| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-23924 | Agent 2 Docker plugin arbitrary file read via Docker API injection | Zabbix | Zabbix | 中危 | - | 2026-03-24 18:30:01 | Deep Dive |
| CVE-2026-23923 | Unauthenticated arbitrary PHP class instantiation | Zabbix | Zabbix | 中危 | - | 2026-03-24 18:29:23 | Deep Dive |
| CVE-2026-23921 | Blind, read-only SQL injection in Zabbix API via sortfield parameter | Zabbix | Zabbix | 中危 | - | 2026-03-24 18:28:41 | Deep Dive |
| CVE-2026-23920 | Host and event action script regex validation can be bypassed in certain situations, leading to potential command injection | Zabbix | Zabbix | 中危 | - | 2026-03-24 18:27:53 | Deep Dive |
| CVE-2026-23919 | Insufficient isolation of JavaScript (Duktape) execution context on Zabbix Server | Zabbix | Zabbix | 中危 | - | 2026-03-24 18:26:44 | Deep Dive |
| CVE-2026-23925 | Unauthorized host creation via configuration.import API by low-privilege user with write permissions | Zabbix | Zabbix | 中危 | - | 2026-03-06 08:24:15 | Deep Dive |
| CVE-2025-49643 | Frontend DoS vulnerability due to asymmetric resource consumption | Zabbix | Zabbix | - | - | 2025-12-01 13:05:34 | Deep Dive |
| CVE-2025-49642 | Agent builds for AIX vulnerable to library loading hijacking | Zabbix | Zabbix | - | - | 2025-12-01 13:03:39 | Deep Dive |
| CVE-2025-27232 | Frontend arbitrary file read in oauth.authorize action | Zabbix | Zabbix | - | - | 2025-12-01 12:55:52 | Deep Dive |
| CVE-2025-49641 | Insufficient permission check for the problem.view.refresh action | Zabbix | Zabbix | 中危 | - | 2025-10-03 11:29:26 | Deep Dive |
| CVE-2025-27237 | DLL injection in Zabbix Agent and Agent 2 via OpenSSL configuration | Zabbix | Zabbix | - | - | 2025-10-03 11:28:43 | Deep Dive |
| CVE-2025-27236 | User information disclosure via api_jsonrpc.php on method user.get with param search | Zabbix | Zabbix | 中危 | - | 2025-10-03 11:28:10 | Deep Dive |
| CVE-2025-27231 | LDAP 'Bind password' field value can be leaked by a Zabbix Super Admin | Zabbix | Zabbix | 中危 | - | 2025-10-03 11:25:14 | Deep Dive |
| CVE-2025-10630 | Regex DoS in Grafana Zabbix Plugin | Grafana | grafana-zabbix-plugin | Medium | 4.3 | 2025-09-19 09:44:15 | Deep Dive |
| CVE-2025-27240 | Secondary-order SQL injection in Zabbix Server when deleting an autoregistered host | Zabbix | Zabbix | 中危 | - | 2025-09-12 10:33:46 | Deep Dive |
| CVE-2025-27238 | API hostprototype.get lists data to users with insufficient authorization. | Zabbix | Zabbix | 中危 | - | 2025-09-12 10:33:18 | Deep Dive |
| CVE-2025-27233 | Zabbix Agent 2 smartctl plugin argument injection in Zabbix 6.0 and later. | Zabbix | Zabbix | 中危 | - | 2025-09-12 10:32:36 | Deep Dive |
| CVE-2025-27234 | Zabbix Agent 2 smartctl plugin RCE vulnerability in Zabbix 5.0. | Zabbix | Zabbix | 中危 | - | 2025-09-12 10:31:59 | Deep Dive |
| CVE-2024-45700 | DoS vulnerability due to uncontrolled resource exhaustion | Zabbix | Zabbix | - | - | 2025-04-02 06:13:27 | Deep Dive |
| CVE-2024-45699 | Reflected XSS vulnerability in /zabbix.php?action=export.valuemaps | Zabbix | Zabbix | - | - | 2025-04-02 06:12:58 | Deep Dive |