SUSE CVE-2026-23921

A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL selects via the sortfield parameter. Although query results are not returned directly, an attacker can exfiltrate arbitrary database data...

CVE-2026-23921

A flaw was found in Zabbix. A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in the API service. This vulnerability allows an attacker to execute arbitrary SQL selects and exfiltrate sensitive database data through time-based techniques. This could...

CVE-2026-23921

A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL selects via the sortfield parameter. Although query results are not returned directly, an attacker can exfiltrate arbitrary database data...

Astra Linux – Vulnerability in Zabbix

The Zabbix API’s user.get method returns all users that share a common group with the calling user. This includes media and other information, such as login attempts, etc...

SUSE CVE-2025-27236

A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to...

EUVD-2025-29034

Malicious code in bioql PyPI...

CVE-2025-27236

A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to...

DEBIAN-CVE-2025-27236

A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to...

CVE-2025-27236 User information disclosure via api_jsonrpc.php on method user.get with param search

A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to...

CVE-2025-27236

CVE-2025-27236 describes an information-disclosure vulnerability in Zabbix API. A regular Zabbix user can use user.get (via api_jsonrpc.php) to search for other users within their user group and retrieve fields that the requester should not access, enabling data-mining of restricted field values....

PT-2025-40513

Name of the Vulnerable Software and Affected Versions Zabbix affected versions not specified Description A regular user can search for other users within their user group through the Zabbix API and access fields they are not authorized to view. This enables the extraction of data from fields the...

CVE-2025-27238

Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them...

The vulnerability in the Zabbix UI of the IT infrastructure monitoring system allows a perpetrator to increase their privileges within the system and execute arbitrary code.

The vulnerability in the Zabbix UI of the IT infrastructure monitoring system is related to insufficient protection of registration data. Exploiting this vulnerability can allow attackers to enhance their privileges within the system and execute arbitrary code...

SUSE CVE-2024-42325

Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc...

DEBIAN-CVE-2024-42325

Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc...

UBUNTU-CVE-2024-42325

Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc...

The vulnerability of the Universal Monitoring System Interface of Zabbix, which allows attackers to perform cross-site scripting attacks

The vulnerability of the Zabbix monitoring system’s universal interface is related to insufficient validation of input data during the processing of the URL fields in the Maps elements. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...