CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/03 11:59 p.m.•6 views

Astra Linux - уязвимость в zabbix

JavaScript preprocessing can be exploited by attackers to gain access to the file system read-only access on behalf of the user “zabbix” on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data...

8.5CVSS7.1AI score0.00309EPSS

6.5CVSS6AI score0.00043EPSS

Zabbix 6.0.x < 6.0.41 / 7.0.x < 7.0.17 / 7.2.x < 7.2.11 Information Disclosure (ZBX-27060)

The version of Zabbix Server installed on the remote host is affected by a vulnerability. A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access...

6.9CVSS6.1AI score0.0011EPSS

Zabbix 7.4.x < 7.4.7 Arbitrary PHP Class Instantiation (ZBX-27641)

The version of Zabbix Server installed on the remote host is affected by a vulnerability. An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. The impact depends on environment setup but appears limited at this time. Note that Nessus...

8.7CVSS6.1AI score0.0007EPSS

Zabbix 7.0.x < 7.0.22 / 7.2.x < 7.2.15 / 7.4.x < 7.4.6 Multiple Vulnerabilities (ZBX-27639)

The version of Zabbix Server installed on the remote host is prior to 7.0.22, 7.2.15, 7.4.6. It is, therefore, affected by multiple vulnerabilities : - A blind SQL injection vulnerability exists in the Zabbix API via the sortfield parameter in include/classes/api/CApiService.php. A low privilege...

Exploits0References3

7.5CVSS7.3AI score0.00093EPSS

Zabbix 6.0.x < 6.0.34 / 6.4.x < 6.4.19 / 7.0.x < 7.0.4 SQLi (ZBX-26986)

The version of Zabbix Server installed on the remote host is prior to 6.0.34, 6.4.19, 7.0.4. It is, therefore, affected by a SQL injection vulnerability : - A Zabbix administrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field...

Tenable Nessus•added 2026/04/02 12:0 a.m.•0 views

Zabbix 6.0.x < 6.0.42 / 7.0.x < 7.0.19 / 7.2.x < 7.2.13 / 7.4.x < 7.4.3 DoS (ZBX-27284)

The version of Zabbix Server installed on the remote host is affected by a vulnerability. An authenticated Zabbix user including Guest is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service. Note...

6.5CVSS6.7AI score0.00102EPSS

3.5CVSS6AI score0.00032EPSS

Zabbix 7.0.x < 7.0.14 / 7.2.x < 7.2.8 Information Disclosure (ZBX-26988)

The version of Zabbix Server installed on the remote host is affected by a vulnerability. Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them. Note that Nessus has not tested for this issue but has instead...

Tenable Nessus•added 2026/04/02 12:0 a.m.•0 views

Zabbix 7.4.x < 7.4.3 Arbitrary File Read (ZBX-27282)

The version of Zabbix Server installed on the remote host is affected by a vulnerability. An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss. Note that Nessus has not tested for this issue...

6.8CVSS6.1AI score0.00037EPSS

RedhatCVE•added 2026/03/24 8:26 p.m.•3 views

CVE-2026-23919

A flaw was found in Zabbix Server and Proxy. This vulnerability arises from the system's reuse of JavaScript Duktape contexts, which are execution environments for JavaScript code. A regular Zabbix administrator, even without superuser privileges, can exploit this to access and leak sensitive dat...

7.1CVSS5.7AI score0.0003EPSS

NVD•added 2026/03/24 7:16 p.m.•1 views

CVE-2026-23919

For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...

7.1CVSS0.0003EPSS

OSV•added 2026/03/24 7:16 p.m.•1 views

DEBIAN-CVE-2026-23919

7.1CVSS5.3AI score0.0003EPSS

UbuntuCve•added 2026/03/24 7:16 p.m.•1 views

CVE-2026-23919

7.1CVSS5.9AI score0.0003EPSS

Vulnrichment•added 2026/03/24 6:26 p.m.•3 views

CVE-2026-23919 Insufficient isolation of JavaScript (Duktape) execution context on Zabbix Server

7.1CVSS5.7AI score0.0003EPSS

CVE•added 2026/03/24 6:26 p.m.•9 views

CVE-2026-23919

CVE-2026-23919 affects Zabbix Server/Proxy where JavaScript (Duktape) contexts are reused for performance, potentially causing confidentiality leakage by non-super administrators who can access hosts they shouldn’t. The issue stems from shared execution contexts used by script items, JavaScript r...

7.1CVSS5.7AI score0.0003EPSS

Cvelist•added 2026/03/24 6:26 p.m.•17 views

CVE-2026-23919 Insufficient isolation of JavaScript (Duktape) execution context on Zabbix Server

7.1CVSS0.0003EPSS

RedhatCVE•added 2026/01/09 11:52 a.m.•5 views

CVE-2009-4501

The zbxgetnextfield function in libs/zbxcommon/str.c in Zabbix Server before 1.6.8 allows remote attackers to cause a denial of service crash via a request that lacks expected separators, which triggers a NULL pointer dereference, as demonstrated using the Command keyword...

5CVSS6.8AI score0.04567EPSS

RedhatCVE•added 2026/01/09 11:52 a.m.•6 views

CVE-2009-4499

SQL injection vulnerability in the gethistorylastid function in the nodewatcher component in Zabbix Server before 1.6.8 allows remote attackers to execute arbitrary SQL commands via a crafted request, possibly related to the sendhistorylastid function in zabbixserver/trapper/nodehistory.c...

7.5CVSS8.6AI score0.00243EPSS

RedhatCVE•added 2026/01/09 11:48 a.m.•7 views

CVE-2009-4500

The processtrap function in trapper/trapper.c in Zabbix Server before 1.6.6 allows remote attackers to cause a denial of service crash via a crafted request with data that lacks an expected : colon separator, which triggers a NULL pointer dereference...

5CVSS6.7AI score0.00734EPSS