This page lists publicly disclosed CVE vulnerabilities affecting zabbix zabbix_server (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-32727 | An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server. | [email protected] | 6.8 | 0.46% | 2023-12-18 | 2025-11-03 |
| CVE-2023-32725 | The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user. | [email protected] | 9.6 | 1.06% | 2023-12-18 | 2024-11-21 |