0.98966", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.77125", "scoring_system": "epss", "scoring_elements": "0.98967", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.77125", "scoring_system": "epss", "scoring_elements": "0.98968", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.77125", "scoring_system": "epss", "scoring_elements": "0.9896", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.77125", "scoring_system": "epss", "scoring_elements": "0.98971", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.77125", "scoring_system": "epss", "scoring_elements": "0.98975", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.77125", "scoring_system": "epss", "scoring_elements": "0.98977", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.77125", "scoring_system": "epss", "scoring_elements": "0.9897", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.77125", "scoring_system": "epss", "scoring_elements": "0.98962", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.77125", "scoring_system": "epss", "scoring_elements": "0.98964", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29806" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29806", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29806" }, { "reference_url": "https://usn.ubuntu.com/5889-1/", "reference_id": "USN-5889-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5889-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994887?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1" } ], "aliases": [ "CVE-2022-29806" ], "risk_score": 1.4, "exploitability": "2.0", "weighted_severity": "0.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kk5d-y2z8-r3g2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95453?format=api", "vulnerability_id": "VCID-mk5h-586t-pyga", "summary": "ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via web/ajax/modal.php, where an arbitrary php file path can be passed in the request and loaded. This issue is patched in versions 1.36.33 and 1.37.33.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-26038", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48098", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48075", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48124", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48145", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48095", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48148", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48143", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48167", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.4814", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48151", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48203", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48198", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48154", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48133", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48144", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48089", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48009", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-26038" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26038", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26038" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-wrx3-r8c4-r24w", "reference_id": "GHSA-wrx3-r8c4-r24w", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:50Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-wrx3-r8c4-r24w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994887?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1" } ], "aliases": [ "CVE-2023-26038" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mk5h-586t-pyga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95448?format=api", "vulnerability_id": "VCID-n8y3-5fb9-kucb", "summary": "ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain SQL Injection via malicious jason web token. The Username field of the JWT token was trusted when performing an SQL query to load the user. If an attacker could determine the HASH key used by ZoneMinder, they could generate a malicious JWT token and use it to execute arbitrary SQL. This issue is fixed in versions 1.36.33 and 1.37.33.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-26032", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.72461", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.72435", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.72287", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.72306", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.72283", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.72322", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.72334", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.72357", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.7234", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.72328", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.7237", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.72379", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.72367", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.7241", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.72419", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.72415", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.72406", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-26032" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26032", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26032" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-6c72-q9mw-mwx9", "reference_id": "GHSA-6c72-q9mw-mwx9", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-10T20:57:37Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-6c72-q9mw-mwx9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994887?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1" } ], "aliases": [ "CVE-2023-26032" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n8y3-5fb9-kucb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95452?format=api", "vulnerability_id": "VCID-tyu6-8h17-8yh5", "summary": "ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be used execute arbitrary SQL. This issue is fixed in versions 1.36.33 and 1.37.33.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-26037", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.72461", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.72435", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.72287", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.72306", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.72283", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.72322", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.72334", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.72357", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.7234", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.72328", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.7237", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.72379", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.72367", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.7241", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.72419", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.72415", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.72406", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-26037" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26037", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26037" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-65jp-2hj3-3733", "reference_id": "GHSA-65jp-2hj3-3733", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-10T20:57:34Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-65jp-2hj3-3733" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994887?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1" } ], "aliases": [ "CVE-2023-26037" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tyu6-8h17-8yh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95252?format=api", "vulnerability_id": "VCID-uybk-r4q9-gyac", "summary": "ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as possible. Users unable to upgrade should disable database logging.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-39289", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.59044", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.58992", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.58978", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.58938", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.58947", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.58969", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.58936", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.58987", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.58993", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.59013", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.58994", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.58975", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.5901", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-39289" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39289", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39289" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565", "reference_id": "1021565", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4", "reference_id": "34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:36:54Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-mpcx-3gvh-9488", "reference_id": "GHSA-mpcx-3gvh-9488", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:36:54Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-mpcx-3gvh-9488" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994887?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1" } ], "aliases": [ "CVE-2022-39289" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uybk-r4q9-gyac" } ], "risk_score": "4.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1" }