Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2024-42327 | A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access. | 9.9 | 91.40% | 2024-11-27 | 2025-10-08 |
| CVE-2024-22116 | An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure. | 9.9 | 0.53% | 2024-08-12 | 2025-11-03 |
| CVE-2023-29453 | Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply | 9.8 | 0.56% | 2023-10-12 | 2024-11-21 |
| CVE-2023-32725 | The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user. | 9.6 | 1.06% | 2023-12-18 | 2024-11-21 |
| CVE-2023-32722 | The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open. | 9.6 | 0.36% | 2023-10-12 | 2025-11-03 |
| CVE-2024-42330 | The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects. | 9.1 | 0.15% | 2024-11-27 | 2025-11-03 |
| CVE-2024-36461 | Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine. | 9.1 | 0.73% | 2024-08-12 | 2025-11-03 |
| CVE-2024-22120 | Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection. | 9.1 | 91.95% | 2024-05-17 | 2025-10-08 |
| CVE-2023-32724 | Memory pointer is in a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory access and manipulation. | 9.1 | 0.72% | 2023-10-12 | 2025-11-03 |
| CVE-2022-23131 KEV | In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default). | 9.1 | 94.05% | 2022-01-13 | 2025-10-30 |
| CVE-2024-36466 | A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them to sign in with admin permissions. | 8.8 | 0.25% | 2024-11-28 | 2025-10-08 |
| CVE-2026-23921 | A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL selects via the sortfield parameter. Although query results are not returned directly, an attacker can exfiltrate arbitrary database data through time-based techniques, potentially leading to session identifier disclosure and administrator account compromise. | 8.7 | 0.03% | 2026-03-24 | 2026-03-25 |
| CVE-2024-36465 | A low privilege (regular) Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter. | 8.6 | 2.18% | 2025-04-02 | 2025-10-08 |
| CVE-2023-32723 | Request to LDAP is sent before user permissions are checked. | 8.5 | 0.14% | 2023-10-12 | 2024-11-21 |
| CVE-2023-29450 | JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data. | 8.5 | 0.25% | 2023-07-13 | 2025-11-03 |
| CVE-2024-36460 | The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text. | 8.1 | 0.41% | 2024-08-12 | 2025-11-03 |
| CVE-2026-23920 | Host and event action script input is validated with a regex (set by the administrator), but the validation runs in multiline mode. If ^ and $ anchors are used in user input validation, an injected newline lets authenticated users bypass the check and inject shell commands. | 7.7 | 0.05% | 2026-03-24 | 2026-03-25 |
| CVE-2023-32721 | A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL. | 7.6 | 0.71% | 2023-10-12 | 2025-11-03 |
| CVE-2025-27240 | A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field. | 7.5 | 0.06% | 2025-09-12 | 2025-10-08 |
| CVE-2024-45699 | The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser. | 7.5 | 0.14% | 2025-04-02 | 2025-11-03 |