Vulnerabilities in Zabbix
83 resultsCVE-2022-23131CRITICALUnsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAMLEPSS 95.7%KEVCVE-2022-23134LOWPossible view of the setup pages by unauthenticated users if config file already existsEPSS 84.7%KEVCVE-2024-42327CRITICALSQL injection in user.get APIEPSS 78.8%CVE-2024-22120CRITICALTime Based SQL Injection in Zabbix Server Audit LogEPSS 76.6%CVE-2013-3628—Zabbix 2.0.9 has an Arbitrary Command Execution VulnerabilityEPSS 67.5%CVE-2023-29452MEDIUMRemove possibility to add html into Geomap attribution fieldEPSS 62.0%CVE-2022-46768MEDIUMFile name information disclosure vulnerability in Zabbix Web Service Report GenerationEPSS 47.8%CVE-2017-2824—An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of pEPSS 26.1%CVE-2024-36465HIGHSQL injection in Zabbix APIEPSS 23.0%CVE-2024-22122LOWAT(GSM) Command InjectionEPSS 1.6%CVE-2024-22116CRITICALRemote code execution within ping scriptEPSS 1.6%CVE-2022-43515MEDIUMX-Forwarded-For header is active by default causes access to Zabbix sites in maintenance modeEPSS 1.2%CVE-2025-27240HIGHSecondary-order SQL injection in Zabbix Server when deleting an autoregistered hostEPSS 1.2%CVE-2023-29450HIGHUnauthorized limited filesystem access from preprocessingEPSS 1.1%CVE-2022-23133MEDIUMStored XSS in host groups configuration window in Zabbix FrontendEPSS 1.0%CVE-2023-29449MEDIUMLimited control of resource utilization in JS preprocessingEPSS 1.0%CVE-2024-42330CRITICALJS - Internal strings in HTTP headersEPSS 1.0%CVE-2022-43516MEDIUMZabbix Agent installer adds “allow all TCP any any” firewall ruleEPSS 0.9%CVE-2024-36462HIGHAllocation of resources without limits or throttling (uncontrolled resource consumption)EPSS 0.9%CVE-2023-32727MEDIUMCode execution vulnerability in icmppingEPSS 0.9%