Lucene search
K

2075 matches found

Nuclei
Nuclei
added yesterday75 views

Zabbix - SQL Injection

Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggleids array parameter in latest.php and perform SQL injection attacks. id: CVE-2016-10134 info: name: Zabbix - SQL Injection author: princechaddha severity: critical description: Zabbix...

9.8CVSS7.3AI score0.83284EPSS
Exploits24References5
Nuclei
Nuclei
added yesterday68 views

Zabbix <=4.4 - Authentication Bypass

Zabbix through 4.4 is susceptible to an authentication bypass vulnerability via zabbix.php?action=dashboard.view&dashboardid=1. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password i.e., anonymously...

9.1CVSS7AI score0.5415EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday101 views

Grafana & Zabbix Integration - Credentials Disclosure

Grafana through 7.3.4, when integrated with Zabbix, contains a credential disclosure vulnerability. The Zabbix password can be found in the apijsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search...

9.8CVSS7AI score0.53439EPSS
Exploits1References5
Nuclei
Nuclei
added 3 days ago65 views

Zabbix Setup Configuration Authentication Bypass

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators but also by unauthenticated users. A malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend. id: CVE-2022-23134 info: name: Zabbix Setup...

5.3CVSS6.8AI score0.84657EPSS
Exploits1References5
Nuclei
Nuclei
added 2026/06/23 5:8 a.m.289 views

Zabbix - SAML SSO Authentication Bypass

When SAML SSO authentication is enabled non-default, session data can be modified by a malicious actor because a user login stored in the session was not verified. id: CVE-2022-23131 info: name: Zabbix - SAML SSO Authentication Bypass author: For3stCo1d,spac3wh1te severity: critical description:...

9.8CVSS7.5AI score0.95683EPSS
Exploits9References5
Chainguard
Chainguard
added 2026/06/08 7:18 p.m.14 views

GHSA-C2P3-7M5P-CV8X vulnerabilities

Vulnerabilities for packages: zabbix-fips...

5.4AI score
Exploits0
Chainguard
Chainguard
added 2026/06/08 7:18 p.m.12 views

GHSA-9FRC-8383-795M vulnerabilities

Vulnerabilities for packages: zabbix-fips...

5.4AI score
Exploits0
Chainguard
Chainguard
added 2026/06/08 7:18 p.m.11 views

GHSA-4QPC-3HR4-R2P4 vulnerabilities

Vulnerabilities for packages: zabbix-fips...

5.4AI score
Exploits0
Chainguard
Chainguard
added 2026/06/08 7:18 p.m.12 views

CVE-2026-45305 vulnerabilities

Vulnerabilities for packages: zabbix-fips...

5.4AI score0.00076EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/08 7:18 p.m.11 views

CVE-2026-45304 vulnerabilities

Vulnerabilities for packages: zabbix-fips...

5.4AI score0.00076EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/08 7:18 p.m.12 views

CVE-2026-45133 vulnerabilities

Vulnerabilities for packages: zabbix-fips...

5.4AI score0.00089EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/06/08 8:39 a.m.99 views

Vuln2Action-Demo

Vuln2Action-Demo This repository contains the demo video for t...

9.8CVSS8.3AI score0.83284EPSS
Exploits24
GithubExploit
GithubExploit
added 2026/05/21 10:43 p.m.97 views

bug-bounty-hunts

Bug Bounty Hunts Curated writeups and proof-of-concept materi...

5.8AI score
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Zabbix

A authenticated user can create a hosts group using the configuration with XSS payload, which will be available to other users. When XSS is stored by an authenticated malicious actor, and other users attempt to search for groups during the creation of new hosts, the XSS payload will activate,...

6.3CVSS6.2AI score0.01035EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Zabbix

A authenticated user can create a link containing reflected JavaScript code for a service page and send it to other users. The payload can only be executed with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the...

4.4CVSS5.8AI score0.01203EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Zabbix

A authenticated user can create a link containing reflected JavaScript code on its own pages and send it to other users. The payload can only be executed with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the sa...

4.4CVSS5.2AI score0.01143EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Zabbix

Zabbix Frontend offers a feature that enables administrators to manage the installation and ensure that only certain IP addresses can access it. This way, no user will be able to access the Zabbix Frontend during maintenance, and sensitive data will be protected from being disclosed. An attacker...

9.8CVSS8.2AI score0.01207EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Zabbix

In Zabbix versions 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism. The code within this controller calls diableSIDValidation within the init method. An...

8.8CVSS7.8AI score0.01472EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.12 views

Astra Linux – Vulnerability in Zabbix

The Zabbix server can execute commands for configured scripts. After the command is executed, an audit entry is added to the “Audit Log”. Since the “clientip” field is not sanitized, it is possible to inject SQL code into the “clientip” field, resulting in time-based blind SQL injection attacks...

9.1CVSS7.1AI score0.76618EPSS
Exploits5References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.24 views

Astra Linux – Vulnerability in Zabbix

The Zabbix Agent 2 item key “smart.disk.get” does not sanitize its parameters before passing them to a shell command, which may lead to a vulnerability for remote code execution...

9.8CVSS8.8AI score0.00753EPSS
Exploits0References2
Rows per page
Query Builder