Vulnerabilities in Zscaler
43 resultsCVE-2024-23483HIGHLocal Privilege Escalation via lack of input validationEPSS 0.7%CVE-2023-28800HIGHOutput encoding missing in redrurl parameterEPSS 0.5%CVE-2024-23459HIGHMultiple Arbitrary Creates/Overwrites by link followingEPSS 0.5%CVE-2023-28799HIGHA URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would reEPSS 0.4%CVE-2023-28798MEDIUMOut-of-bounds write to heap in pacparserEPSS 0.4%CVE-2024-23464HIGHZscaler bypass with administrative privileges on WindowsEPSS 0.4%CVE-2024-23463HIGHAnti-Tampering bypass via Repair App functionalityEPSS 0.4%CVE-2025-54982CRITICALSAML 2.0 Public Key Validation IssueEPSS 0.4%CVE-2023-28805MEDIUMZCC on Linux privilege escalationEPSS 0.3%CVE-2023-28807MEDIUMBypass of ZIA domain fronting detection module through evasion techniqueEPSS 0.3%CVE-2023-28801CRITICALImproper SAML signature verificationEPSS 0.3%CVE-2023-41973HIGHLack of input santization on Zscaler Client Connector enables arbitrary code executionEPSS 0.3%CVE-2023-41969HIGHZSATrayManager Arbitrary File DeletionEPSS 0.3%CVE-2024-23480HIGHInsecure MacOS code sign check fallback EPSS 0.3%CVE-2023-28793HIGHHeap Based Buffer Overflow in LibraryEPSS 0.3%CVE-2024-23482HIGHZScalerService Local Privilege EscalationEPSS 0.3%CVE-2023-28803MEDIUMTraffic being bypassed by ZCC by configuring synthetic IP range as local networkEPSS 0.3%CVE-2023-28804HIGHLinux ZCC allows unsigned updates, allowing elevated Code ExecutionEPSS 0.2%CVE-2023-41972HIGHRevert password check incorrect type validationEPSS 0.2%CVE-2023-28802MEDIUMDisable Zscaler using machine tunnel restartEPSS 0.2%