CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

AstraLinux•added 2026/05/03 11:59 p.m.•6 views

Astra Linux – Vulnerability in Zabbix

In Zabbix versions 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism. The code within this controller calls diableSIDValidation within the init method. An...

8.8CVSS7.8AI score0.01472EPSS

Exploits0References2

Vulnrichment•added 2023/10/12 6:11 a.m.•12 views

CVE-2023-32723 Inefficient permission check in class CControllerAuthenticationUpdate

Request to LDAP is sent before user permissions are checked...

8.5CVSS6.8AI score0.00561EPSS

Exploits0References2

Cvelist•added 2023/10/12 6:11 a.m.•17 views

CVE-2023-32723 Inefficient permission check in class CControllerAuthenticationUpdate

Request to LDAP is sent before user permissions are checked...

8.5CVSS9.4AI score0.00561EPSS

Exploits0References2

Veracode•added 2021/04/21 5:55 a.m.•28 views

Cross-Site Request Forgery (CSRF)

zabbix is vulnerable to cross-site request forgery CSRF. Lack of CSRF protection mechanism in the CControllerAuthenticationUpdate controller allows an attacker to submit requests on behalf of the authenticated Zabbix user...

8.8CVSS3.8AI score0.01472EPSS

Exploits0References4Affected Software1

NVD•added 2021/03/03 5:15 p.m.•16 views

CVE-2021-27927

In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism. The code inside this controller calls diableSIDValidation inside the init method. An...

8.8CVSS0.01472EPSS

Exploits0References2