19 matches found
Zabbix 6.0.x < 6.0.34 / 6.4.x < 6.4.19 / 7.0.x < 7.0.4 SQLi (ZBX-26986)
The version of Zabbix Server installed on the remote host is prior to 6.0.34, 6.4.19, 7.0.4. It is, therefore, affected by a SQL injection vulnerability : - A Zabbix administrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field...
EUVD-2025-29033
Malicious code in bioql PyPI...
ROS-20250923-19
A vulnerability in the Zabbix universal monitoring system is related to insufficient cleaning of user data transmitted via the "Visible Name" field during automatic host deletion. data transmitted via the "Visible Name" field during automatic host deletion. Exploitation vulnerability could allow ...
ROS-20250923-18
Vulnerability in the Zabbix universal monitoring system is related to insufficient cleaning of user data transmitted via the "Visible name" field during automatic host deletion. data transmitted via the "Visible Name" field during automatic host deletion. Exploitation vulnerability could allow a...
ROS-20250923-23
Vulnerability in the Zabbix universal monitoring system is related to insufficient cleaning of user data transmitted via the "Visible name" field during automatic host deletion. data transmitted via the "Visible Name" field during automatic host deletion. Exploitation vulnerability could allow a...
CVE-2025-27240
A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field...
Linux Distros Unpatched Vulnerability : CVE-2025-27240
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field. CVE-2025-27240 Note that...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the Visible name field during the autoremoval process. An attacker can execute arbitrary SQL commands by injecting malicious input into this field. Remediation Upgrade zabbix/zabbix to version 6.0.34, 6.4.19, 7.0.4 or...
CVE-2025-27240
A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field...
CVE-2025-27240
A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field...
DEBIAN-CVE-2025-27240
A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field...
CVE-2025-27240
A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field...
UBUNTU-CVE-2025-27240
A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field...
CVE-2025-27240
CVE-2025-27240.doc: A Zabbix Server vulnerability lets an administrator inject arbitrary SQL during autoremove of hosts by inserting malicious SQL in the ‘Visible name’ field. Affected: Zabbix Server host autoremove logic; root cause is SQL injection in the Visible name field. Impact per CVSS: hi...
CVE-2025-27240 Secondary-order SQL injection in Zabbix Server when deleting an autoregistered host
A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field...
CVE-2025-27240 Secondary-order SQL injection in Zabbix Server when deleting an autoregistered host
A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field...
Zabbix 安全漏洞
Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. A security vulnerability exists in Zabbix that stems from a malicious SQL that can be inserted in the Visible name field by an...
Astra Linux – Vulnerability in Zabbix
A Zabbix administrator can inject arbitrary SQL code during the automatic removal of hosts by inserting malicious SQL statements into the 'Visible name' field...
PT-2025-37306
Name of the Vulnerable Software and Affected Versions: Zabbix affected versions not specified Description: A Zabbix administrator can inject arbitrary SQL during the autoremoval of hosts. This is achieved by inserting malicious SQL into the Visible name field. Recommendations: At the moment, ther...