Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Zabbix — Vulnerabilities & Security Advisories 83

Browse all 83 CVE security advisories affecting Zabbix. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Zabbix is an enterprise-class open-source monitoring solution designed for real-time observation of IT infrastructure, including servers, networks, and applications. Its architecture relies on a central server, database, and agents to collect performance metrics and trigger alerts. Historically, the platform has been associated with eighty-three recorded Common Vulnerabilities and Exposures (CVEs), predominantly involving SQL injection, cross-site scripting, and remote code execution flaws. These issues often stem from insufficient input validation within the web interface or improper access controls in API endpoints. While the software itself is robust, its complexity in deployment can introduce configuration weaknesses. Notable incidents have highlighted risks related to privilege escalation and unauthorized data access, emphasizing the need for rigorous patch management. Security audits frequently recommend disabling unused modules and enforcing strict network segmentation to mitigate potential exploitation vectors inherent in its extensive feature set.

Top products by Zabbix: Zabbix Frontend Zabbix Server Proxy, Server Zabbix agent (MSI packages) Web Service Report Generation
CVE IDTitleCVSSSeverityPublished
CVE-2024-42330 JS - Internal strings in HTTP headers — ZabbixCWE-134 9.1 Critical2024-11-27
CVE-2024-42329 JS - Crash on unexpected HTTP server response — ZabbixCWE-690 3.3 Low2024-11-27
CVE-2024-42328 JS - Crash on empty HTTP server response — ZabbixCWE-690 3.3 Low2024-11-27
CVE-2024-42327 SQL injection in user.get API — ZabbixCWE-89 9.9 Critical2024-11-27
CVE-2024-42326 Use after free vulnerability in browser.c — ZabbixCWE-416 4.4 Medium2024-11-27
CVE-2024-36468 Stack buffer overflow in zbx_snmp_cache_handle_engineid — ZabbixCWE-121 3.0 Low2024-11-27
CVE-2024-36467 Authentication privilege escalation via user groups due to missing authorization checks — ZabbixCWE-285 7.5 High2024-11-27
CVE-2024-36463 Zabbix 安全漏洞 — ZabbixCWE-767 6.5 Medium2024-11-26
CVE-2024-22117 Value of sysmap_element_url can be de-synchronized causing the map element to crash when new URLs is added — ZabbixCWE-20 2.2 Low2024-11-26
CVE-2024-22123 Zabbix Arbitrary File Read — ZabbixCWE-94 2.7 Low2024-08-09
CVE-2024-22116 Remote code execution within ping script — ZabbixCWE-94 9.9 Critical2024-08-09
CVE-2024-22114 System Information Widget in Global View Dashboard exposes information about Hosts to Users without Permission — ZabbixCWE-281 4.3 Medium2024-08-09
CVE-2024-36462 Allocation of resources without limits or throttling (uncontrolled resource consumption) — ZabbixCWE-770 7.5 High2024-08-09
CVE-2024-36461 Direct access to memory pointers within the JS engine for modification — ZabbixCWE-822 9.1 Critical2024-08-09
CVE-2024-36460 Front-end audit log shows passwords in plaintext — ZabbixCWE-256 8.1 High2024-08-09
CVE-2024-22122 AT(GSM) Command Injection — ZabbixCWE-77 3.0 Low2024-08-09
CVE-2024-22121 Zabbix Agent MSI Installer Allows Non-Admin User to Access Change Option via msiexec.exe — ZabbixCWE-281 6.1 Medium2024-08-09
CVE-2024-22120 Time Based SQL Injection in Zabbix Server Audit Log — ZabbixCWE-20 9.1 Critical2024-05-17
CVE-2024-22119 Stored XSS in graph items select form — ZabbixCWE-20 5.5 Medium2024-02-09
CVE-2023-32728 Code injection in zabbix_agent2 smart.disk.get caused by smartctl plugin — ZabbixCWE-20 4.6 Medium2023-12-18
CVE-2023-32727 Code execution vulnerability in icmpping — ZabbixCWE-20 6.8 Medium2023-12-18
CVE-2023-32726 Possible buffer overread from reading DNS responses — ZabbixCWE-754 3.9 Low2023-12-18
CVE-2023-32725 Leak of zbx_session cookie when using a scheduled report that includes a dashboard with a URL widget. — ZabbixCWE-565 9.6 Critical2023-12-18
CVE-2023-32724 JavaScript engine memory pointers are directly available for Zabbix users for modification — ZabbixCWE-732 9.1 Critical2023-10-12
CVE-2023-32723 Inefficient permission check in class CControllerAuthenticationUpdate — ZabbixCWE-732 8.5 High2023-10-12
CVE-2023-32722 Stack-buffer Overflow in library module zbxjson — ZabbixCWE-120 9.6 Critical2023-10-12
CVE-2023-32721 Stored XSS in Maps element — ZabbixCWE-20 7.6 High2023-10-12
CVE-2023-29453 Agent 2 package are built with Go version affected by CVE-2023-24538 — ZabbixCWE-94 9.8 Critical2023-10-12
CVE-2023-29457 Insufficient validation of Action form input fields — ZabbixCWE-20 6.3 Medium2023-07-13
CVE-2023-29458 Duktape 2.6 bug crashes JavaScript putting too many values in valstack. — ZabbixCWE-129 5.9 Medium2023-07-13

This page lists every published CVE security advisory associated with Zabbix. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.