| 0 |
| url |
VCID-172p-q6d5-9ya3 |
| vulnerability_id |
VCID-172p-q6d5-9ya3 |
| summary |
Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-36469 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00125 |
| scoring_system |
epss |
| scoring_elements |
0.31394 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00125 |
| scoring_system |
epss |
| scoring_elements |
0.31826 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00125 |
| scoring_system |
epss |
| scoring_elements |
0.31791 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00125 |
| scoring_system |
epss |
| scoring_elements |
0.31823 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.00125 |
| scoring_system |
epss |
| scoring_elements |
0.31803 |
| published_at |
2026-04-18T12:55:00Z |
|
| 5 |
| value |
0.00125 |
| scoring_system |
epss |
| scoring_elements |
0.31773 |
| published_at |
2026-04-21T12:55:00Z |
|
| 6 |
| value |
0.00125 |
| scoring_system |
epss |
| scoring_elements |
0.31606 |
| published_at |
2026-04-24T12:55:00Z |
|
| 7 |
| value |
0.00125 |
| scoring_system |
epss |
| scoring_elements |
0.31478 |
| published_at |
2026-04-26T12:55:00Z |
|
| 8 |
| value |
0.00125 |
| scoring_system |
epss |
| scoring_elements |
0.31861 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00125 |
| scoring_system |
epss |
| scoring_elements |
0.31865 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00151 |
| scoring_system |
epss |
| scoring_elements |
0.35753 |
| published_at |
2026-04-04T12:55:00Z |
|
| 11 |
| value |
0.00151 |
| scoring_system |
epss |
| scoring_elements |
0.35726 |
| published_at |
2026-04-02T12:55:00Z |
|
| 12 |
| value |
0.00151 |
| scoring_system |
epss |
| scoring_elements |
0.35633 |
| published_at |
2026-04-07T12:55:00Z |
|
| 13 |
| value |
0.00151 |
| scoring_system |
epss |
| scoring_elements |
0.35679 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-36469 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-36469
|
| risk_score |
0.8 |
| exploitability |
0.5 |
| weighted_severity |
1.6 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-172p-q6d5-9ya3 |
|
| 1 |
| url |
VCID-1xr6-n296-cyfd |
| vulnerability_id |
VCID-1xr6-n296-cyfd |
| summary |
The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-22119 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00423 |
| scoring_system |
epss |
| scoring_elements |
0.6214 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00423 |
| scoring_system |
epss |
| scoring_elements |
0.62143 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00423 |
| scoring_system |
epss |
| scoring_elements |
0.62149 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00423 |
| scoring_system |
epss |
| scoring_elements |
0.62133 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.00423 |
| scoring_system |
epss |
| scoring_elements |
0.62131 |
| published_at |
2026-04-24T12:55:00Z |
|
| 5 |
| value |
0.00423 |
| scoring_system |
epss |
| scoring_elements |
0.62147 |
| published_at |
2026-04-26T12:55:00Z |
|
| 6 |
| value |
0.00423 |
| scoring_system |
epss |
| scoring_elements |
0.62042 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00423 |
| scoring_system |
epss |
| scoring_elements |
0.62074 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00423 |
| scoring_system |
epss |
| scoring_elements |
0.62043 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00423 |
| scoring_system |
epss |
| scoring_elements |
0.62093 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.00423 |
| scoring_system |
epss |
| scoring_elements |
0.6211 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.00423 |
| scoring_system |
epss |
| scoring_elements |
0.6213 |
| published_at |
2026-04-11T12:55:00Z |
|
| 12 |
| value |
0.00423 |
| scoring_system |
epss |
| scoring_elements |
0.6212 |
| published_at |
2026-04-12T12:55:00Z |
|
| 13 |
| value |
0.00423 |
| scoring_system |
epss |
| scoring_elements |
0.62099 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-22119 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-22119
|
| risk_score |
2.5 |
| exploitability |
0.5 |
| weighted_severity |
5.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1xr6-n296-cyfd |
|
| 2 |
| url |
VCID-3g1d-2tvh-akh4 |
| vulnerability_id |
VCID-3g1d-2tvh-akh4 |
| summary |
Zabbix server is vulnerable to a DoS vulnerability due to uncontrolled resource exhaustion. An attacker can send specially crafted requests to the server, which will cause the server to allocate an excessive amount of memory and perform CPU-intensive decompression operations, ultimately leading to a service crash. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-45700 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00197 |
| scoring_system |
epss |
| scoring_elements |
0.41583 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00197 |
| scoring_system |
epss |
| scoring_elements |
0.41734 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00197 |
| scoring_system |
epss |
| scoring_elements |
0.4166 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.00197 |
| scoring_system |
epss |
| scoring_elements |
0.41661 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.00197 |
| scoring_system |
epss |
| scoring_elements |
0.41788 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00197 |
| scoring_system |
epss |
| scoring_elements |
0.41817 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00197 |
| scoring_system |
epss |
| scoring_elements |
0.41746 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00197 |
| scoring_system |
epss |
| scoring_elements |
0.41796 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00197 |
| scoring_system |
epss |
| scoring_elements |
0.41805 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00197 |
| scoring_system |
epss |
| scoring_elements |
0.41829 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00197 |
| scoring_system |
epss |
| scoring_elements |
0.41783 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00197 |
| scoring_system |
epss |
| scoring_elements |
0.41832 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.00197 |
| scoring_system |
epss |
| scoring_elements |
0.41806 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-45700 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-45700
|
| risk_score |
1.6 |
| exploitability |
0.5 |
| weighted_severity |
3.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3g1d-2tvh-akh4 |
|
| 3 |
| url |
VCID-3qru-uxsd-e3c8 |
| vulnerability_id |
VCID-3qru-uxsd-e3c8 |
| summary |
Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server" because there is no validation of "Number" field on Web nor on Zabbix server side. Attacker can run test of SMS providing specially crafted phone number and execute additional AT commands on modem. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-22122 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00438 |
| scoring_system |
epss |
| scoring_elements |
0.6317 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00438 |
| scoring_system |
epss |
| scoring_elements |
0.63136 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00438 |
| scoring_system |
epss |
| scoring_elements |
0.63158 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.00438 |
| scoring_system |
epss |
| scoring_elements |
0.63172 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.00438 |
| scoring_system |
epss |
| scoring_elements |
0.6307 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00438 |
| scoring_system |
epss |
| scoring_elements |
0.631 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00438 |
| scoring_system |
epss |
| scoring_elements |
0.63064 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00438 |
| scoring_system |
epss |
| scoring_elements |
0.63116 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00438 |
| scoring_system |
epss |
| scoring_elements |
0.63133 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00438 |
| scoring_system |
epss |
| scoring_elements |
0.6315 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00438 |
| scoring_system |
epss |
| scoring_elements |
0.63135 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00438 |
| scoring_system |
epss |
| scoring_elements |
0.63113 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00438 |
| scoring_system |
epss |
| scoring_elements |
0.63148 |
| published_at |
2026-04-16T12:55:00Z |
|
| 13 |
| value |
0.00438 |
| scoring_system |
epss |
| scoring_elements |
0.63155 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-22122 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-22122
|
| risk_score |
0.8 |
| exploitability |
0.5 |
| weighted_severity |
1.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3qru-uxsd-e3c8 |
|
| 4 |
| url |
VCID-464s-8ex9-kqdz |
| vulnerability_id |
VCID-464s-8ex9-kqdz |
| summary |
A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-32721 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00715 |
| scoring_system |
epss |
| scoring_elements |
0.72306 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00715 |
| scoring_system |
epss |
| scoring_elements |
0.72324 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00715 |
| scoring_system |
epss |
| scoring_elements |
0.72301 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00715 |
| scoring_system |
epss |
| scoring_elements |
0.7234 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00715 |
| scoring_system |
epss |
| scoring_elements |
0.72352 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00715 |
| scoring_system |
epss |
| scoring_elements |
0.72375 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00715 |
| scoring_system |
epss |
| scoring_elements |
0.72358 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00715 |
| scoring_system |
epss |
| scoring_elements |
0.72346 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00715 |
| scoring_system |
epss |
| scoring_elements |
0.72387 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.00715 |
| scoring_system |
epss |
| scoring_elements |
0.72397 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00715 |
| scoring_system |
epss |
| scoring_elements |
0.72384 |
| published_at |
2026-04-21T12:55:00Z |
|
| 11 |
| value |
0.00715 |
| scoring_system |
epss |
| scoring_elements |
0.72427 |
| published_at |
2026-04-24T12:55:00Z |
|
| 12 |
| value |
0.00715 |
| scoring_system |
epss |
| scoring_elements |
0.72436 |
| published_at |
2026-04-26T12:55:00Z |
|
| 13 |
| value |
0.00715 |
| scoring_system |
epss |
| scoring_elements |
0.72432 |
| published_at |
2026-04-29T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-32721 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-32721
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-464s-8ex9-kqdz |
|
| 5 |
| url |
VCID-4s92-5es4-yka5 |
| vulnerability_id |
VCID-4s92-5es4-yka5 |
| summary |
User with no permission to any of the Hosts can access and view host count & other statistics through System Information Widget in Global View Dashboard. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-22114 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00176 |
| scoring_system |
epss |
| scoring_elements |
0.38687 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00176 |
| scoring_system |
epss |
| scoring_elements |
0.39004 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00176 |
| scoring_system |
epss |
| scoring_elements |
0.38797 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.00176 |
| scoring_system |
epss |
| scoring_elements |
0.38774 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.00176 |
| scoring_system |
epss |
| scoring_elements |
0.391 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00176 |
| scoring_system |
epss |
| scoring_elements |
0.39122 |
| published_at |
2026-04-16T12:55:00Z |
|
| 6 |
| value |
0.00176 |
| scoring_system |
epss |
| scoring_elements |
0.3904 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00176 |
| scoring_system |
epss |
| scoring_elements |
0.39096 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00176 |
| scoring_system |
epss |
| scoring_elements |
0.39112 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00176 |
| scoring_system |
epss |
| scoring_elements |
0.39124 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00176 |
| scoring_system |
epss |
| scoring_elements |
0.39087 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00176 |
| scoring_system |
epss |
| scoring_elements |
0.39067 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00176 |
| scoring_system |
epss |
| scoring_elements |
0.39092 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-22114 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-22114
|
| risk_score |
1.1 |
| exploitability |
0.5 |
| weighted_severity |
2.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4s92-5es4-yka5 |
|
| 6 |
| url |
VCID-4uxg-fxv7-rua8 |
| vulnerability_id |
VCID-4uxg-fxv7-rua8 |
| summary |
An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-32727 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00464 |
| scoring_system |
epss |
| scoring_elements |
0.64394 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00464 |
| scoring_system |
epss |
| scoring_elements |
0.64302 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00464 |
| scoring_system |
epss |
| scoring_elements |
0.64369 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00464 |
| scoring_system |
epss |
| scoring_elements |
0.6436 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.00464 |
| scoring_system |
epss |
| scoring_elements |
0.64381 |
| published_at |
2026-04-24T12:55:00Z |
|
| 5 |
| value |
0.00464 |
| scoring_system |
epss |
| scoring_elements |
0.64331 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00464 |
| scoring_system |
epss |
| scoring_elements |
0.64287 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00464 |
| scoring_system |
epss |
| scoring_elements |
0.64335 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00464 |
| scoring_system |
epss |
| scoring_elements |
0.6435 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00464 |
| scoring_system |
epss |
| scoring_elements |
0.64363 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00464 |
| scoring_system |
epss |
| scoring_elements |
0.64351 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00464 |
| scoring_system |
epss |
| scoring_elements |
0.64322 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00464 |
| scoring_system |
epss |
| scoring_elements |
0.64358 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-32727 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-32727
|
| risk_score |
1.7 |
| exploitability |
0.5 |
| weighted_severity |
3.4 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4uxg-fxv7-rua8 |
|
| 7 |
| url |
VCID-547a-p94b-6fep |
| vulnerability_id |
VCID-547a-p94b-6fep |
| summary |
The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-32722 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00357 |
| scoring_system |
epss |
| scoring_elements |
0.57968 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00357 |
| scoring_system |
epss |
| scoring_elements |
0.57972 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00357 |
| scoring_system |
epss |
| scoring_elements |
0.58005 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.00357 |
| scoring_system |
epss |
| scoring_elements |
0.57969 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.00357 |
| scoring_system |
epss |
| scoring_elements |
0.57985 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.00357 |
| scoring_system |
epss |
| scoring_elements |
0.5799 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00357 |
| scoring_system |
epss |
| scoring_elements |
0.57966 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00357 |
| scoring_system |
epss |
| scoring_elements |
0.58022 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00357 |
| scoring_system |
epss |
| scoring_elements |
0.58024 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00357 |
| scoring_system |
epss |
| scoring_elements |
0.58041 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00357 |
| scoring_system |
epss |
| scoring_elements |
0.58019 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00357 |
| scoring_system |
epss |
| scoring_elements |
0.57999 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00357 |
| scoring_system |
epss |
| scoring_elements |
0.58029 |
| published_at |
2026-04-16T12:55:00Z |
|
| 13 |
| value |
0.00357 |
| scoring_system |
epss |
| scoring_elements |
0.58028 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-32722 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-32722
|
| risk_score |
2.4 |
| exploitability |
0.5 |
| weighted_severity |
4.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-547a-p94b-6fep |
|
| 8 |
| url |
VCID-5nmy-hdh8-xbg1 |
| vulnerability_id |
VCID-5nmy-hdh8-xbg1 |
| summary |
A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL selects via the sortfield parameter. Although query results are not returned directly, an attacker can exfiltrate arbitrary database data through time-based techniques, potentially leading to session identifier disclosure and administrator account compromise. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-23921 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.09616 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.09722 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.09806 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.09761 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.09772 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.09677 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.09748 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.09798 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.09808 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.09777 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.0976 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.09645 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.00039 |
| scoring_system |
epss |
| scoring_elements |
0.11435 |
| published_at |
2026-04-29T12:55:00Z |
|
| 13 |
| value |
0.00039 |
| scoring_system |
epss |
| scoring_elements |
0.11508 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-23921 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-23921
|
| risk_score |
2.1 |
| exploitability |
0.5 |
| weighted_severity |
4.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5nmy-hdh8-xbg1 |
|
| 9 |
| url |
VCID-5s7j-6aea-qucr |
| vulnerability_id |
VCID-5s7j-6aea-qucr |
| summary |
Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application, then the application saves the payload (e.g., in a database or server-side text files), and finally, the application unintentionally executes the payload for every victim visiting its web pages. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-29454 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00646 |
| scoring_system |
epss |
| scoring_elements |
0.70673 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.00646 |
| scoring_system |
epss |
| scoring_elements |
0.70654 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00807 |
| scoring_system |
epss |
| scoring_elements |
0.74251 |
| published_at |
2026-04-29T12:55:00Z |
|
| 3 |
| value |
0.00807 |
| scoring_system |
epss |
| scoring_elements |
0.74217 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.00807 |
| scoring_system |
epss |
| scoring_elements |
0.74209 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.00807 |
| scoring_system |
epss |
| scoring_elements |
0.74244 |
| published_at |
2026-04-24T12:55:00Z |
|
| 6 |
| value |
0.00807 |
| scoring_system |
epss |
| scoring_elements |
0.74253 |
| published_at |
2026-04-26T12:55:00Z |
|
| 7 |
| value |
0.00807 |
| scoring_system |
epss |
| scoring_elements |
0.74126 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00807 |
| scoring_system |
epss |
| scoring_elements |
0.74159 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.00807 |
| scoring_system |
epss |
| scoring_elements |
0.74174 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.00807 |
| scoring_system |
epss |
| scoring_elements |
0.74195 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.00807 |
| scoring_system |
epss |
| scoring_elements |
0.74177 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.00807 |
| scoring_system |
epss |
| scoring_elements |
0.7417 |
| published_at |
2026-04-13T12:55:00Z |
|
| 13 |
| value |
0.00807 |
| scoring_system |
epss |
| scoring_elements |
0.74208 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-29454 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-29454
|
| risk_score |
2.5 |
| exploitability |
0.5 |
| weighted_severity |
4.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5s7j-6aea-qucr |
|
| 10 |
| url |
VCID-5t3e-bfve-d3he |
| vulnerability_id |
VCID-5t3e-bfve-d3he |
| summary |
The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-32728 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67518 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67419 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67487 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67506 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67517 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67441 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.6742 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67471 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67485 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67508 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67495 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67461 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67497 |
| published_at |
2026-04-16T12:55:00Z |
|
| 13 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67509 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-32728 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-32728
|
| risk_score |
1.1 |
| exploitability |
0.5 |
| weighted_severity |
2.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5t3e-bfve-d3he |
|
| 11 |
| url |
VCID-673b-qsd3-e3hz |
| vulnerability_id |
VCID-673b-qsd3-e3hz |
| summary |
Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-29455 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00917 |
| scoring_system |
epss |
| scoring_elements |
0.75899 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.00917 |
| scoring_system |
epss |
| scoring_elements |
0.75866 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.01219 |
| scoring_system |
epss |
| scoring_elements |
0.79136 |
| published_at |
2026-04-29T12:55:00Z |
|
| 3 |
| value |
0.01219 |
| scoring_system |
epss |
| scoring_elements |
0.79082 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.01219 |
| scoring_system |
epss |
| scoring_elements |
0.79081 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.01219 |
| scoring_system |
epss |
| scoring_elements |
0.79114 |
| published_at |
2026-04-24T12:55:00Z |
|
| 6 |
| value |
0.01219 |
| scoring_system |
epss |
| scoring_elements |
0.79121 |
| published_at |
2026-04-26T12:55:00Z |
|
| 7 |
| value |
0.01219 |
| scoring_system |
epss |
| scoring_elements |
0.79028 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.01219 |
| scoring_system |
epss |
| scoring_elements |
0.79052 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.01219 |
| scoring_system |
epss |
| scoring_elements |
0.79059 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.01219 |
| scoring_system |
epss |
| scoring_elements |
0.79083 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.01219 |
| scoring_system |
epss |
| scoring_elements |
0.79068 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.01219 |
| scoring_system |
epss |
| scoring_elements |
0.79058 |
| published_at |
2026-04-13T12:55:00Z |
|
| 13 |
| value |
0.01219 |
| scoring_system |
epss |
| scoring_elements |
0.79085 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-29455 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-29455
|
| risk_score |
2.5 |
| exploitability |
0.5 |
| weighted_severity |
4.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-673b-qsd3-e3hz |
|
| 12 |
| url |
VCID-6u3x-x7qt-g3fa |
| vulnerability_id |
VCID-6u3x-x7qt-g3fa |
| summary |
JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles (Admin and Superadmin). Administrative privileges should be typically granted to users who need to perform tasks that require more control over the system. The security risk is limited because not all users have this level of access. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-29449 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00755 |
| scoring_system |
epss |
| scoring_elements |
0.73212 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.00755 |
| scoring_system |
epss |
| scoring_elements |
0.73191 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.0086 |
| scoring_system |
epss |
| scoring_elements |
0.75096 |
| published_at |
2026-04-29T12:55:00Z |
|
| 3 |
| value |
0.0086 |
| scoring_system |
epss |
| scoring_elements |
0.75049 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.0086 |
| scoring_system |
epss |
| scoring_elements |
0.75087 |
| published_at |
2026-04-24T12:55:00Z |
|
| 5 |
| value |
0.0086 |
| scoring_system |
epss |
| scoring_elements |
0.75092 |
| published_at |
2026-04-26T12:55:00Z |
|
| 6 |
| value |
0.0086 |
| scoring_system |
epss |
| scoring_elements |
0.7498 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.0086 |
| scoring_system |
epss |
| scoring_elements |
0.75014 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.0086 |
| scoring_system |
epss |
| scoring_elements |
0.75026 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.0086 |
| scoring_system |
epss |
| scoring_elements |
0.75047 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.0086 |
| scoring_system |
epss |
| scoring_elements |
0.75015 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.0086 |
| scoring_system |
epss |
| scoring_elements |
0.75051 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.0086 |
| scoring_system |
epss |
| scoring_elements |
0.75059 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-29449 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-29449
|
| risk_score |
1.5 |
| exploitability |
0.5 |
| weighted_severity |
3.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6u3x-x7qt-g3fa |
|
| 13 |
| url |
VCID-76qf-8jm4-8kct |
| vulnerability_id |
VCID-76qf-8jm4-8kct |
| summary |
Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-22120 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.92119 |
| scoring_system |
epss |
| scoring_elements |
0.99715 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.92119 |
| scoring_system |
epss |
| scoring_elements |
0.99714 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.92259 |
| scoring_system |
epss |
| scoring_elements |
0.99717 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.92259 |
| scoring_system |
epss |
| scoring_elements |
0.99718 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.92259 |
| scoring_system |
epss |
| scoring_elements |
0.99716 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.92259 |
| scoring_system |
epss |
| scoring_elements |
0.99719 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.92259 |
| scoring_system |
epss |
| scoring_elements |
0.99721 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-22120 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-22120
|
| risk_score |
9.0 |
| exploitability |
2.0 |
| weighted_severity |
4.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-76qf-8jm4-8kct |
|
| 14 |
| url |
VCID-7bzf-3c9x-8qc4 |
| vulnerability_id |
VCID-7bzf-3c9x-8qc4 |
| summary |
An authenticated user with API access (e.g.: user with default User role), more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group (e.g.: Zabbix Administrators), except to groups that are disabled or having restricted GUI access. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-36467 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00241 |
| scoring_system |
epss |
| scoring_elements |
0.47359 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.00241 |
| scoring_system |
epss |
| scoring_elements |
0.47425 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00241 |
| scoring_system |
epss |
| scoring_elements |
0.47366 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00241 |
| scoring_system |
epss |
| scoring_elements |
0.47339 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00241 |
| scoring_system |
epss |
| scoring_elements |
0.4736 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00241 |
| scoring_system |
epss |
| scoring_elements |
0.47308 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00241 |
| scoring_system |
epss |
| scoring_elements |
0.47363 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00241 |
| scoring_system |
epss |
| scoring_elements |
0.47384 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55627 |
| published_at |
2026-04-29T12:55:00Z |
|
| 9 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55708 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55633 |
| published_at |
2026-04-24T12:55:00Z |
|
| 11 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.5565 |
| published_at |
2026-04-26T12:55:00Z |
|
| 12 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55729 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-36467 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-36467
|
| risk_score |
1.9 |
| exploitability |
0.5 |
| weighted_severity |
3.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7bzf-3c9x-8qc4 |
|
| 15 |
| url |
VCID-7f3g-hebk-3qad |
| vulnerability_id |
VCID-7f3g-hebk-3qad |
| summary |
In the src/libs/zbxembed/browser.c file, the es_browser_ctor method retrieves a heap pointer from the Duktape JavaScript engine. This heap pointer is subsequently utilized by the browser_push_error method in the src/libs/zbxembed/browser_error.c file. A use-after-free bug can occur at this stage if the wd->browser heap pointer is freed by garbage collection. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-42331 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13557 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13676 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13685 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13655 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13822 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13878 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13679 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13762 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13812 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13781 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13744 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13694 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13605 |
| published_at |
2026-04-16T12:55:00Z |
|
| 13 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13602 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-42331 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-42331
|
| risk_score |
0.8 |
| exploitability |
0.5 |
| weighted_severity |
1.6 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7f3g-hebk-3qad |
|
| 16 |
| url |
VCID-7yp1-231f-a3eq |
| vulnerability_id |
VCID-7yp1-231f-a3eq |
| summary |
The implementation of atob in "Zabbix JS" allows to create a string with arbitrary content and use it to access internal properties of objects. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-36463 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59351 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59373 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59354 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59332 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59297 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59321 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59286 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59336 |
| published_at |
2026-04-29T12:55:00Z |
|
| 8 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59349 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59368 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59352 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59334 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59367 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-36463 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-36463
|
| risk_score |
1.6 |
| exploitability |
0.5 |
| weighted_severity |
3.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7yp1-231f-a3eq |
|
| 17 |
| url |
VCID-9jfn-6nvg-a3b6 |
| vulnerability_id |
VCID-9jfn-6nvg-a3b6 |
| summary |
A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-42327 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.90724 |
| scoring_system |
epss |
| scoring_elements |
0.99621 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.90724 |
| scoring_system |
epss |
| scoring_elements |
0.99623 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.90724 |
| scoring_system |
epss |
| scoring_elements |
0.99622 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.90724 |
| scoring_system |
epss |
| scoring_elements |
0.99619 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.90724 |
| scoring_system |
epss |
| scoring_elements |
0.9962 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.91356 |
| scoring_system |
epss |
| scoring_elements |
0.99665 |
| published_at |
2026-04-29T12:55:00Z |
|
| 6 |
| value |
0.91356 |
| scoring_system |
epss |
| scoring_elements |
0.9966 |
| published_at |
2026-04-18T12:55:00Z |
|
| 7 |
| value |
0.91356 |
| scoring_system |
epss |
| scoring_elements |
0.99661 |
| published_at |
2026-04-21T12:55:00Z |
|
| 8 |
| value |
0.91356 |
| scoring_system |
epss |
| scoring_elements |
0.99664 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-42327 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-42327
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
5.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9jfn-6nvg-a3b6 |
|
| 18 |
| url |
VCID-9z8h-gg7t-b7f8 |
| vulnerability_id |
VCID-9z8h-gg7t-b7f8 |
| summary |
Memory pointer is in a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory access and manipulation. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-32724 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0072 |
| scoring_system |
epss |
| scoring_elements |
0.72557 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.0072 |
| scoring_system |
epss |
| scoring_elements |
0.72559 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.0072 |
| scoring_system |
epss |
| scoring_elements |
0.72428 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.0072 |
| scoring_system |
epss |
| scoring_elements |
0.72446 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.0072 |
| scoring_system |
epss |
| scoring_elements |
0.72422 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.0072 |
| scoring_system |
epss |
| scoring_elements |
0.72461 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.0072 |
| scoring_system |
epss |
| scoring_elements |
0.72474 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.0072 |
| scoring_system |
epss |
| scoring_elements |
0.72496 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.0072 |
| scoring_system |
epss |
| scoring_elements |
0.72478 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.0072 |
| scoring_system |
epss |
| scoring_elements |
0.72469 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.0072 |
| scoring_system |
epss |
| scoring_elements |
0.7251 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.0072 |
| scoring_system |
epss |
| scoring_elements |
0.72519 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.0072 |
| scoring_system |
epss |
| scoring_elements |
0.72509 |
| published_at |
2026-04-21T12:55:00Z |
|
| 13 |
| value |
0.0072 |
| scoring_system |
epss |
| scoring_elements |
0.72552 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-32724 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-32724
|
| risk_score |
2.2 |
| exploitability |
0.5 |
| weighted_severity |
4.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9z8h-gg7t-b7f8 |
|
| 19 |
| url |
VCID-aetr-jrab-6fg5 |
| vulnerability_id |
VCID-aetr-jrab-6fg5 |
| summary |
The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-42330 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0017 |
| scoring_system |
epss |
| scoring_elements |
0.38183 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.0017 |
| scoring_system |
epss |
| scoring_elements |
0.38205 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.0017 |
| scoring_system |
epss |
| scoring_elements |
0.38159 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.0017 |
| scoring_system |
epss |
| scoring_elements |
0.38249 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.0017 |
| scoring_system |
epss |
| scoring_elements |
0.38272 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.0017 |
| scoring_system |
epss |
| scoring_elements |
0.38141 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.0017 |
| scoring_system |
epss |
| scoring_elements |
0.38191 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.0017 |
| scoring_system |
epss |
| scoring_elements |
0.38199 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.0017 |
| scoring_system |
epss |
| scoring_elements |
0.38218 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.0023 |
| scoring_system |
epss |
| scoring_elements |
0.45716 |
| published_at |
2026-04-29T12:55:00Z |
|
| 10 |
| value |
0.0023 |
| scoring_system |
epss |
| scoring_elements |
0.45838 |
| published_at |
2026-04-21T12:55:00Z |
|
| 11 |
| value |
0.0023 |
| scoring_system |
epss |
| scoring_elements |
0.45764 |
| published_at |
2026-04-24T12:55:00Z |
|
| 12 |
| value |
0.0023 |
| scoring_system |
epss |
| scoring_elements |
0.45775 |
| published_at |
2026-04-26T12:55:00Z |
|
| 13 |
| value |
0.0023 |
| scoring_system |
epss |
| scoring_elements |
0.45892 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-42330 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-42330
|
| risk_score |
2.2 |
| exploitability |
0.5 |
| weighted_severity |
4.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-aetr-jrab-6fg5 |
|
| 20 |
| url |
VCID-b8tm-2187-wkhz |
| vulnerability_id |
VCID-b8tm-2187-wkhz |
| summary |
When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-36464 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00049 |
| scoring_system |
epss |
| scoring_elements |
0.15318 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.00049 |
| scoring_system |
epss |
| scoring_elements |
0.15167 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00049 |
| scoring_system |
epss |
| scoring_elements |
0.15252 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00049 |
| scoring_system |
epss |
| scoring_elements |
0.15385 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00049 |
| scoring_system |
epss |
| scoring_elements |
0.15455 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00049 |
| scoring_system |
epss |
| scoring_elements |
0.15258 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00049 |
| scoring_system |
epss |
| scoring_elements |
0.15346 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00049 |
| scoring_system |
epss |
| scoring_elements |
0.15396 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00049 |
| scoring_system |
epss |
| scoring_elements |
0.15356 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00067 |
| scoring_system |
epss |
| scoring_elements |
0.20515 |
| published_at |
2026-04-29T12:55:00Z |
|
| 10 |
| value |
0.00067 |
| scoring_system |
epss |
| scoring_elements |
0.20663 |
| published_at |
2026-04-21T12:55:00Z |
|
| 11 |
| value |
0.00067 |
| scoring_system |
epss |
| scoring_elements |
0.2055 |
| published_at |
2026-04-24T12:55:00Z |
|
| 12 |
| value |
0.00067 |
| scoring_system |
epss |
| scoring_elements |
0.20547 |
| published_at |
2026-04-26T12:55:00Z |
|
| 13 |
| value |
0.00067 |
| scoring_system |
epss |
| scoring_elements |
0.20672 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-36464 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-36464
|
| risk_score |
0.7 |
| exploitability |
0.5 |
| weighted_severity |
1.4 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-b8tm-2187-wkhz |
|
| 21 |
| url |
VCID-batr-txtv-s3cf |
| vulnerability_id |
VCID-batr-txtv-s3cf |
| summary |
Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and zabbix_server will try to communicate with it as modem. As a result, log file will be broken with AT commands and small part for log file content will be leaked to UI. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-22123 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00402 |
| scoring_system |
epss |
| scoring_elements |
0.60847 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.00402 |
| scoring_system |
epss |
| scoring_elements |
0.60826 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.00402 |
| scoring_system |
epss |
| scoring_elements |
0.60852 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00402 |
| scoring_system |
epss |
| scoring_elements |
0.60757 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00402 |
| scoring_system |
epss |
| scoring_elements |
0.60786 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00402 |
| scoring_system |
epss |
| scoring_elements |
0.60751 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00402 |
| scoring_system |
epss |
| scoring_elements |
0.60799 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00402 |
| scoring_system |
epss |
| scoring_elements |
0.60815 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00402 |
| scoring_system |
epss |
| scoring_elements |
0.60836 |
| published_at |
2026-04-21T12:55:00Z |
|
| 9 |
| value |
0.00402 |
| scoring_system |
epss |
| scoring_elements |
0.60823 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00402 |
| scoring_system |
epss |
| scoring_elements |
0.60804 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00413 |
| scoring_system |
epss |
| scoring_elements |
0.61534 |
| published_at |
2026-04-29T12:55:00Z |
|
| 12 |
| value |
0.00413 |
| scoring_system |
epss |
| scoring_elements |
0.61539 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-22123 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-22123
|
| risk_score |
0.7 |
| exploitability |
0.5 |
| weighted_severity |
1.4 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-batr-txtv-s3cf |
|
| 22 |
| url |
VCID-cdyd-79m9-pyhv |
| vulnerability_id |
VCID-cdyd-79m9-pyhv |
| summary |
Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g., "var a = {{.}}"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template. Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-29453 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00559 |
| scoring_system |
epss |
| scoring_elements |
0.68334 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00559 |
| scoring_system |
epss |
| scoring_elements |
0.68329 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.00559 |
| scoring_system |
epss |
| scoring_elements |
0.68207 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00559 |
| scoring_system |
epss |
| scoring_elements |
0.68225 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00559 |
| scoring_system |
epss |
| scoring_elements |
0.68201 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00559 |
| scoring_system |
epss |
| scoring_elements |
0.68252 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00559 |
| scoring_system |
epss |
| scoring_elements |
0.68267 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00559 |
| scoring_system |
epss |
| scoring_elements |
0.68293 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00559 |
| scoring_system |
epss |
| scoring_elements |
0.6828 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00559 |
| scoring_system |
epss |
| scoring_elements |
0.68246 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00559 |
| scoring_system |
epss |
| scoring_elements |
0.68286 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00559 |
| scoring_system |
epss |
| scoring_elements |
0.68297 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.00559 |
| scoring_system |
epss |
| scoring_elements |
0.68277 |
| published_at |
2026-04-21T12:55:00Z |
|
| 13 |
| value |
0.00559 |
| scoring_system |
epss |
| scoring_elements |
0.6832 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-29453 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-29453
|
| risk_score |
2.5 |
| exploitability |
0.5 |
| weighted_severity |
4.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cdyd-79m9-pyhv |
|
| 23 |
| url |
VCID-cuqx-wxkd-nffa |
| vulnerability_id |
VCID-cuqx-wxkd-nffa |
| summary |
Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-29458 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00103 |
| scoring_system |
epss |
| scoring_elements |
0.28309 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.00103 |
| scoring_system |
epss |
| scoring_elements |
0.28265 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00128 |
| scoring_system |
epss |
| scoring_elements |
0.3183 |
| published_at |
2026-04-29T12:55:00Z |
|
| 3 |
| value |
0.00128 |
| scoring_system |
epss |
| scoring_elements |
0.32038 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.00128 |
| scoring_system |
epss |
| scoring_elements |
0.3191 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.00128 |
| scoring_system |
epss |
| scoring_elements |
0.32206 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00128 |
| scoring_system |
epss |
| scoring_elements |
0.32254 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00128 |
| scoring_system |
epss |
| scoring_elements |
0.32284 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00128 |
| scoring_system |
epss |
| scoring_elements |
0.32285 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00128 |
| scoring_system |
epss |
| scoring_elements |
0.32247 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00128 |
| scoring_system |
epss |
| scoring_elements |
0.32216 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00128 |
| scoring_system |
epss |
| scoring_elements |
0.32249 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.00128 |
| scoring_system |
epss |
| scoring_elements |
0.32229 |
| published_at |
2026-04-18T12:55:00Z |
|
| 13 |
| value |
0.00128 |
| scoring_system |
epss |
| scoring_elements |
0.32199 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-29458 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-29458
|
| risk_score |
1.5 |
| exploitability |
0.5 |
| weighted_severity |
3.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cuqx-wxkd-nffa |
|
| 24 |
| url |
VCID-d7uk-h423-77f5 |
| vulnerability_id |
VCID-d7uk-h423-77f5 |
| summary |
The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-32726 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00134 |
| scoring_system |
epss |
| scoring_elements |
0.32596 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00134 |
| scoring_system |
epss |
| scoring_elements |
0.33077 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00134 |
| scoring_system |
epss |
| scoring_elements |
0.33109 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00134 |
| scoring_system |
epss |
| scoring_elements |
0.3294 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00134 |
| scoring_system |
epss |
| scoring_elements |
0.32985 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00134 |
| scoring_system |
epss |
| scoring_elements |
0.33016 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00134 |
| scoring_system |
epss |
| scoring_elements |
0.33019 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00134 |
| scoring_system |
epss |
| scoring_elements |
0.32981 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00134 |
| scoring_system |
epss |
| scoring_elements |
0.32956 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00134 |
| scoring_system |
epss |
| scoring_elements |
0.32998 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00134 |
| scoring_system |
epss |
| scoring_elements |
0.32976 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00134 |
| scoring_system |
epss |
| scoring_elements |
0.32939 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00134 |
| scoring_system |
epss |
| scoring_elements |
0.32792 |
| published_at |
2026-04-24T12:55:00Z |
|
| 13 |
| value |
0.00134 |
| scoring_system |
epss |
| scoring_elements |
0.32679 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-32726 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-32726
|
| risk_score |
1.3 |
| exploitability |
0.5 |
| weighted_severity |
2.6 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-d7uk-h423-77f5 |
|
| 25 |
| url |
VCID-dej6-dxbp-a3bt |
| vulnerability_id |
VCID-dej6-dxbp-a3bt |
| summary |
A regular Zabbix user with no permission to the Monitoring -> Problems view is still able to call the problem.view.refresh action and therefore still retrieve a list of active problems. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-49641 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00053 |
| scoring_system |
epss |
| scoring_elements |
0.16702 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00053 |
| scoring_system |
epss |
| scoring_elements |
0.16864 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00053 |
| scoring_system |
epss |
| scoring_elements |
0.16596 |
| published_at |
2026-04-26T12:55:00Z |
|
| 3 |
| value |
0.00053 |
| scoring_system |
epss |
| scoring_elements |
0.16606 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.00053 |
| scoring_system |
epss |
| scoring_elements |
0.16922 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00053 |
| scoring_system |
epss |
| scoring_elements |
0.16705 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00053 |
| scoring_system |
epss |
| scoring_elements |
0.16791 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00053 |
| scoring_system |
epss |
| scoring_elements |
0.16845 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00053 |
| scoring_system |
epss |
| scoring_elements |
0.16823 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00053 |
| scoring_system |
epss |
| scoring_elements |
0.1678 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00053 |
| scoring_system |
epss |
| scoring_elements |
0.16721 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00053 |
| scoring_system |
epss |
| scoring_elements |
0.16657 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.00053 |
| scoring_system |
epss |
| scoring_elements |
0.16664 |
| published_at |
2026-04-18T12:55:00Z |
|
| 13 |
| value |
0.00057 |
| scoring_system |
epss |
| scoring_elements |
0.17743 |
| published_at |
2026-04-29T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-49641 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-49641
|
| risk_score |
1.2 |
| exploitability |
0.5 |
| weighted_severity |
2.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dej6-dxbp-a3bt |
|
| 26 |
| url |
VCID-ftt2-5jnt-9ye2 |
| vulnerability_id |
VCID-ftt2-5jnt-9ye2 |
| summary |
Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script can be activated through Action form fields, which can be sent as request to a website with a vulnerability that enables execution of malicious scripts. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-29457 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00367 |
| scoring_system |
epss |
| scoring_elements |
0.58661 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.00367 |
| scoring_system |
epss |
| scoring_elements |
0.5864 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.0049 |
| scoring_system |
epss |
| scoring_elements |
0.65616 |
| published_at |
2026-04-29T12:55:00Z |
|
| 3 |
| value |
0.0049 |
| scoring_system |
epss |
| scoring_elements |
0.65594 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.0049 |
| scoring_system |
epss |
| scoring_elements |
0.65607 |
| published_at |
2026-04-18T12:55:00Z |
|
| 5 |
| value |
0.0049 |
| scoring_system |
epss |
| scoring_elements |
0.65591 |
| published_at |
2026-04-21T12:55:00Z |
|
| 6 |
| value |
0.0049 |
| scoring_system |
epss |
| scoring_elements |
0.65606 |
| published_at |
2026-04-24T12:55:00Z |
|
| 7 |
| value |
0.0049 |
| scoring_system |
epss |
| scoring_elements |
0.65617 |
| published_at |
2026-04-26T12:55:00Z |
|
| 8 |
| value |
0.0049 |
| scoring_system |
epss |
| scoring_elements |
0.65516 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.0049 |
| scoring_system |
epss |
| scoring_elements |
0.65569 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.0049 |
| scoring_system |
epss |
| scoring_elements |
0.65581 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.0049 |
| scoring_system |
epss |
| scoring_elements |
0.656 |
| published_at |
2026-04-11T12:55:00Z |
|
| 12 |
| value |
0.0049 |
| scoring_system |
epss |
| scoring_elements |
0.65586 |
| published_at |
2026-04-12T12:55:00Z |
|
| 13 |
| value |
0.0049 |
| scoring_system |
epss |
| scoring_elements |
0.65558 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-29457 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-29457
|
| risk_score |
2.9 |
| exploitability |
0.5 |
| weighted_severity |
5.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ftt2-5jnt-9ye2 |
|
| 27 |
| url |
VCID-fxqr-51kp-3ber |
| vulnerability_id |
VCID-fxqr-51kp-3ber |
| summary |
For performance reasons Zabbix Server/Proxy reuses JavaScript (Duktape) contexts (used in script items, JavaScript reprocessing, Webhooks). This can lead to confidentiality loss where a regular (non-super) Zabbix administrator leaks data for hosts they do not have access to. A fix has been released that makes the built in Zabbix JavaScript objects read-only, but please be advised that usage of global JavaScript variables is not recommended because their content could be leaked. More information <a href='https://www.zabbix.com/documentation/7.4/en/manual/installation/known_issues#preprocessing-global-variables-are-unsafe'>in Zabbix documentation</a>. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-23919 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05655 |
| published_at |
2026-04-11T12:55:00Z |
|
| 1 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05583 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.0564 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05647 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05621 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05618 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05656 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05683 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00024 |
| scoring_system |
epss |
| scoring_elements |
0.06597 |
| published_at |
2026-04-29T12:55:00Z |
|
| 9 |
| value |
0.00024 |
| scoring_system |
epss |
| scoring_elements |
0.06722 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00024 |
| scoring_system |
epss |
| scoring_elements |
0.06719 |
| published_at |
2026-04-24T12:55:00Z |
|
| 11 |
| value |
0.00024 |
| scoring_system |
epss |
| scoring_elements |
0.06592 |
| published_at |
2026-04-26T12:55:00Z |
|
| 12 |
| value |
0.00024 |
| scoring_system |
epss |
| scoring_elements |
0.06572 |
| published_at |
2026-04-16T12:55:00Z |
|
| 13 |
| value |
0.00024 |
| scoring_system |
epss |
| scoring_elements |
0.06564 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-23919 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-23919
|
| risk_score |
1.8 |
| exploitability |
0.5 |
| weighted_severity |
3.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fxqr-51kp-3ber |
|
| 28 |
| url |
VCID-gp3f-yz9h-eqax |
| vulnerability_id |
VCID-gp3f-yz9h-eqax |
| summary |
The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-36460 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00446 |
| scoring_system |
epss |
| scoring_elements |
0.63508 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00446 |
| scoring_system |
epss |
| scoring_elements |
0.6348 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00446 |
| scoring_system |
epss |
| scoring_elements |
0.63499 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.00446 |
| scoring_system |
epss |
| scoring_elements |
0.63513 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.00446 |
| scoring_system |
epss |
| scoring_elements |
0.63426 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00446 |
| scoring_system |
epss |
| scoring_elements |
0.63453 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00446 |
| scoring_system |
epss |
| scoring_elements |
0.63418 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00446 |
| scoring_system |
epss |
| scoring_elements |
0.6347 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00446 |
| scoring_system |
epss |
| scoring_elements |
0.63487 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.00446 |
| scoring_system |
epss |
| scoring_elements |
0.63504 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00446 |
| scoring_system |
epss |
| scoring_elements |
0.63488 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00446 |
| scoring_system |
epss |
| scoring_elements |
0.63454 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00446 |
| scoring_system |
epss |
| scoring_elements |
0.63495 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-36460 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-36460
|
| risk_score |
2.0 |
| exploitability |
0.5 |
| weighted_severity |
4.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gp3f-yz9h-eqax |
|
| 29 |
| url |
VCID-gyqk-zsww-ykdj |
| vulnerability_id |
VCID-gyqk-zsww-ykdj |
| summary |
Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-29451 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0011 |
| scoring_system |
epss |
| scoring_elements |
0.29542 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.0011 |
| scoring_system |
epss |
| scoring_elements |
0.29494 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00126 |
| scoring_system |
epss |
| scoring_elements |
0.3142 |
| published_at |
2026-04-29T12:55:00Z |
|
| 3 |
| value |
0.00126 |
| scoring_system |
epss |
| scoring_elements |
0.31849 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.00126 |
| scoring_system |
epss |
| scoring_elements |
0.31829 |
| published_at |
2026-04-18T12:55:00Z |
|
| 5 |
| value |
0.00126 |
| scoring_system |
epss |
| scoring_elements |
0.31801 |
| published_at |
2026-04-21T12:55:00Z |
|
| 6 |
| value |
0.00126 |
| scoring_system |
epss |
| scoring_elements |
0.31632 |
| published_at |
2026-04-24T12:55:00Z |
|
| 7 |
| value |
0.00126 |
| scoring_system |
epss |
| scoring_elements |
0.31504 |
| published_at |
2026-04-26T12:55:00Z |
|
| 8 |
| value |
0.00126 |
| scoring_system |
epss |
| scoring_elements |
0.31807 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00126 |
| scoring_system |
epss |
| scoring_elements |
0.3186 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.00126 |
| scoring_system |
epss |
| scoring_elements |
0.31888 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.00126 |
| scoring_system |
epss |
| scoring_elements |
0.31891 |
| published_at |
2026-04-11T12:55:00Z |
|
| 12 |
| value |
0.00126 |
| scoring_system |
epss |
| scoring_elements |
0.31852 |
| published_at |
2026-04-12T12:55:00Z |
|
| 13 |
| value |
0.00126 |
| scoring_system |
epss |
| scoring_elements |
0.31817 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-29451 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-29451
|
| risk_score |
2.1 |
| exploitability |
0.5 |
| weighted_severity |
4.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gyqk-zsww-ykdj |
|
| 30 |
| url |
VCID-kx3g-p2zj-duaj |
| vulnerability_id |
VCID-kx3g-p2zj-duaj |
| summary |
URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-29456 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00122 |
| scoring_system |
epss |
| scoring_elements |
0.31519 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.00122 |
| scoring_system |
epss |
| scoring_elements |
0.31478 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00153 |
| scoring_system |
epss |
| scoring_elements |
0.35643 |
| published_at |
2026-04-29T12:55:00Z |
|
| 3 |
| value |
0.00153 |
| scoring_system |
epss |
| scoring_elements |
0.36041 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.00153 |
| scoring_system |
epss |
| scoring_elements |
0.35989 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.00153 |
| scoring_system |
epss |
| scoring_elements |
0.35762 |
| published_at |
2026-04-24T12:55:00Z |
|
| 6 |
| value |
0.00153 |
| scoring_system |
epss |
| scoring_elements |
0.3573 |
| published_at |
2026-04-26T12:55:00Z |
|
| 7 |
| value |
0.00153 |
| scoring_system |
epss |
| scoring_elements |
0.36006 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00153 |
| scoring_system |
epss |
| scoring_elements |
0.36056 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.00153 |
| scoring_system |
epss |
| scoring_elements |
0.36074 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.00153 |
| scoring_system |
epss |
| scoring_elements |
0.36081 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.00153 |
| scoring_system |
epss |
| scoring_elements |
0.36042 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.00153 |
| scoring_system |
epss |
| scoring_elements |
0.36016 |
| published_at |
2026-04-13T12:55:00Z |
|
| 13 |
| value |
0.00153 |
| scoring_system |
epss |
| scoring_elements |
0.36055 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-29456 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-29456
|
| risk_score |
2.5 |
| exploitability |
0.5 |
| weighted_severity |
5.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kx3g-p2zj-duaj |
|
| 31 |
| url |
VCID-mhx5-hcg2-wfc4 |
| vulnerability_id |
VCID-mhx5-hcg2-wfc4 |
| summary |
The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-45699 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00211 |
| scoring_system |
epss |
| scoring_elements |
0.43417 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00211 |
| scoring_system |
epss |
| scoring_elements |
0.43566 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00211 |
| scoring_system |
epss |
| scoring_elements |
0.43496 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.00211 |
| scoring_system |
epss |
| scoring_elements |
0.435 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.00211 |
| scoring_system |
epss |
| scoring_elements |
0.43591 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00211 |
| scoring_system |
epss |
| scoring_elements |
0.43618 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00211 |
| scoring_system |
epss |
| scoring_elements |
0.43554 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00211 |
| scoring_system |
epss |
| scoring_elements |
0.43605 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00211 |
| scoring_system |
epss |
| scoring_elements |
0.4361 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00211 |
| scoring_system |
epss |
| scoring_elements |
0.43629 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00211 |
| scoring_system |
epss |
| scoring_elements |
0.43597 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00211 |
| scoring_system |
epss |
| scoring_elements |
0.43581 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00211 |
| scoring_system |
epss |
| scoring_elements |
0.43642 |
| published_at |
2026-04-16T12:55:00Z |
|
| 13 |
| value |
0.00211 |
| scoring_system |
epss |
| scoring_elements |
0.43631 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-45699 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-45699
|
| risk_score |
2.0 |
| exploitability |
0.5 |
| weighted_severity |
4.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mhx5-hcg2-wfc4 |
|
| 32 |
| url |
VCID-n5md-76wa-dbaa |
| vulnerability_id |
VCID-n5md-76wa-dbaa |
| summary |
A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-27240 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00057 |
| scoring_system |
epss |
| scoring_elements |
0.18122 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.00057 |
| scoring_system |
epss |
| scoring_elements |
0.18068 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00057 |
| scoring_system |
epss |
| scoring_elements |
0.17823 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00062 |
| scoring_system |
epss |
| scoring_elements |
0.1903 |
| published_at |
2026-04-29T12:55:00Z |
|
| 4 |
| value |
0.00062 |
| scoring_system |
epss |
| scoring_elements |
0.19182 |
| published_at |
2026-04-18T12:55:00Z |
|
| 5 |
| value |
0.00062 |
| scoring_system |
epss |
| scoring_elements |
0.19193 |
| published_at |
2026-04-21T12:55:00Z |
|
| 6 |
| value |
0.00062 |
| scoring_system |
epss |
| scoring_elements |
0.19084 |
| published_at |
2026-04-24T12:55:00Z |
|
| 7 |
| value |
0.00062 |
| scoring_system |
epss |
| scoring_elements |
0.19075 |
| published_at |
2026-04-26T12:55:00Z |
|
| 8 |
| value |
0.00065 |
| scoring_system |
epss |
| scoring_elements |
0.20113 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00065 |
| scoring_system |
epss |
| scoring_elements |
0.20055 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00065 |
| scoring_system |
epss |
| scoring_elements |
0.20037 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00065 |
| scoring_system |
epss |
| scoring_elements |
0.20132 |
| published_at |
2026-04-09T12:55:00Z |
|
| 12 |
| value |
0.00065 |
| scoring_system |
epss |
| scoring_elements |
0.20158 |
| published_at |
2026-04-11T12:55:00Z |
|
| 13 |
| value |
0.00065 |
| scoring_system |
epss |
| scoring_elements |
0.20075 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-27240 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-27240
|
| risk_score |
1.9 |
| exploitability |
0.5 |
| weighted_severity |
3.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n5md-76wa-dbaa |
|
| 33 |
| url |
VCID-nrkb-pzcu-8ueg |
| vulnerability_id |
VCID-nrkb-pzcu-8ueg |
| summary |
Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-36461 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00725 |
| scoring_system |
epss |
| scoring_elements |
0.72667 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00725 |
| scoring_system |
epss |
| scoring_elements |
0.7262 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00725 |
| scoring_system |
epss |
| scoring_elements |
0.72662 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.00725 |
| scoring_system |
epss |
| scoring_elements |
0.72671 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.00725 |
| scoring_system |
epss |
| scoring_elements |
0.72536 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00725 |
| scoring_system |
epss |
| scoring_elements |
0.72553 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00725 |
| scoring_system |
epss |
| scoring_elements |
0.7253 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00725 |
| scoring_system |
epss |
| scoring_elements |
0.72568 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00725 |
| scoring_system |
epss |
| scoring_elements |
0.7258 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00725 |
| scoring_system |
epss |
| scoring_elements |
0.72604 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00725 |
| scoring_system |
epss |
| scoring_elements |
0.72587 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00725 |
| scoring_system |
epss |
| scoring_elements |
0.72576 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00725 |
| scoring_system |
epss |
| scoring_elements |
0.72618 |
| published_at |
2026-04-16T12:55:00Z |
|
| 13 |
| value |
0.00725 |
| scoring_system |
epss |
| scoring_elements |
0.72629 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-36461 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-36461
|
| risk_score |
2.2 |
| exploitability |
0.5 |
| weighted_severity |
4.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nrkb-pzcu-8ueg |
|
| 34 |
| url |
VCID-nyhx-57xy-wugc |
| vulnerability_id |
VCID-nyhx-57xy-wugc |
| summary |
Currently, geomap configuration (Administration -> General -> Geographical maps) allows using HTML in the field “Attribution text” when selected “Other” Tile provider. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-29452 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01801 |
| scoring_system |
epss |
| scoring_elements |
0.82757 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.01801 |
| scoring_system |
epss |
| scoring_elements |
0.82744 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.01972 |
| scoring_system |
epss |
| scoring_elements |
0.83617 |
| published_at |
2026-04-29T12:55:00Z |
|
| 3 |
| value |
0.01972 |
| scoring_system |
epss |
| scoring_elements |
0.83606 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.01972 |
| scoring_system |
epss |
| scoring_elements |
0.83613 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.01972 |
| scoring_system |
epss |
| scoring_elements |
0.83507 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.01972 |
| scoring_system |
epss |
| scoring_elements |
0.83531 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.01972 |
| scoring_system |
epss |
| scoring_elements |
0.83541 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.01972 |
| scoring_system |
epss |
| scoring_elements |
0.83556 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.01972 |
| scoring_system |
epss |
| scoring_elements |
0.8355 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.01972 |
| scoring_system |
epss |
| scoring_elements |
0.83545 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.01972 |
| scoring_system |
epss |
| scoring_elements |
0.8358 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.01972 |
| scoring_system |
epss |
| scoring_elements |
0.83581 |
| published_at |
2026-04-18T12:55:00Z |
|
| 13 |
| value |
0.01972 |
| scoring_system |
epss |
| scoring_elements |
0.83582 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-29452 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-29452
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nyhx-57xy-wugc |
|
| 35 |
| url |
VCID-psak-h1x6-1kca |
| vulnerability_id |
VCID-psak-h1x6-1kca |
| summary |
Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-42325 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00103 |
| scoring_system |
epss |
| scoring_elements |
0.27921 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00103 |
| scoring_system |
epss |
| scoring_elements |
0.28309 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00103 |
| scoring_system |
epss |
| scoring_elements |
0.28251 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00103 |
| scoring_system |
epss |
| scoring_elements |
0.28263 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.00103 |
| scoring_system |
epss |
| scoring_elements |
0.28245 |
| published_at |
2026-04-18T12:55:00Z |
|
| 5 |
| value |
0.00103 |
| scoring_system |
epss |
| scoring_elements |
0.28198 |
| published_at |
2026-04-21T12:55:00Z |
|
| 6 |
| value |
0.00103 |
| scoring_system |
epss |
| scoring_elements |
0.28111 |
| published_at |
2026-04-24T12:55:00Z |
|
| 7 |
| value |
0.00103 |
| scoring_system |
epss |
| scoring_elements |
0.27999 |
| published_at |
2026-04-26T12:55:00Z |
|
| 8 |
| value |
0.00103 |
| scoring_system |
epss |
| scoring_elements |
0.28348 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00103 |
| scoring_system |
epss |
| scoring_elements |
0.28352 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00124 |
| scoring_system |
epss |
| scoring_elements |
0.31776 |
| published_at |
2026-04-04T12:55:00Z |
|
| 11 |
| value |
0.00124 |
| scoring_system |
epss |
| scoring_elements |
0.31731 |
| published_at |
2026-04-02T12:55:00Z |
|
| 12 |
| value |
0.00124 |
| scoring_system |
epss |
| scoring_elements |
0.31594 |
| published_at |
2026-04-07T12:55:00Z |
|
| 13 |
| value |
0.00124 |
| scoring_system |
epss |
| scoring_elements |
0.31647 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-42325 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-42325
|
| risk_score |
0.9 |
| exploitability |
0.5 |
| weighted_severity |
1.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-psak-h1x6-1kca |
|
| 36 |
| url |
VCID-qzp5-px2f-vqc8 |
| vulnerability_id |
VCID-qzp5-px2f-vqc8 |
| summary |
A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-27236 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00047 |
| scoring_system |
epss |
| scoring_elements |
0.14616 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00047 |
| scoring_system |
epss |
| scoring_elements |
0.14756 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00047 |
| scoring_system |
epss |
| scoring_elements |
0.14643 |
| published_at |
2026-04-26T12:55:00Z |
|
| 3 |
| value |
0.00047 |
| scoring_system |
epss |
| scoring_elements |
0.14646 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.00047 |
| scoring_system |
epss |
| scoring_elements |
0.14832 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00047 |
| scoring_system |
epss |
| scoring_elements |
0.14636 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00047 |
| scoring_system |
epss |
| scoring_elements |
0.14726 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00047 |
| scoring_system |
epss |
| scoring_elements |
0.14785 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00047 |
| scoring_system |
epss |
| scoring_elements |
0.14745 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00047 |
| scoring_system |
epss |
| scoring_elements |
0.14708 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00047 |
| scoring_system |
epss |
| scoring_elements |
0.14654 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00047 |
| scoring_system |
epss |
| scoring_elements |
0.14546 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.00047 |
| scoring_system |
epss |
| scoring_elements |
0.14552 |
| published_at |
2026-04-18T12:55:00Z |
|
| 13 |
| value |
0.00054 |
| scoring_system |
epss |
| scoring_elements |
0.1661 |
| published_at |
2026-04-29T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-27236 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-27236
|
| risk_score |
0.9 |
| exploitability |
0.5 |
| weighted_severity |
1.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qzp5-px2f-vqc8 |
|
| 37 |
| url |
VCID-qzzk-mcfu-sfhv |
| vulnerability_id |
VCID-qzzk-mcfu-sfhv |
| summary |
zabbix: Zabbix: Confidentiality loss via improper access control in configuration.import API |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-23925 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00012 |
| scoring_system |
epss |
| scoring_elements |
0.01567 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.00012 |
| scoring_system |
epss |
| scoring_elements |
0.01563 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02427 |
| published_at |
2026-04-29T12:55:00Z |
|
| 3 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02403 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02385 |
| published_at |
2026-04-24T12:55:00Z |
|
| 5 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02374 |
| published_at |
2026-04-26T12:55:00Z |
|
| 6 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02331 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02334 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02356 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02333 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02319 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02317 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02301 |
| published_at |
2026-04-16T12:55:00Z |
|
| 13 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02307 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-23925 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-23925
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qzzk-mcfu-sfhv |
|
| 38 |
| url |
VCID-r65p-6wkq-sfb9 |
| vulnerability_id |
VCID-r65p-6wkq-sfb9 |
| summary |
JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-29450 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48684 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48662 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00289 |
| scoring_system |
epss |
| scoring_elements |
0.52339 |
| published_at |
2026-04-29T12:55:00Z |
|
| 3 |
| value |
0.00289 |
| scoring_system |
epss |
| scoring_elements |
0.52389 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00289 |
| scoring_system |
epss |
| scoring_elements |
0.52428 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.00289 |
| scoring_system |
epss |
| scoring_elements |
0.52434 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.00289 |
| scoring_system |
epss |
| scoring_elements |
0.52366 |
| published_at |
2026-04-24T12:55:00Z |
|
| 7 |
| value |
0.00289 |
| scoring_system |
epss |
| scoring_elements |
0.52376 |
| published_at |
2026-04-26T12:55:00Z |
|
| 8 |
| value |
0.00289 |
| scoring_system |
epss |
| scoring_elements |
0.52321 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00289 |
| scoring_system |
epss |
| scoring_elements |
0.52374 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.00289 |
| scoring_system |
epss |
| scoring_elements |
0.52369 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.00289 |
| scoring_system |
epss |
| scoring_elements |
0.52419 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00289 |
| scoring_system |
epss |
| scoring_elements |
0.52403 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-29450 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-29450
|
| risk_score |
3.9 |
| exploitability |
0.5 |
| weighted_severity |
7.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r65p-6wkq-sfb9 |
|
| 39 |
| url |
VCID-r8yr-aet5-yydn |
| vulnerability_id |
VCID-r8yr-aet5-yydn |
| summary |
Host and event action script input is validated with a regex (set by the administrator), but the validation runs in multiline mode. If ^ and $ anchors are used in user input validation, an injected newline lets authenticated users bypass the check and inject shell commands. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-23920 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00052 |
| scoring_system |
epss |
| scoring_elements |
0.16305 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00052 |
| scoring_system |
epss |
| scoring_elements |
0.16462 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00052 |
| scoring_system |
epss |
| scoring_elements |
0.16233 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.00052 |
| scoring_system |
epss |
| scoring_elements |
0.1634 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.00052 |
| scoring_system |
epss |
| scoring_elements |
0.16524 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00052 |
| scoring_system |
epss |
| scoring_elements |
0.1632 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00052 |
| scoring_system |
epss |
| scoring_elements |
0.16406 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00052 |
| scoring_system |
epss |
| scoring_elements |
0.16465 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00052 |
| scoring_system |
epss |
| scoring_elements |
0.16449 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00052 |
| scoring_system |
epss |
| scoring_elements |
0.1641 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00052 |
| scoring_system |
epss |
| scoring_elements |
0.16349 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00052 |
| scoring_system |
epss |
| scoring_elements |
0.16285 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.0006 |
| scoring_system |
epss |
| scoring_elements |
0.18628 |
| published_at |
2026-04-29T12:55:00Z |
|
| 13 |
| value |
0.0006 |
| scoring_system |
epss |
| scoring_elements |
0.18673 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-23920 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-23920
|
| risk_score |
2.2 |
| exploitability |
0.5 |
| weighted_severity |
4.4 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r8yr-aet5-yydn |
|
| 40 |
| url |
VCID-ry8x-mjbp-qqct |
| vulnerability_id |
VCID-ry8x-mjbp-qqct |
| summary |
A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them to sign in with admin permissions. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-36466 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00187 |
| scoring_system |
epss |
| scoring_elements |
0.40537 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00187 |
| scoring_system |
epss |
| scoring_elements |
0.40555 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00187 |
| scoring_system |
epss |
| scoring_elements |
0.40585 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00187 |
| scoring_system |
epss |
| scoring_elements |
0.40565 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00187 |
| scoring_system |
epss |
| scoring_elements |
0.40592 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00187 |
| scoring_system |
epss |
| scoring_elements |
0.40513 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00187 |
| scoring_system |
epss |
| scoring_elements |
0.40564 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00187 |
| scoring_system |
epss |
| scoring_elements |
0.40574 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00187 |
| scoring_system |
epss |
| scoring_elements |
0.40593 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00187 |
| scoring_system |
epss |
| scoring_elements |
0.40556 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48747 |
| published_at |
2026-04-29T12:55:00Z |
|
| 11 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48799 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48788 |
| published_at |
2026-04-24T12:55:00Z |
|
| 13 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48796 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-36466 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-36466
|
| risk_score |
2.2 |
| exploitability |
0.5 |
| weighted_severity |
4.4 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ry8x-mjbp-qqct |
|
| 41 |
| url |
VCID-s1mb-1gsj-pbed |
| vulnerability_id |
VCID-s1mb-1gsj-pbed |
| summary |
An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-49643 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00086 |
| scoring_system |
epss |
| scoring_elements |
0.24627 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00133 |
| scoring_system |
epss |
| scoring_elements |
0.32832 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00133 |
| scoring_system |
epss |
| scoring_elements |
0.32639 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.00133 |
| scoring_system |
epss |
| scoring_elements |
0.32525 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.00133 |
| scoring_system |
epss |
| scoring_elements |
0.32971 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00133 |
| scoring_system |
epss |
| scoring_elements |
0.32793 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00133 |
| scoring_system |
epss |
| scoring_elements |
0.3284 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00133 |
| scoring_system |
epss |
| scoring_elements |
0.3287 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00133 |
| scoring_system |
epss |
| scoring_elements |
0.32871 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00133 |
| scoring_system |
epss |
| scoring_elements |
0.32936 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.00133 |
| scoring_system |
epss |
| scoring_elements |
0.32806 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00133 |
| scoring_system |
epss |
| scoring_elements |
0.32848 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.00133 |
| scoring_system |
epss |
| scoring_elements |
0.32825 |
| published_at |
2026-04-18T12:55:00Z |
|
| 13 |
| value |
0.00133 |
| scoring_system |
epss |
| scoring_elements |
0.3279 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-49643 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-49643
|
| risk_score |
1.5 |
| exploitability |
0.5 |
| weighted_severity |
3.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-s1mb-1gsj-pbed |
|
| 42 |
| url |
VCID-sudd-unuw-wqa9 |
| vulnerability_id |
VCID-sudd-unuw-wqa9 |
| summary |
Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-27233 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09365 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09416 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09326 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09578 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09725 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09767 |
| published_at |
2026-04-24T12:55:00Z |
|
| 6 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09734 |
| published_at |
2026-04-26T12:55:00Z |
|
| 7 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09693 |
| published_at |
2026-04-29T12:55:00Z |
|
| 8 |
| value |
0.00035 |
| scoring_system |
epss |
| scoring_elements |
0.10399 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00035 |
| scoring_system |
epss |
| scoring_elements |
0.10368 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.00035 |
| scoring_system |
epss |
| scoring_elements |
0.10357 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00035 |
| scoring_system |
epss |
| scoring_elements |
0.10336 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00035 |
| scoring_system |
epss |
| scoring_elements |
0.1021 |
| published_at |
2026-04-16T12:55:00Z |
|
| 13 |
| value |
0.00035 |
| scoring_system |
epss |
| scoring_elements |
0.10306 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-27233 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-27233
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sudd-unuw-wqa9 |
|
| 43 |
| url |
VCID-uh37-bv9z-1bdz |
| vulnerability_id |
VCID-uh37-bv9z-1bdz |
| summary |
The LDAP 'Bind password' value cannot be read after saving, but a Super Admin account can leak it by changing LDAP 'Host' to a rogue LDAP server. To mitigate this, the 'Bind password' value is now reset on 'Host' change. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-27231 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13398 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13532 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13376 |
| published_at |
2026-04-26T12:55:00Z |
|
| 3 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13402 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13594 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13391 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13472 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13521 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13494 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13458 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13411 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13318 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.00049 |
| scoring_system |
epss |
| scoring_elements |
0.15247 |
| published_at |
2026-04-29T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-27231 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-27231
|
| risk_score |
1.1 |
| exploitability |
0.5 |
| weighted_severity |
2.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-uh37-bv9z-1bdz |
|
| 44 |
| url |
VCID-uxdf-6tyd-rucd |
| vulnerability_id |
VCID-uxdf-6tyd-rucd |
| summary |
The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attack requires an SNMP item to be configured as text on the target host. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-42332 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.62269 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.62249 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.62259 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.62276 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.6216 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.62191 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.62158 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.62208 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.62226 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.62244 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.62234 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.62212 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.62258 |
| published_at |
2026-04-16T12:55:00Z |
|
| 13 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.62265 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-42332 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-42332
|
| risk_score |
0.9 |
| exploitability |
0.5 |
| weighted_severity |
1.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-uxdf-6tyd-rucd |
|
| 45 |
| url |
VCID-vkfp-asar-7bhw |
| vulnerability_id |
VCID-vkfp-asar-7bhw |
| summary |
The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-32725 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50162 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50194 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50222 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50171 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50225 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50218 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50246 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.5022 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50208 |
| published_at |
2026-04-26T12:55:00Z |
|
| 9 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50253 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50255 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50229 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50202 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-32725 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-32725
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vkfp-asar-7bhw |
|
| 46 |
| url |
VCID-wczj-cv1m-7qce |
| vulnerability_id |
VCID-wczj-cv1m-7qce |
| summary |
An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-22116 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00497 |
| scoring_system |
epss |
| scoring_elements |
0.65908 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00497 |
| scoring_system |
epss |
| scoring_elements |
0.65889 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00497 |
| scoring_system |
epss |
| scoring_elements |
0.65899 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.00497 |
| scoring_system |
epss |
| scoring_elements |
0.6591 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.00497 |
| scoring_system |
epss |
| scoring_elements |
0.65815 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00497 |
| scoring_system |
epss |
| scoring_elements |
0.65845 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00497 |
| scoring_system |
epss |
| scoring_elements |
0.65811 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00497 |
| scoring_system |
epss |
| scoring_elements |
0.65863 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00497 |
| scoring_system |
epss |
| scoring_elements |
0.65875 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00497 |
| scoring_system |
epss |
| scoring_elements |
0.65894 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00497 |
| scoring_system |
epss |
| scoring_elements |
0.65881 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00497 |
| scoring_system |
epss |
| scoring_elements |
0.65851 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00497 |
| scoring_system |
epss |
| scoring_elements |
0.65886 |
| published_at |
2026-04-16T12:55:00Z |
|
| 13 |
| value |
0.00497 |
| scoring_system |
epss |
| scoring_elements |
0.65901 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-22116 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-22116
|
| risk_score |
2.5 |
| exploitability |
0.5 |
| weighted_severity |
5.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wczj-cv1m-7qce |
|
| 47 |
| url |
VCID-zc7p-7yts-5yae |
| vulnerability_id |
VCID-zc7p-7yts-5yae |
| summary |
The researcher is showing that it is possible to leak a small amount of Zabbix Server memory using an out of bounds read in src/libs/zbxmedia/email.c |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-42333 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00097 |
| scoring_system |
epss |
| scoring_elements |
0.2673 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.00097 |
| scoring_system |
epss |
| scoring_elements |
0.26682 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00097 |
| scoring_system |
epss |
| scoring_elements |
0.26673 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00097 |
| scoring_system |
epss |
| scoring_elements |
0.26826 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00097 |
| scoring_system |
epss |
| scoring_elements |
0.26866 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00097 |
| scoring_system |
epss |
| scoring_elements |
0.26652 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00097 |
| scoring_system |
epss |
| scoring_elements |
0.2672 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00097 |
| scoring_system |
epss |
| scoring_elements |
0.2677 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00097 |
| scoring_system |
epss |
| scoring_elements |
0.26774 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32287 |
| published_at |
2026-04-29T12:55:00Z |
|
| 10 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32641 |
| published_at |
2026-04-21T12:55:00Z |
|
| 11 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32486 |
| published_at |
2026-04-24T12:55:00Z |
|
| 12 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32371 |
| published_at |
2026-04-26T12:55:00Z |
|
| 13 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.3267 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-42333 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-42333
|
| risk_score |
0.7 |
| exploitability |
0.5 |
| weighted_severity |
1.4 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zc7p-7yts-5yae |
|
| 48 |
| url |
VCID-zrfp-skzu-cbet |
| vulnerability_id |
VCID-zrfp-skzu-cbet |
| summary |
When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding sysmapelementurlid + 1. This action prevents others from adding URLs to the map element. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-22117 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00057 |
| scoring_system |
epss |
| scoring_elements |
0.1763 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00057 |
| scoring_system |
epss |
| scoring_elements |
0.17788 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00057 |
| scoring_system |
epss |
| scoring_elements |
0.17698 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.00057 |
| scoring_system |
epss |
| scoring_elements |
0.17675 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.00057 |
| scoring_system |
epss |
| scoring_elements |
0.1797 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00057 |
| scoring_system |
epss |
| scoring_elements |
0.18024 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00057 |
| scoring_system |
epss |
| scoring_elements |
0.17723 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00057 |
| scoring_system |
epss |
| scoring_elements |
0.17811 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00057 |
| scoring_system |
epss |
| scoring_elements |
0.17871 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00057 |
| scoring_system |
epss |
| scoring_elements |
0.17887 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00057 |
| scoring_system |
epss |
| scoring_elements |
0.17844 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00057 |
| scoring_system |
epss |
| scoring_elements |
0.17795 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00057 |
| scoring_system |
epss |
| scoring_elements |
0.1774 |
| published_at |
2026-04-16T12:55:00Z |
|
| 13 |
| value |
0.00057 |
| scoring_system |
epss |
| scoring_elements |
0.1775 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-22117 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-22117
|
| risk_score |
0.7 |
| exploitability |
0.5 |
| weighted_severity |
1.4 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zrfp-skzu-cbet |
|