Vulnerabilidades en Zabbix
83 resultadosCVE-2024-36469LOWUser enumeration via timing attack in Zabbix web interfaceEPSS 0.3%CVE-2024-42325LOWExcessive information returned by user.getEPSS 0.3%CVE-2025-49643MEDIUMFrontend DoS vulnerability due to asymmetric resource consumptionEPSS 0.3%CVE-2025-27232MEDIUMFrontend arbitrary file read in oauth.authorize actionEPSS 0.3%CVE-2025-27234HIGHZabbix Agent 2 smartctl plugin RCE vulnerability in Zabbix 5.0.EPSS 0.3%CVE-2026-23923MEDIUMUnauthenticated arbitrary PHP class instantiationEPSS 0.3%CVE-2026-23928HIGHStored XSS vulnerability in the Item history/Plain text widgetEPSS 0.3%CVE-2026-23926HIGHStored XSS vulnerability in Host navigator widget maintenance tooltipEPSS 0.3%CVE-2025-49641MEDIUMInsufficient permission check for the problem.view.refresh actionEPSS 0.3%CVE-2024-42331LOWUse after free in browser_push_errorEPSS 0.3%CVE-2026-23925MEDIUMUnauthorized host creation via configuration.import API by low-privilege user with write permissionsEPSS 0.3%CVE-2026-23924MEDIUMAgent 2 Docker plugin arbitrary file read via Docker API injectionEPSS 0.3%CVE-2026-23920HIGHHost and event action script regex validation can be bypassed in certain situations, leading to potential command injectionEPSS 0.2%CVE-2024-42329LOWJS - Crash on unexpected HTTP server responseEPSS 0.2%CVE-2026-23921HIGHBlind, read-only SQL injection in Zabbix API via sortfield parameterEPSS 0.2%CVE-2024-42326MEDIUMUse after free vulnerability in browser.cEPSS 0.2%CVE-2024-42328LOWJS - Crash on empty HTTP server responseEPSS 0.2%CVE-2024-22121MEDIUMZabbix Agent MSI Installer Allows Non-Admin User to Access Change Option via msiexec.exeEPSS 0.2%CVE-2026-23927MEDIUMAgent 2 Oracle plugin TNS connection string injection via the 'service' parameterEPSS 0.2%CVE-2025-27238LOWAPI hostprototype.get lists data to users with insufficient authorization.EPSS 0.2%