📦 Zabbix

This CVE describes a JavaScript string encoding vulnerability in the HttpRequest object that allows attackers to create specially crafted strings that can access hidden object properties. This affects...

This CVE describes an SQL injection vulnerability in Zabbix's CUser class that allows non-admin users with API access to execute arbitrary SQL queries. Any Zabbix installation with users having defaul...

CVE-2024-36461 is a critical memory corruption vulnerability in Zabbix's JavaScript engine that allows authenticated users to directly modify memory pointers. This could lead to arbitrary code executi...

This critical vulnerability allows administrators with restricted permissions to execute arbitrary code via the Ping script in Zabbix monitoring systems. Attackers can exploit improper input escaping ...

CVE-2024-22120 is a SQL injection vulnerability in Zabbix server's audit logging functionality. Attackers can inject malicious SQL through the unsanitized 'clientip' field when scripts are executed, p...

CVE-2023-32722 is a critical buffer overflow vulnerability in Zabbix's JSON parsing module that allows remote code execution when processing malicious JSON files. This affects Zabbix servers and proxi...

CVE-2023-32724 is a critical memory corruption vulnerability in Zabbix's Ducktape object that allows attackers to directly access and manipulate memory pointers. This can lead to arbitrary code execut...

This vulnerability allows unauthenticated attackers to modify session data and escalate privileges to admin access in Zabbix Frontend when SAML SSO authentication is enabled. It affects Zabbix instanc...

A SQL injection vulnerability in Zabbix allows authenticated low-privilege users with API access to execute arbitrary SQL commands via the groupBy parameter. This affects Zabbix installations where re...

This vulnerability allows authenticated users with API access to escalate their privileges by adding themselves to any group, including administrative groups like Zabbix Administrators. It affects Zab...

This vulnerability in Zabbix's front-end audit log allows unauthorized viewing of plaintext passwords. Attackers with access to the audit log interface can see user passwords in clear text. This affec...

CVE-2023-32721 is a stored cross-site scripting (XSS) vulnerability in Zabbix's web application that allows attackers to inject malicious scripts into map URL fields when spaces precede the URL. This ...

This vulnerability allows attackers to exploit JavaScript pre-processing in Zabbix Server or Proxy to gain read-only file system access under the 'zabbix' user account. This can lead to unauthorized a...

This vulnerability allows authenticated Zabbix administrators to execute arbitrary shell commands on the Zabbix server, leading to full system compromise. It affects Zabbix monitoring systems running ...

This CVE describes an authorization bypass vulnerability in Zabbix where regular users without proper permissions can still access the problem viewing functionality. This allows unauthorized users to ...

A Zabbix API vulnerability allows authenticated users to search other users in their group and access restricted field values they shouldn't have permission to view. This enables data mining of sensit...

This CVE describes a reflected Cross-Site Scripting (XSS) vulnerability in Zabbix's /zabbix.php endpoint that allows attackers to inject malicious JavaScript via the backurl parameter. When exploited,...

A use-after-free vulnerability in Zabbix's browser.c es_browser_get_variant function could allow memory corruption. This affects Zabbix installations where the vulnerable component is accessible, pote...

This vulnerability in Zabbix's JavaScript implementation allows attackers to manipulate the atob function to create arbitrary strings and access internal object properties. This affects Zabbix web fro...

This CVE describes an information disclosure vulnerability in Zabbix where unauthenticated users can access host statistics through the System Information Widget. This affects Zabbix installations wit...