Zabbix 7.4.x < 7.4.7 Arbitrary PHP Class Instantiation (ZBX-27641)

The version of Zabbix Server installed on the remote host is affected by a vulnerability. An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. The impact depends on environment setup but appears limited at this time. Note that Nessus...

CVE-2026-23923

A flaw was found in Zabbix. An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. This could lead to a limited impact on the availability of the system, depending on the environment setup. Mitigation Mitigation for this issue is eithe...

CVE-2026-23923

An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. The impact depends on environment setup but appears limited at this time...

CVE-2026-23923

CVE-2026-23923 : An unauthenticated attacker can abuse the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. Impact depends on environment, but appears limited; CVSS 4.0 base vector lists MEDIUM severity (6.9). No concrete exploitation details or affected product/vendor are...

CVE-2026-23923 Unauthenticated arbitrary PHP class instantiation

An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. The impact depends on environment setup but appears limited at this time...

CVE-2026-23923 Unauthenticated arbitrary PHP class instantiation

An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. The impact depends on environment setup but appears limited at this time...

PT-2026-27476

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An unauthenticated attacker can exploit the 'validate' action in the Frontend to blindly instantiate arbitrary PHP classes. The impact of this issue depends on t...

PT-2024-39763 · WordPress · Wp 2Fa With Telegram

Name of the Vulnerable Software and Affected Versions: WP 2FA with Telegram plugin for WordPress versions up to, and including, 3.0 Description: The issue is due to insufficient validation of the user-controlled key on the 'validate tg' action. This makes it possible for authenticated attackers,...

Adobe Acrobat Pro DC Text field Validate action Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...

PT-2013-1900 · Red Hat · Red Hat Enterprise Virtualization Manager

Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise Virtualization Manager versions 3.1 and earlier Description: The issue affects the domain management tool, specifically when the validate action is enabled, causing the administrative password to be logged to a world-readab...