zabbix · threatengine.sh

CVE-2025-49643

>= 6.0.0 and < 6.0.42

An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially cr

6.5MEDIUM

CVE-2025-27232

>= 7.4.0 and < 7.4.3

An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to p

4.9MEDIUM

CVE-2025-49641

>= 6.0.0 and < 6.0.41

A regular Zabbix user with no permission to the Monitoring - Problems view is still able to call the problem.view.refresh action a

4.3MEDIUM

CVE-2025-27236

>= 6.0.38 and < 6.0.41

A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to

6.5MEDIUM

CVE-2025-27231

>= 6.0.0 and < 6.0.41

The LDAP 'Bind password' value cannot be read after saving, but a Super Admin account can leak it by changing LDAP 'Host' to a rog

4.9MEDIUM

CVE-2025-27240

>= 6.0.0 and < 6.0.34

A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' fi

7.2HIGH

CVE-2025-27238

>= 7.0.0 and < 7.0.14

Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assig

3.5LOW

CVE-2024-45700

>= 6.0.0 and < 6.0.39

Zabbix server is vulnerable to a DoS vulnerability due to uncontrolled resource exhaustion. An attacker can send specially crafted

6.5MEDIUM

CVE-2024-45699

>= 6.0.0 and < 6.0.37

The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This

5.4MEDIUM

CVE-2024-42325

>= 5.0.0 and < 5.0.46

Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, su

3.5LOW

CVE-2024-36469

>= 5.0.0 and < 5.0.46

Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one.

3.1LOW

CVE-2024-36465

>= 7.0.0 and <= 7.0.7

A low privilege (regular) Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php t

8.8HIGH

CVE-2024-36466

>= 6.0.0 and < 6.0.32

A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them to sign in with admin permissions

8.8HIGH

CVE-2024-36464

>= 6.0.0 and < 6.0.30

When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and

2.7LOW

CVE-2024-42333

>= 6.0.0 and < 6.0.34

The researcher is showing that it is possible to leak a small amount of Zabbix Server memory using an out of bounds read in src/li

2.7LOW

CVE-2024-42332

>= 6.0.0 and < 6.0.35

The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional line

3.7LOW

CVE-2024-42331

>= 7.0.0 and < 7.0.4

In the src/libs/zbxembed/browser.c file, the es_browser_ctor method retrieves a heap pointer from the Duktape JavaScript engine. T

3.3LOW

CVE-2024-42330

>= 5.0.0 and < 5.4.6

The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that th

9.1CRITICAL

CVE-2024-42329

>= 7.0.0 and < 7.0.4

The webdriver for the Browser object expects an error object to be initialized when the webdriver_session_query function fails. Bu

3.3LOW

CVE-2024-42328

>= 7.0.0 and < 7.0.4

When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only

3.3LOW

CVE-2024-42327

>= 6.0.0 and < 6.0.32

A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can explo

9.9CRITICAL

CVE-2024-42326

>= 7.0.0 and < 7.0.3

There was discovered a use after free bug in browser.c in the es_browser_get_variant function

4.4MEDIUM

CVE-2024-36468

>= 7.0.0 and < 7.0.3

The reported vulnerability is a stack buffer overflow in the zbx_snmp_cache_handle_engineid function within the Zabbix server/prox

3.0LOW

CVE-2024-36467

>= 5.0.0 and < 5.0.43

An authenticated user with API access (e.g.: user with default User role), more specifically a user with access to the user.update

7.5HIGH

CVE-2024-36463

>= 5.0.0 and < 5.0.43

The implementation of atob in "Zabbix JS" allows to create a string with arbitrary content and use it to access internal propertie

6.5MEDIUM

CVE-2024-22117

>= 5.0.0 and < 5.0.44

When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retr

2.2LOW

CVE-2024-36462

all versions

Uncontrolled resource consumption refers to a software vulnerability where a attacker or system uses excessive resources, such as

7.5HIGH

CVE-2024-36461

>= 6.0.0 and <= 6.0.30

Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine.

9.1CRITICAL

CVE-2024-36460

>= 5.0.0 and <= 5.0.42

The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text.

8.1HIGH

CVE-2024-22123

>= 5.0.0 and <= 5.0.42

Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, i

2.7LOW

CVE-2024-22122

>= 5.0.0 and <= 5.0.42

Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server" because there is no validation of "Nu

3.0LOW

CVE-2024-22121

>= 5.0.0 and <= 5.0.42

A non-admin user can change or remove important features within the Zabbix Agent application, thus impacting the integrity and ava

6.1MEDIUM

CVE-2024-22116

>= 6.4.9 and <= 6.4.15

An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. T

9.9CRITICAL

CVE-2024-22114

>= 5.0.0 and <= 5.0.42

User with no permission to any of the Hosts can access and view host count & other statistics through System Information Widget in

4.3MEDIUM

CVE-2024-22120

>= 6.0.0 and < 6.0.28

Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log"

9.1CRITICAL

CVE-2024-22119

>= 5.0.0 and < 5.0.40

The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section.

5.5MEDIUM

CVE-2023-32728

>= 5.0.0 and <= 5.0.38

The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possi

4.6MEDIUM

CVE-2023-32727

>= 4.0.0 and <= 4.0.49

An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside i

6.8MEDIUM

CVE-2023-32726

>= 5.0.0 and <= 5.0.39

The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server.

3.9LOW

CVE-2023-32725

>= 6.0.0 and <= 6.0.21

The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received s

9.6CRITICAL

CVE-2023-32724

>= 5.0.0 and <= 5.0.36

Memory pointer is in a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory access and

9.1CRITICAL

CVE-2023-32723

>= 4.0.0 and < 4.0.19

Request to LDAP is sent before user permissions are checked.

8.5HIGH

CVE-2023-32722

>= 6.0.0 and <= 6.0.20

The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open.

9.6CRITICAL

CVE-2023-32721

>= 4.0.0 and <= 4.0.47

A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL.

7.6HIGH

CVE-2023-29453

>= 5.0.0 and < 5.0.35

Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks ar

9.8CRITICAL

CVE-2023-30958

< 6.225.0

A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP we

4.7MEDIUM

CVE-2023-29458

all versions

Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many valu

5.9MEDIUM

CVE-2023-29457

>= 4.0.0 and <= 4.0.45

Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script can be

6.3MEDIUM

CVE-2023-29456

>= 4.0.0 and <= 4.0.46

URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can

5.7MEDIUM

CVE-2023-29455

>= 4.0.0 and <= 4.0.45

Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to t

5.4MEDIUM

CVE-2023-29454

>= 4.0.0 and <= 4.0.45

Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application

5.4MEDIUM

CVE-2023-29452

>= 6.0.0 and <= 6.0.17

Currently, geomap configuration (Administration - General - Geographical maps) allows using HTML in the field “Attribution text�

5.5MEDIUM

CVE-2023-29451

<= 6.0.14

Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix

4.7MEDIUM

CVE-2023-29450

<= 5.0.33

JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbi

8.5HIGH

CVE-2023-29449

<= 5.0.31

JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/

5.9MEDIUM

CVE-2022-46768

< 6.0.12

Arbitrary file read vulnerability exists in Zabbix Web Service Report Generation, which listens on the port 10053. The service doe

5.9MEDIUM

CVE-2022-43516

>= 6.0.10 and < 6.0.12

A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows F

6.5MEDIUM

CVE-2022-43515

>= 4.0.0 and <= 4.0.44

Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can a

5.3MEDIUM

CVE-2022-40626

>= 6.0.0 and <= 6.0.6

An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authent

4.8MEDIUM

CVE-2022-35230

< 5.0.25

An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. T

3.7LOW

CVE-2022-35229

< 4.0.0

An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users

3.7LOW

CVE-2022-24919

>= 4.0.0 and <= 4.0.38

An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. Th

3.7LOW

CVE-2022-24918

>= 5.0.0 and <= 5.0.20

An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. The

3.7LOW

CVE-2022-24917

>= 4.0.0 and <= 4.0.38

An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users.

3.7LOW

CVE-2022-24349

>= 4.0.0 and <= 4.0.38

An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious cod

4.6MEDIUM

CVE-2021-46088

>= 4.0.0 and <= 4.0.34

Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Execution (RCE). Any user with the "Zabbix Admin" role is able

7.2HIGH

CVE-2022-23134

>= 5.4.0 and <= 5.4.8

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticat

3.7LOW

CVE-2022-23133

>= 5.0.0 and <= 5.0.18

An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users. W

6.3MEDIUM

CVE-2022-23132

>= 4.0.0 and <= 4.0.36

During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In

3.3LOW

CVE-2022-23131

>= 5.4.0 and <= 5.4.8

In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious a

9.1CRITICAL

CVE-2022-22704

< 5.4.9

The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorr

9.8CRITICAL

CVE-2021-27927

>= 4.0.0 and <= 4.0.27

In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the

8.8HIGH

CVE-2020-11800

>= 2.2.0 and < 3.0.31

Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.

9.8CRITICAL

CVE-2020-15803

<= 3.0.31

Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in

6.1MEDIUM

CVE-2013-3738

all versions

A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which coul

9.8CRITICAL

CVE-2013-3628

all versions

Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability

8.8HIGH

CVE-2013-5743

>= 1.8 and <= 1.8.17

Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.

9.8CRITICAL

CVE-2013-7484

all versions

Zabbix before 5.0 represents passwords in the users table with unsalted MD5.

7.5HIGH

CVE-2019-17382

<= 4.4

An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login

9.1CRITICAL

CVE-2019-15132

<= 4.0.26

Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based o

5.3MEDIUM

CVE-2016-10742

<= 2.2.20

Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open r

6.1MEDIUM

CVE-2018-18289

< 1.1.15

The MESILAT Zabbix plugin before 1.1.15 for Atlassian Confluence allows attackers to read arbitrary files.

7.5HIGH

CVE-2017-2825

>= 2.4.0 and <= 2.4.8

In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resultin

7.0HIGH

CVE-2017-2826

all versions

An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig pr

3.7LOW

CVE-2014-3005

all versions

XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x

9.8CRITICAL

CVE-2017-2824

all versions

An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafte

8.1HIGH

CVE-2016-10134

<= 2.2.13

SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands

9.8CRITICAL

CVE-2016-4338

all versions

The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13

8.1HIGH

CVE-2014-9450

<= 1.8.21

Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0.x before 2.0.14, and 2.2.x be

CVE-2014-1685

<= 1.8.19

The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2.2.x before 2.2.2rc1 allows remote "Zabbix Admin" users to m

CVE-2014-1682

<= 1.8.19

The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof a

CVE-2012-6086

all versions

libs/zbxmedia/eztexting.c in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.8rc1, and 2.1.x before 2.1.2 does not properly set th

CVE-2013-6824

<= 1.8.18

Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 allows remote Zabbix servers and proxies to execute arbitra

CVE-2013-1364

<= 1.8.15

The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to override LDAP configuration via

CVE-2013-5572

all versions

Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and read

CVE-2012-3435

<= 1.8.15

SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remo

CVE-2011-5027

<= 1.8.10

Cross-site scripting (XSS) vulnerability in ZABBIX before 1.8.10 allows remote attackers to inject arbitrary web script or HTML vi

CVE-2011-4615

<= 1.8.10

Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before 1.8.10 allow remote attackers to inject arbitrary web script

CVE-2011-4674

all versions

SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attack

CVE-2010-5049

<= 1.8.1

SQL injection vulnerability in events.php in Zabbix 1.8.1 and earlier allows remote attackers to execute arbitrary SQL commands vi

CVE-2011-3265

<= 1.8.6

popup.php in Zabbix before 1.8.7 allows remote attackers to read the contents of arbitrary database tables via a modified srctbl p

CVE-2011-3264

<= 1.8.5

Zabbix before 1.8.6 allows remote attackers to obtain sensitive information via an invalid srcfld2 parameter to popup.php, which r

CVE-2011-3263

<= 1.8.5

zabbix_agentd in Zabbix before 1.8.6 and 1.9.x before 1.9.4 allows context-dependent attackers to cause a denial of service (CPU c

CVE-2011-2904

<= 1.8.5

Cross-site scripting (XSS) vulnerability in acknow.php in Zabbix before 1.8.6 allows remote attackers to inject arbitrary web scri

CVE-2010-2790

<= 1.8.2

Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery function in frontends/php/include/classes/class.curl.php in

CVE-2010-1277

all versions

SQL injection vulnerability in the user.authenticate method in the API in Zabbix 1.8 before 1.8.2 allows remote attackers to execu

CVE-2009-4502

<= 1.6.6

The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to

CVE-2009-4501

<= 1.6.7

The zbx_get_next_field function in libs/zbxcommon/str.c in Zabbix Server before 1.6.8 allows remote attackers to cause a denial of

CVE-2009-4500

<= 1.4.6

The process_trap function in trapper/trapper.c in Zabbix Server before 1.6.6 allows remote attackers to cause a denial of service

CVE-2009-4499

<= 1.6.7

SQL injection vulnerability in the get_history_lastid function in the nodewatcher component in Zabbix Server before 1.6.8 allows r

CVE-2009-4498

<= 1.7.4

The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted

CVE-2008-1353

all versions

zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a denial of service (CPU and connection consumption) via multiple v

CVE-2007-6210

all versions

zabbix_agentd 1.1.4 in ZABBIX before 1.4.3 runs "UserParameter" scripts with gid 0, which might allow local users to gain privileg

CVE-2007-0640

<= 1.1.4

Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses."

CVE-2006-6693

all versions

Multiple buffer overflows in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly

CVE-2006-6692

all versions

Multiple format string vulnerabilities in zabbix before 20061006 allow attackers to cause a denial of service (application crash)