Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Zabbix — Vulnerabilities & Security Advisories 67

All 67 CVE vulnerabilities found in Zabbix, with AI-generated Chinese analysis, references, and POCs.

Vendor: Zabbix

CVE IDTitleCVSSSeverityPublished
CVE-2026-23924 Agent 2 Docker plugin arbitrary file read via Docker API injection CWE-88 6.5 -2026-03-24
CVE-2026-23923 Unauthenticated arbitrary PHP class instantiation CWE-470 9.8 -2026-03-24
CVE-2026-23921 Blind, read-only SQL injection in Zabbix API via sortfield parameter CWE-89 8.8 -2026-03-24
CVE-2026-23920 Host and event action script regex validation can be bypassed in certain situations, leading to potential command injection CWE-78 8.8 -2026-03-24
CVE-2026-23919 Insufficient isolation of JavaScript (Duktape) execution context on Zabbix Server CWE-488 2.7 -2026-03-24
CVE-2026-23925 Unauthorized host creation via configuration.import API by low-privilege user with write permissions CWE-863 6.5 -2026-03-06
CVE-2025-49643 Frontend DoS vulnerability due to asymmetric resource consumption CWE-405 6.5AIMediumAI2025-12-01
CVE-2025-49642 Agent builds for AIX vulnerable to library loading hijacking CWE-426 7.8AIHighAI2025-12-01
CVE-2025-27232 Frontend arbitrary file read in oauth.authorize action CWE-918 4.9AIMediumAI2025-12-01
CVE-2025-49641 Insufficient permission check for the problem.view.refresh action CWE-863 4.3 -2025-10-03
CVE-2025-27237 DLL injection in Zabbix Agent and Agent 2 via OpenSSL configuration CWE-427 7.8AIHighAI2025-10-03
CVE-2025-27236 User information disclosure via api_jsonrpc.php on method user.get with param search CWE-863 4.3 -2025-10-03
CVE-2025-27231 LDAP 'Bind password' field value can be leaked by a Zabbix Super Admin CWE-522 4.9 -2025-10-03
CVE-2025-27240 Secondary-order SQL injection in Zabbix Server when deleting an autoregistered host CWE-89 7.2 -2025-09-12
CVE-2025-27238 API hostprototype.get lists data to users with insufficient authorization. 5.3 -2025-09-12
CVE-2025-27233 Zabbix Agent 2 smartctl plugin argument injection in Zabbix 6.0 and later. CWE-77 6.5 -2025-09-12
CVE-2025-27234 Zabbix Agent 2 smartctl plugin RCE vulnerability in Zabbix 5.0. CWE-78 9.8 -2025-09-12
CVE-2024-45700 DoS vulnerability due to uncontrolled resource exhaustion CWE-770 7.5AIHighAI2025-04-02
CVE-2024-45699 Reflected XSS vulnerability in /zabbix.php?action=export.valuemaps CWE-79 6.1AIMediumAI2025-04-02
CVE-2024-42325 Excessive information returned by user.get CWE-359 7.5AIHighAI2025-04-02
CVE-2024-36469 User enumeration via timing attack in Zabbix web interface CWE-208 9.4AICriticalAI2025-04-02
CVE-2024-36465 SQL injection in Zabbix API CWE-89 8.8AIHighAI2025-04-02
CVE-2024-36466 Unauthenticated Zabbix frontend takeover when SSO is being used CWE-290 8.8 High2024-11-28
CVE-2024-36464 Media Types: Office365, SMTP passwords are unencrypted and visible in plaintext when exported CWE-256 2.7 Low2024-11-27
CVE-2024-42333 Heap buffer over-read CWE-126 2.7 Low2024-11-27
CVE-2024-42332 New line injection in Zabbix SNMP traps 3.7 Low2024-11-27
CVE-2024-42331 Use after free in browser_push_error CWE-416 3.3 Low2024-11-27
CVE-2024-42330 JS - Internal strings in HTTP headers CWE-134 9.1 Critical2024-11-27
CVE-2024-42329 JS - Crash on unexpected HTTP server response CWE-690 3.3 Low2024-11-27
CVE-2024-42328 JS - Crash on empty HTTP server response CWE-690 3.3 Low2024-11-27

All 67 known CVE vulnerabilities affecting Zabbix with full Chinese analysis, references, and POCs where available.