Astra Linux - уязвимость в zabbix

JavaScript preprocessing can be exploited by attackers to gain access to the file system read-only access on behalf of the user “zabbix” on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data...

Linux Distros Unpatched Vulnerability : CVE-2026-23921

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL...

PT-2026-23666

Name of the Vulnerable Software and Affected Versions Zabbix affected versions not specified Description A Zabbix user with the 'User' role and template/host write permissions can create objects using the configuration.import API. This can result in unauthorized hosts being created, leading to...

Linux Distros Unpatched Vulnerability : CVE-2025-49643

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authenticated Zabbix user including Guest is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.ph...

UBUNTU-CVE-2025-49643

An authenticated Zabbix user including Guest is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service...

CVE-2025-49643 Frontend DoS vulnerability due to asymmetric resource consumption

An authenticated Zabbix user including Guest is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service...

CVE-2025-49643

An authenticated Zabbix user including Guest is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service...

Linux Distros Unpatched Vulnerability : CVE-2025-49641

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A regular Zabbix user with no permission to the Monitoring - Problems view is still able to call the problem.view.refresh action and therefore still retrieve a...

EUVD-2025-32238

Malicious code in bioql PyPI...

EUVD-2025-9502

Malicious code in bioql PyPI...

CVE-2025-49641

A regular Zabbix user with no permission to the Monitoring - Problems view is still able to call the problem.view.refresh action and therefore still retrieve a list of active problems...

CVE-2025-49641

A regular Zabbix user with no permission to the Monitoring - Problems view is still able to call the problem.view.refresh action and therefore still retrieve a list of active problems...

UBUNTU-CVE-2025-49641

A regular Zabbix user with no permission to the Monitoring - Problems view is still able to call the problem.view.refresh action and therefore still retrieve a list of active problems...

Linux Distros Unpatched Vulnerability : CVE-2024-36465

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A low privilege regular Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands...

CVE-2024-42325

Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc...

CVE-2024-36465

A low privilege regular Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter...

CVE-2024-36465

A low privilege regular Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter...

CVE-2024-36465

A low privilege regular Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter...

SUSE CVE-2024-42332

The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attac...

DEBIAN-CVE-2024-42332

The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attac...