CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

26 matches found

Tenable Nessus•added 2026/04/02 12:0 a.m.•3 views

Zabbix 6.0.x < 6.0.41 / 7.0.x < 7.0.17 / 7.2.x < 7.2.11 Information Disclosure (ZBX-27060)

The version of Zabbix Server installed on the remote host is affected by a vulnerability. A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access...

6.5CVSS6AI score0.00043EPSS

Exploits0References2

Vulnrichment•added 2026/03/24 6:28 p.m.•3 views

CVE-2026-23921 Blind, read-only SQL injection in Zabbix API via sortfield parameter

A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL selects via the sortfield parameter. Although query results are not returned directly, an attacker can exfiltrate arbitrary database data...

8.7CVSS6.1AI score0.00045EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2014-1756

Malware in sbrugna...

4CVSS6.1AI score0.00252EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2010-1306

Malware in sbrugna...

7.5CVSS6.1AI score0.01516EPSS

Exploits1References10

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-54347

Malicious code in bioql PyPI...

2.1CVSS4.7AI score0.00053EPSS

Exploits0References1

NVD•added 2025/10/03 12:15 p.m.•4 views

CVE-2025-27236

A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to...

6.5CVSS0.00043EPSS

Exploits0References1

Tenable Nessus•added 2025/09/14 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2025-27238

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them. CVE-2025-27238 No...

3.5CVSS5.8AI score0.00032EPSS

Exploits0References2

OSV•added 2025/09/12 11:15 a.m.•3 views

UBUNTU-CVE-2025-27238

Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them...

3.5CVSS5.8AI score0.00032EPSS

Exploits0References3

CVE•added 2025/09/12 10:33 a.m.•17 views

CVE-2025-27238

CVE-2025-27238 is due to a bug in the Zabbix API where hostprototype.get incorrectly lists all host prototypes to users who have no user groups assigned. The issue arises from the API’s handling of authorization, potentially exposing prototype data to unauthorized users. Connected sources corrobo...

3.5CVSS6.4AI score0.00032EPSS

Exploits0References1Affected Software1

Tenable Nessus•added 2025/08/27 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2024-42325

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc...

3.5CVSS5.8AI score0.00053EPSS

Exploits0References3

NVD•added 2025/04/02 7:15 a.m.•11 views

CVE-2024-42325