User with no permission to any of the Hosts can access and view host count & other statistics through System Information Widget in Global View Dashboard.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-08-12
The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section.
CVSS Score
5.5
EPSS Score
0.003
Published
2024-02-09
Memory pointer is in a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory access and manipulation.
CVSS Score
9.1
EPSS Score
0.007
Published
2023-10-12
A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL.
CVSS Score
7.6
EPSS Score
0.007
Published
2023-10-12
Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy.
CVSS Score
4.7
EPSS Score
0.001
Published
2023-07-13
JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data.
CVSS Score
8.5
EPSS Score
0.003
Published
2023-07-13
Page 2