Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/994478?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "type": "deb", "namespace": "debian", "name": "zabbix", "version": "1:6.0.14+dfsg-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1:7.0.9+dfsg-1~bpo12+1", "latest_non_vulnerable_version": "1:7.0.9+dfsg-1~bpo12+1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96119?format=api", "vulnerability_id": "VCID-172p-q6d5-9ya3", "summary": "Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36469", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31394", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31826", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31791", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31823", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31803", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31773", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31606", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31478", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31861", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31865", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35753", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35726", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35633", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35679", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36469" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-26255", "reference_id": "ZBX-26255", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-02T15:00:32Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-26255" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-36469" ], "risk_score": 0.8, "exploitability": "0.5", "weighted_severity": "1.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-172p-q6d5-9ya3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95948?format=api", "vulnerability_id": "VCID-1xr6-n296-cyfd", "summary": "The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22119", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.6214", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.62143", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.62149", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.62133", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.62131", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.62147", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.62042", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.62074", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.62043", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.62093", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.6211", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.6213", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.6212", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.62099", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22119" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22119", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22119" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00020.html", "reference_id": "msg00020.html", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T14:54:06Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00020.html" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-24070", "reference_id": "ZBX-24070", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T14:54:06Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-24070" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-22119" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1xr6-n296-cyfd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96211?format=api", "vulnerability_id": "VCID-3g1d-2tvh-akh4", "summary": "Zabbix server is vulnerable to a DoS vulnerability due to uncontrolled resource exhaustion. An attacker can send specially crafted requests to the server, which will cause the server to allocate an excessive amount of memory and perform CPU-intensive decompression operations, ultimately leading to a service crash.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45700", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41583", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41734", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.4166", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41661", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41788", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41817", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41746", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41796", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41805", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41829", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41783", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41832", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41806", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45700" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45700", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45700" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-26253", "reference_id": "ZBX-26253", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-02T16:27:38Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-26253" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-45700" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3g1d-2tvh-akh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95949?format=api", "vulnerability_id": "VCID-3qru-uxsd-e3c8", "summary": "Zabbix allows to configure SMS notifications. AT command injection occurs on \"Zabbix Server\" because there is no validation of \"Number\" field on Web nor on Zabbix server side. Attacker can run test of SMS providing specially crafted phone number and execute additional AT commands on modem.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22122", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.6317", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63136", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63158", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63172", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.6307", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.631", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63064", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63116", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63133", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.6315", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63135", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63113", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63148", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63155", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22122" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22122", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22122" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078553", "reference_id": "1078553", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078553" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-25012", "reference_id": "ZBX-25012", "reference_type": "", "scores": [ { "value": "3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:46:40Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-25012" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-22122" ], "risk_score": 0.8, "exploitability": "0.5", "weighted_severity": "1.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3qru-uxsd-e3c8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95538?format=api", "vulnerability_id": "VCID-464s-8ex9-kqdz", "summary": "A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32721", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72306", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72324", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72301", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.7234", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72352", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72375", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72358", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72346", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72387", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72397", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72384", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72427", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72436", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72432", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32721" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32721", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32721" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053877", "reference_id": "1053877", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053877" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2023-32721" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-464s-8ex9-kqdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95945?format=api", "vulnerability_id": "VCID-4s92-5es4-yka5", "summary": "User with no permission to any of the Hosts can access and view host count & other statistics through System Information Widget in Global View Dashboard.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22114", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.38687", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39004", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.38797", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.38774", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.391", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39122", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.3904", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39096", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39112", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39124", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39087", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39067", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39092", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22114" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22114", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22114" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078553", "reference_id": "1078553", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078553" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-25015", "reference_id": "ZBX-25015", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T12:39:48Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-25015" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-22114" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4s92-5es4-yka5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95543?format=api", "vulnerability_id": "VCID-4uxg-fxv7-rua8", "summary": "An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32727", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64394", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64302", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64369", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.6436", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64381", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64331", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64287", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64335", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.6435", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64363", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64351", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64322", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64358", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32727" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32727", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32727" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-23857", "reference_id": "ZBX-23857", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-07T20:37:31Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-23857" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2023-32727" ], "risk_score": 1.7, "exploitability": "0.5", "weighted_severity": "3.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4uxg-fxv7-rua8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95539?format=api", "vulnerability_id": "VCID-547a-p94b-6fep", "summary": "The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32722", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.57968", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.57972", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58005", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.57969", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.57985", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.5799", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.57966", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58022", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58024", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58041", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58019", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.57999", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58029", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58028", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32722" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32722", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32722" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053877", "reference_id": "1053877", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053877" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-23390", "reference_id": "ZBX-23390", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-18T15:26:49Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-23390" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2023-32722" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-547a-p94b-6fep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97015?format=api", "vulnerability_id": "VCID-5nmy-hdh8-xbg1", "summary": "A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL selects via the sortfield parameter. Although query results are not returned directly, an attacker can exfiltrate arbitrary database data through time-based techniques, potentially leading to session identifier disclosure and administrator account compromise.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23921", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09616", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09722", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09806", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09761", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09772", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09677", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09748", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09798", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09808", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09777", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.0976", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09645", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11435", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11508", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23921" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23921", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23921" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-27640", "reference_id": "ZBX-27640", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:24:25Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-27640" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2026-23921" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5nmy-hdh8-xbg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95496?format=api", "vulnerability_id": "VCID-5s7j-6aea-qucr", "summary": "Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application, then the application saves the payload (e.g., in a database or server-side text files), and finally, the application unintentionally executes the payload for every victim visiting its web pages.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29454", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00646", "scoring_system": "epss", "scoring_elements": "0.70673", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00646", "scoring_system": "epss", "scoring_elements": "0.70654", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.74251", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.74217", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.74209", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.74244", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.74253", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.74126", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.74159", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.74174", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.74195", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.74177", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.7417", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.74208", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29454" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29454", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29454" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175", "reference_id": "1055175", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-22985", "reference_id": "ZBX-22985", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T21:06:47Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-22985" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2023-29454" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5s7j-6aea-qucr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/267146?format=api", "vulnerability_id": "VCID-5t3e-bfve-d3he", "summary": "The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32728", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.67518", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.67419", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.67487", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.67506", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.67517", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.67441", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.6742", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.67471", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.67485", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.67508", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.67495", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.67461", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.67497", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.67509", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32728" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-23858", "reference_id": "ZBX-23858", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T20:43:15Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-23858" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2023-32728" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5t3e-bfve-d3he" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95497?format=api", "vulnerability_id": "VCID-673b-qsd3-e3hz", "summary": "Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29455", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00917", "scoring_system": "epss", "scoring_elements": "0.75899", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00917", "scoring_system": "epss", "scoring_elements": "0.75866", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01219", "scoring_system": "epss", "scoring_elements": "0.79136", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01219", "scoring_system": "epss", "scoring_elements": "0.79082", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01219", "scoring_system": "epss", "scoring_elements": "0.79081", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01219", "scoring_system": "epss", "scoring_elements": "0.79114", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01219", "scoring_system": "epss", "scoring_elements": "0.79121", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01219", "scoring_system": "epss", "scoring_elements": "0.79028", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01219", "scoring_system": "epss", "scoring_elements": "0.79052", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01219", "scoring_system": "epss", "scoring_elements": "0.79059", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01219", "scoring_system": "epss", "scoring_elements": "0.79083", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01219", "scoring_system": "epss", "scoring_elements": "0.79068", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01219", "scoring_system": "epss", "scoring_elements": "0.79058", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01219", "scoring_system": "epss", "scoring_elements": "0.79085", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29455" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29455", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29455" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175", "reference_id": "1055175", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-22986", "reference_id": "ZBX-22986", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T21:06:45Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-22986" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2023-29455" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-673b-qsd3-e3hz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95493?format=api", "vulnerability_id": "VCID-6u3x-x7qt-g3fa", "summary": "JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles (Admin and Superadmin). Administrative privileges should be typically granted to users who need to perform tasks that require more control over the system. The security risk is limited because not all users have this level of access.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29449", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00755", "scoring_system": "epss", "scoring_elements": "0.73212", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00755", "scoring_system": "epss", "scoring_elements": "0.73191", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75096", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75049", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75087", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75092", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.7498", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75014", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75026", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75047", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75015", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75051", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75059", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29449" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29449", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29449" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175", "reference_id": "1055175", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-22589", "reference_id": "ZBX-22589", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T16:25:49Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-22589" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2023-29449" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6u3x-x7qt-g3fa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/259387?format=api", "vulnerability_id": "VCID-76qf-8jm4-8kct", "summary": "Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to \"Audit Log\". Due to \"clientip\" field is not sanitized, it is possible to injection SQL into \"clientip\" and exploit time based blind SQL injection.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22120", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.92119", "scoring_system": "epss", "scoring_elements": "0.99715", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.92119", "scoring_system": "epss", "scoring_elements": "0.99714", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.92259", "scoring_system": "epss", "scoring_elements": "0.99717", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.92259", "scoring_system": "epss", "scoring_elements": "0.99718", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.92259", "scoring_system": "epss", "scoring_elements": "0.99716", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.92259", "scoring_system": "epss", "scoring_elements": "0.99719", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.92259", "scoring_system": "epss", "scoring_elements": "0.99721", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22120" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072120", "reference_id": "1072120", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072120" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-24505", "reference_id": "ZBX-24505", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-20T13:29:40Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-24505" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-22120" ], "risk_score": 9.0, "exploitability": "2.0", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-76qf-8jm4-8kct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96118?format=api", "vulnerability_id": "VCID-7bzf-3c9x-8qc4", "summary": "An authenticated user with API access (e.g.: user with default User role), more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group (e.g.: Zabbix Administrators), except to groups that are disabled or having restricted GUI access.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36467", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47359", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47425", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47366", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47339", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.4736", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47308", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47363", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47384", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55627", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55708", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55633", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.5565", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55729", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36467" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36467" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088689", "reference_id": "1088689", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088689" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-25614", "reference_id": "ZBX-25614", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-04T04:55:25Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-25614" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-36467" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7bzf-3c9x-8qc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96179?format=api", "vulnerability_id": "VCID-7f3g-hebk-3qad", "summary": "In the src/libs/zbxembed/browser.c file, the es_browser_ctor method retrieves a heap pointer from the Duktape JavaScript engine. This heap pointer is subsequently utilized by the browser_push_error method in the src/libs/zbxembed/browser_error.c file. A use-after-free bug can occur at this stage if the wd->browser heap pointer is freed by garbage collection.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42331", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13557", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13676", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13685", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13655", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13822", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13878", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13679", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13762", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13812", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13781", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13744", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13694", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13605", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13602", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42331" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42331", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42331" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088689", "reference_id": "1088689", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088689" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-25627", "reference_id": "ZBX-25627", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:55:25Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-25627" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-42331" ], "risk_score": 0.8, "exploitability": "0.5", "weighted_severity": "1.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7f3g-hebk-3qad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96116?format=api", "vulnerability_id": "VCID-7yp1-231f-a3eq", "summary": "The implementation of atob in \"Zabbix JS\" allows to create a string with arbitrary content and use it to access internal properties of objects.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36463", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59351", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59373", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59354", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59332", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59297", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59321", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59286", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59336", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59349", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59368", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59352", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59334", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59367", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36463" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36463", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36463" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-25611", "reference_id": "ZBX-25611", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-26T16:21:34Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-25611" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-36463" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7yp1-231f-a3eq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/204691?format=api", "vulnerability_id": "VCID-9jfn-6nvg-a3b6", "summary": "A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42327", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.90724", "scoring_system": "epss", "scoring_elements": "0.99621", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.90724", "scoring_system": "epss", "scoring_elements": "0.99623", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.90724", "scoring_system": "epss", "scoring_elements": "0.99622", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.90724", "scoring_system": "epss", "scoring_elements": "0.99619", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.90724", "scoring_system": "epss", "scoring_elements": "0.9962", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.91356", "scoring_system": "epss", "scoring_elements": "0.99665", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.91356", "scoring_system": "epss", "scoring_elements": "0.9966", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.91356", "scoring_system": "epss", "scoring_elements": "0.99661", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.91356", "scoring_system": "epss", "scoring_elements": "0.99664", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42327" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088689", "reference_id": "1088689", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088689" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52230.py", "reference_id": "CVE-2024-42327", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52230.py" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-25623", "reference_id": "ZBX-25623", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:10:31Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-25623" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-42327" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9jfn-6nvg-a3b6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95541?format=api", "vulnerability_id": "VCID-9z8h-gg7t-b7f8", "summary": "Memory pointer is in a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory access and manipulation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32724", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.72557", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.72559", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.72428", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.72446", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.72422", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.72461", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.72474", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.72496", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.72478", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.72469", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.7251", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.72519", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.72509", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.72552", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32724" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32724", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32724" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053877", "reference_id": "1053877", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053877" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-23391", "reference_id": "ZBX-23391", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T13:43:17Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-23391" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2023-32724" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9z8h-gg7t-b7f8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96178?format=api", "vulnerability_id": "VCID-aetr-jrab-6fg5", "summary": "The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42330", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38183", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38205", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38159", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38249", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38272", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38141", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38191", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38199", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38218", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45716", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45838", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45764", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45775", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45892", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42330" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088689", "reference_id": "1088689", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088689" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-25626", "reference_id": "ZBX-25626", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:12:32Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-25626" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-42330" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aetr-jrab-6fg5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96117?format=api", "vulnerability_id": "VCID-b8tm-2187-wkhz", "summary": "When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36464", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15318", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15167", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15252", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15385", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15455", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15258", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15346", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15396", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15356", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20515", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20663", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.2055", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20547", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20672", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36464" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36464", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36464" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1090030", "reference_id": "1090030", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1090030" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-25630", "reference_id": "ZBX-25630", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:27:15Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-25630" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-36464" ], "risk_score": 0.7, "exploitability": "0.5", "weighted_severity": "1.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b8tm-2187-wkhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95950?format=api", "vulnerability_id": "VCID-batr-txtv-s3cf", "summary": "Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and zabbix_server will try to communicate with it as modem. As a result, log file will be broken with AT commands and small part for log file content will be leaked to UI.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22123", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.60847", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.60826", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.60852", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.60757", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.60786", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.60751", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.60799", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.60815", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.60836", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.60823", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.60804", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61534", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61539", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22123" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22123", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22123" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078553", "reference_id": "1078553", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078553" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-25013", "reference_id": "ZBX-25013", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:40:56Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-25013" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-22123" ], "risk_score": 0.7, "exploitability": "0.5", "weighted_severity": "1.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-batr-txtv-s3cf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95495?format=api", "vulnerability_id": "VCID-cdyd-79m9-pyhv", "summary": "Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g., \"var a = {{.}}\"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template. Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29453", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00559", "scoring_system": "epss", "scoring_elements": "0.68334", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00559", "scoring_system": "epss", "scoring_elements": "0.68329", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00559", "scoring_system": "epss", "scoring_elements": "0.68207", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00559", "scoring_system": "epss", "scoring_elements": "0.68225", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00559", "scoring_system": "epss", "scoring_elements": "0.68201", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00559", "scoring_system": "epss", "scoring_elements": "0.68252", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00559", "scoring_system": "epss", "scoring_elements": "0.68267", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00559", "scoring_system": "epss", "scoring_elements": "0.68293", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00559", "scoring_system": "epss", "scoring_elements": "0.6828", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00559", "scoring_system": "epss", "scoring_elements": "0.68246", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00559", "scoring_system": "epss", "scoring_elements": "0.68286", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00559", "scoring_system": "epss", "scoring_elements": "0.68297", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00559", "scoring_system": "epss", "scoring_elements": "0.68277", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00559", "scoring_system": "epss", "scoring_elements": "0.6832", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29453" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29453", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29453" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-23388", "reference_id": "ZBX-23388", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-18T15:17:42Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-23388" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2023-29453" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cdyd-79m9-pyhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95500?format=api", "vulnerability_id": "VCID-cuqx-wxkd-nffa", "summary": "Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29458", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28309", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28265", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.3183", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.32038", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.3191", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.32206", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.32254", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.32284", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.32285", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.32247", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.32216", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.32249", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.32229", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.32199", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29458" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29458", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29458" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175", "reference_id": "1055175", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-22989", "reference_id": "ZBX-22989", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T16:19:37Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-22989" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2023-29458" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cuqx-wxkd-nffa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95542?format=api", "vulnerability_id": "VCID-d7uk-h423-77f5", "summary": "The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32726", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32596", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33077", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33109", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.3294", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32985", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33016", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33019", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32981", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32956", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32998", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32976", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32939", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32792", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32679", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32726" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32726", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32726" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2023-32726" ], "risk_score": 1.3, "exploitability": "0.5", "weighted_severity": "2.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d7uk-h423-77f5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96736?format=api", "vulnerability_id": "VCID-dej6-dxbp-a3bt", "summary": "A regular Zabbix user with no permission to the Monitoring -> Problems view is still able to call the problem.view.refresh action and therefore still retrieve a list of active problems.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49641", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16702", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16864", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16596", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16606", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16922", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16705", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16791", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16845", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16823", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.1678", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16721", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16657", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16664", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17743", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49641" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49641", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49641" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117448", "reference_id": "1117448", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117448" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-27063", "reference_id": "ZBX-27063", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-03T13:51:55Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-27063" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2025-49641" ], "risk_score": 1.2, "exploitability": "0.5", "weighted_severity": "2.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dej6-dxbp-a3bt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95499?format=api", "vulnerability_id": "VCID-ftt2-5jnt-9ye2", "summary": "Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script can be activated through Action form fields, which can be sent as request to a website with a vulnerability that enables execution of malicious scripts.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29457", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.58661", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.5864", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.65616", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.65594", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.65607", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.65591", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.65606", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.65617", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.65516", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.65569", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.65581", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.656", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.65586", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.65558", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29457" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29457", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29457" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175", "reference_id": "1055175", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-22988", "reference_id": "ZBX-22988", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T21:06:43Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-22988" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2023-29457" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ftt2-5jnt-9ye2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97013?format=api", "vulnerability_id": "VCID-fxqr-51kp-3ber", "summary": "For performance reasons Zabbix Server/Proxy reuses JavaScript (Duktape) contexts (used in script items, JavaScript reprocessing, Webhooks). This can lead to confidentiality loss where a regular (non-super) Zabbix administrator leaks data for hosts they do not have access to. A fix has been released that makes the built in Zabbix JavaScript objects read-only, but please be advised that usage of global JavaScript variables is not recommended because their content could be leaked. More information <a href='https://www.zabbix.com/documentation/7.4/en/manual/installation/known_issues#preprocessing-global-variables-are-unsafe'>in Zabbix documentation</a>.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23919", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05655", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05583", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0564", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05647", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05621", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05618", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05656", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05683", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06597", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06722", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06719", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06592", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06572", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06564", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23919" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23919", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23919" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-27638", "reference_id": "ZBX-27638", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:36:08Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-27638" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2026-23919" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fxqr-51kp-3ber" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96114?format=api", "vulnerability_id": "VCID-gp3f-yz9h-eqax", "summary": "The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36460", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63508", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.6348", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63499", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63513", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63426", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63453", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63418", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.6347", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63487", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63504", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63488", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63454", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63495", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36460" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36460" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078553", "reference_id": "1078553", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078553" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-25017", "reference_id": "ZBX-25017", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-09T15:04:09Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-25017" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-36460" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gp3f-yz9h-eqax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/267137?format=api", "vulnerability_id": "VCID-gyqk-zsww-ykdj", "summary": "Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29451", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29542", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29494", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.3142", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31849", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31829", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31801", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31632", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31504", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31807", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.3186", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31888", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31891", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31852", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31817", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29451" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175", "reference_id": "1055175", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-22587", "reference_id": "ZBX-22587", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T16:25:43Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-22587" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2023-29451" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gyqk-zsww-ykdj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95498?format=api", "vulnerability_id": "VCID-kx3g-p2zj-duaj", "summary": "URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29456", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00122", "scoring_system": "epss", "scoring_elements": "0.31519", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00122", "scoring_system": "epss", "scoring_elements": "0.31478", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35643", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36041", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35989", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35762", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.3573", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36006", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36056", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36074", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36081", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36042", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36016", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36055", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29456" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29456", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29456" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175", "reference_id": "1055175", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-22987", "reference_id": "ZBX-22987", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T16:19:48Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-22987" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2023-29456" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kx3g-p2zj-duaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96210?format=api", "vulnerability_id": "VCID-mhx5-hcg2-wfc4", "summary": "The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45699", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43417", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43566", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43496", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.435", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43591", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43618", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43554", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43605", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.4361", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43629", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43597", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43581", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43642", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43631", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45699" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-26254", "reference_id": "ZBX-26254", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-02T16:28:20Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-26254" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-45699" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mhx5-hcg2-wfc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/318582?format=api", "vulnerability_id": "VCID-n5md-76wa-dbaa", "summary": "A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27240", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18122", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18068", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17823", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.1903", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19182", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19193", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19084", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19075", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20113", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20055", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20037", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20132", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20158", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20075", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27240" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-26986", "reference_id": "ZBX-26986", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-13T03:55:34Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-26986" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2025-27240" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n5md-76wa-dbaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96115?format=api", "vulnerability_id": "VCID-nrkb-pzcu-8ueg", "summary": "Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36461", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00725", "scoring_system": "epss", "scoring_elements": "0.72667", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00725", "scoring_system": "epss", "scoring_elements": "0.7262", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00725", "scoring_system": "epss", "scoring_elements": "0.72662", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00725", "scoring_system": "epss", "scoring_elements": "0.72671", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00725", "scoring_system": "epss", "scoring_elements": "0.72536", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00725", "scoring_system": "epss", "scoring_elements": "0.72553", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00725", "scoring_system": "epss", "scoring_elements": "0.7253", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00725", "scoring_system": "epss", "scoring_elements": "0.72568", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00725", "scoring_system": "epss", "scoring_elements": "0.7258", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00725", "scoring_system": "epss", "scoring_elements": "0.72604", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00725", "scoring_system": "epss", "scoring_elements": "0.72587", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00725", "scoring_system": "epss", "scoring_elements": "0.72576", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00725", "scoring_system": "epss", "scoring_elements": "0.72618", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00725", "scoring_system": "epss", "scoring_elements": "0.72629", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36461" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36461", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36461" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078553", "reference_id": "1078553", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078553" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-25018", "reference_id": "ZBX-25018", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T15:21:52Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-25018" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-36461" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nrkb-pzcu-8ueg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/291840?format=api", "vulnerability_id": "VCID-nyhx-57xy-wugc", "summary": "Currently, geomap configuration (Administration -> General -> Geographical maps) allows using HTML in the field “Attribution text” when selected “Other” Tile provider.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29452", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01801", "scoring_system": "epss", "scoring_elements": "0.82757", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01801", "scoring_system": "epss", "scoring_elements": "0.82744", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01972", "scoring_system": "epss", "scoring_elements": "0.83617", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01972", "scoring_system": "epss", "scoring_elements": "0.83606", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01972", "scoring_system": "epss", "scoring_elements": "0.83613", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01972", "scoring_system": "epss", "scoring_elements": "0.83507", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01972", "scoring_system": "epss", "scoring_elements": "0.83531", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01972", "scoring_system": "epss", "scoring_elements": "0.83541", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01972", "scoring_system": "epss", "scoring_elements": "0.83556", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01972", "scoring_system": "epss", "scoring_elements": "0.8355", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01972", "scoring_system": "epss", "scoring_elements": "0.83545", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01972", "scoring_system": "epss", "scoring_elements": "0.8358", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01972", "scoring_system": "epss", "scoring_elements": "0.83581", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01972", "scoring_system": "epss", "scoring_elements": "0.83582", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29452" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175", "reference_id": "1055175", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-22981", "reference_id": "ZBX-22981", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T16:21:55Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-22981" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2023-29452" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nyhx-57xy-wugc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96177?format=api", "vulnerability_id": "VCID-psak-h1x6-1kca", "summary": "Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42325", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.27921", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28309", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28251", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28263", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28245", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28198", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28111", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.27999", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28348", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28352", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31776", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31731", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31594", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31647", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42325" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42325", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42325" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-26258", "reference_id": "ZBX-26258", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-02T14:48:54Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-26258" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-42325" ], "risk_score": 0.9, "exploitability": "0.5", "weighted_severity": "1.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-psak-h1x6-1kca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96580?format=api", "vulnerability_id": "VCID-qzp5-px2f-vqc8", "summary": "A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27236", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14616", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14756", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14643", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14646", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14832", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14636", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14726", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14785", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14745", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14708", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14654", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14546", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14552", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1661", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27236" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27236", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27236" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117448", "reference_id": "1117448", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117448" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-27060", "reference_id": "ZBX-27060", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-03T13:52:30Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-27060" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2025-27236" ], "risk_score": 0.9, "exploitability": "0.5", "weighted_severity": "1.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qzp5-px2f-vqc8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64351?format=api", "vulnerability_id": "VCID-qzzk-mcfu-sfhv", "summary": "zabbix: Zabbix: Confidentiality loss via improper access control in configuration.import API", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23925.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23925.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23925", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01567", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01563", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02427", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02403", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02385", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02374", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02331", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02334", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02356", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02333", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02319", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02317", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02301", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02307", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23925" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23925", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23925" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445155", "reference_id": "2445155", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445155" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-27567", "reference_id": "ZBX-27567", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:H/SI:N/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-09T20:54:37Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-27567" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2026-23925" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qzzk-mcfu-sfhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95494?format=api", "vulnerability_id": "VCID-r65p-6wkq-sfb9", "summary": "JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user \"zabbix\") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29450", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48684", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48662", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52339", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52389", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52428", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52434", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52366", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52376", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52321", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52374", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52369", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52419", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52403", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29450" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29450", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29450" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175", "reference_id": "1055175", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-22588", "reference_id": "ZBX-22588", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-06T14:20:54Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-22588" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2023-29450" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r65p-6wkq-sfb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97014?format=api", "vulnerability_id": "VCID-r8yr-aet5-yydn", "summary": "Host and event action script input is validated with a regex (set by the administrator), but the validation runs in multiline mode. If ^ and $ anchors are used in user input validation, an injected newline lets authenticated users bypass the check and inject shell commands.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23920", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16305", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16462", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16233", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.1634", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16524", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.1632", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16406", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16465", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16449", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.1641", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16349", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16285", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18628", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18673", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23920" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23920", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23920" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-27639", "reference_id": "ZBX-27639", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:24:03Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-27639" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2026-23920" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r8yr-aet5-yydn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208127?format=api", "vulnerability_id": "VCID-ry8x-mjbp-qqct", "summary": "A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them to sign in with admin permissions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36466", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40537", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40555", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40585", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40565", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40592", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40513", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40564", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40574", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40593", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40556", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48747", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48799", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48788", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48796", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36466" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-25635", "reference_id": "ZBX-25635", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-04T04:55:27Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-25635" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-36466" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ry8x-mjbp-qqct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96737?format=api", "vulnerability_id": "VCID-s1mb-1gsj-pbed", "summary": "An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49643", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24627", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32832", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32639", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32525", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32971", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32793", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.3284", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.3287", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32871", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32936", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32806", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32848", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32825", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.3279", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49643" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49643", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49643" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121841", "reference_id": "1121841", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121841" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-27284", "reference_id": "ZBX-27284", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T14:33:57Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-27284" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2025-49643" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s1mb-1gsj-pbed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/318579?format=api", "vulnerability_id": "VCID-sudd-unuw-wqa9", "summary": "Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27233", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09365", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09416", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09326", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09578", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09725", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09767", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09734", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09693", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10399", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10368", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10357", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10336", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.1021", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10306", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27233" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117448", "reference_id": "1117448", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117448" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-26987", "reference_id": "ZBX-26987", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:H/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-12T11:57:58Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-26987" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2025-27233" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sudd-unuw-wqa9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96578?format=api", "vulnerability_id": "VCID-uh37-bv9z-1bdz", "summary": "The LDAP 'Bind password' value cannot be read after saving, but a Super Admin account can leak it by changing LDAP 'Host' to a rogue LDAP server. To mitigate this, the 'Bind password' value is now reset on 'Host' change.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27231", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13398", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13532", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13376", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13402", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13594", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13391", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13472", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13521", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13494", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13458", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13411", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13318", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15247", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27231" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117448", "reference_id": "1117448", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117448" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-27062", "reference_id": "ZBX-27062", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-03T13:55:44Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-27062" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2025-27231" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uh37-bv9z-1bdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96180?format=api", "vulnerability_id": "VCID-uxdf-6tyd-rucd", "summary": "The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attack requires an SNMP item to be configured as text on the target host.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42332", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62269", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62249", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62259", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62276", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.6216", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62191", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62158", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62208", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62226", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62244", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62234", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62212", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62258", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62265", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42332" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42332", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42332" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088689", "reference_id": "1088689", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088689" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-25628", "reference_id": "ZBX-25628", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:54:59Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-25628" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-42332" ], "risk_score": 0.9, "exploitability": "0.5", "weighted_severity": "1.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uxdf-6tyd-rucd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/267145?format=api", "vulnerability_id": "VCID-vkfp-asar-7bhw", "summary": "The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32725", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50162", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50194", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50222", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50171", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50225", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50218", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50246", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.5022", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50208", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50253", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50255", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50229", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50202", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32725" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2023-32725" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vkfp-asar-7bhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95946?format=api", "vulnerability_id": "VCID-wczj-cv1m-7qce", "summary": "An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22116", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65908", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65889", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65899", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.6591", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65815", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65845", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65811", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65863", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65875", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65894", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65881", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65851", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65886", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65901", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22116" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22116", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22116" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078553", "reference_id": "1078553", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078553" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-25016", "reference_id": "ZBX-25016", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-04T04:55:28Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-25016" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-22116" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wczj-cv1m-7qce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96181?format=api", "vulnerability_id": "VCID-zc7p-7yts-5yae", "summary": "The researcher is showing that it is possible to leak a small amount of Zabbix Server memory using an out of bounds read in src/libs/zbxmedia/email.c", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42333", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.2673", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26682", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26673", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26826", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26866", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26652", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.2672", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.2677", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26774", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32287", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32641", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32486", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32371", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.3267", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42333" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42333" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088689", "reference_id": "1088689", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088689" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-25629", "reference_id": "ZBX-25629", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:54:27Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-25629" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-42333" ], "risk_score": 0.7, "exploitability": "0.5", "weighted_severity": "1.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zc7p-7yts-5yae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95947?format=api", "vulnerability_id": "VCID-zrfp-skzu-cbet", "summary": "When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding sysmapelementurlid + 1. This action prevents others from adding URLs to the map element.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22117", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.1763", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17788", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17698", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17675", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.1797", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18024", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17723", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17811", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17871", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17887", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17844", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17795", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.1774", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.1775", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22117" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22117", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22117" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-25610", "reference_id": "ZBX-25610", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-26T15:03:28Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-25610" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-22117" ], "risk_score": 0.7, "exploitability": "0.5", "weighted_severity": "1.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zrfp-skzu-cbet" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96119?format=api", "vulnerability_id": "VCID-172p-q6d5-9ya3", "summary": "Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36469", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31394", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31826", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31791", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31823", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31803", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31773", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31606", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31478", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31861", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31865", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35753", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35726", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35633", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35679", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36469" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-26255", "reference_id": "ZBX-26255", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-02T15:00:32Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-26255" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-36469" ], "risk_score": 0.8, "exploitability": "0.5", "weighted_severity": "1.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-172p-q6d5-9ya3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95100?format=api", "vulnerability_id": "VCID-18fv-tqjq-p3ce", "summary": "An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and expiration of a number of factors - an attacker should have authorized access to the Zabbix Frontend and allowed network connection between a malicious server and victim’s computer, understand attacked infrastructure, be recognized by the victim as a trustee and use trusted communication channel.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24349", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43854", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43878", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43902", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43832", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43883", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43886", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43904", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43871", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00849", "scoring_system": "epss", "scoring_elements": "0.74948", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00849", "scoring_system": "epss", "scoring_elements": "0.74904", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00849", "scoring_system": "epss", "scoring_elements": "0.74911", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00849", "scoring_system": "epss", "scoring_elements": "0.74902", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00849", "scoring_system": "epss", "scoring_elements": "0.74938", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00849", "scoring_system": "epss", "scoring_elements": "0.74945", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24349" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" } ], "aliases": [ "CVE-2022-24349" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-18fv-tqjq-p3ce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95948?format=api", "vulnerability_id": "VCID-1xr6-n296-cyfd", "summary": "The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22119", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.6214", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.62143", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.62149", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.62133", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.62131", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.62147", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.62042", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.62074", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.62043", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.62093", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.6211", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.6213", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.6212", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.62099", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22119" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22119", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22119" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00020.html", "reference_id": "msg00020.html", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T14:54:06Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00020.html" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-24070", "reference_id": "ZBX-24070", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T14:54:06Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-24070" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-22119" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1xr6-n296-cyfd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95076?format=api", "vulnerability_id": "VCID-2hd4-rbph-5qd8", "summary": "An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users. When XSS is stored by an authenticated malicious actor and other users try to search for groups during new host creation, the XSS payload will fire and the actor can steal session cookies and perform session hijacking to impersonate users or take over their accounts.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23133", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00963", "scoring_system": "epss", "scoring_elements": "0.76617", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00963", "scoring_system": "epss", "scoring_elements": "0.76477", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00963", "scoring_system": "epss", "scoring_elements": "0.76506", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00963", "scoring_system": "epss", "scoring_elements": "0.76489", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00963", "scoring_system": "epss", "scoring_elements": "0.76521", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00963", "scoring_system": "epss", "scoring_elements": "0.76532", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00963", "scoring_system": "epss", "scoring_elements": "0.76558", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00963", "scoring_system": "epss", "scoring_elements": "0.76537", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00963", "scoring_system": "epss", "scoring_elements": "0.76573", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00963", "scoring_system": "epss", "scoring_elements": "0.76577", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00963", "scoring_system": "epss", "scoring_elements": "0.76565", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00963", "scoring_system": "epss", "scoring_elements": "0.76598", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00963", "scoring_system": "epss", "scoring_elements": "0.76603", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23133" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23133", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23133" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" } ], "aliases": [ "CVE-2022-23133" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2hd4-rbph-5qd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96211?format=api", "vulnerability_id": "VCID-3g1d-2tvh-akh4", "summary": "Zabbix server is vulnerable to a DoS vulnerability due to uncontrolled resource exhaustion. An attacker can send specially crafted requests to the server, which will cause the server to allocate an excessive amount of memory and perform CPU-intensive decompression operations, ultimately leading to a service crash.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45700", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41583", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41734", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.4166", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41661", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41788", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41817", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41746", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41796", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41805", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41829", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41783", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41832", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41806", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45700" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45700", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45700" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-26253", "reference_id": "ZBX-26253", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-02T16:27:38Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-26253" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-45700" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3g1d-2tvh-akh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95949?format=api", "vulnerability_id": "VCID-3qru-uxsd-e3c8", "summary": "Zabbix allows to configure SMS notifications. AT command injection occurs on \"Zabbix Server\" because there is no validation of \"Number\" field on Web nor on Zabbix server side. Attacker can run test of SMS providing specially crafted phone number and execute additional AT commands on modem.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22122", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.6317", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63136", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63158", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63172", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.6307", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.631", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63064", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63116", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63133", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.6315", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63135", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63113", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63148", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63155", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22122" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22122", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22122" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078553", "reference_id": "1078553", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078553" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-25012", "reference_id": "ZBX-25012", "reference_type": "", "scores": [ { "value": "3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:46:40Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-25012" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-22122" ], "risk_score": 0.8, "exploitability": "0.5", "weighted_severity": "1.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3qru-uxsd-e3c8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95538?format=api", "vulnerability_id": "VCID-464s-8ex9-kqdz", "summary": "A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32721", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72306", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72324", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72301", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.7234", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72352", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72375", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72358", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72346", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72387", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72397", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72384", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72427", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72436", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72432", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32721" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32721", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32721" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053877", "reference_id": "1053877", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053877" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2023-32721" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-464s-8ex9-kqdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95945?format=api", "vulnerability_id": "VCID-4s92-5es4-yka5", "summary": "User with no permission to any of the Hosts can access and view host count & other statistics through System Information Widget in Global View Dashboard.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22114", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.38687", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39004", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.38797", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.38774", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.391", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39122", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.3904", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39096", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39112", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39124", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39087", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39067", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39092", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22114" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22114", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22114" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078553", "reference_id": "1078553", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078553" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-25015", "reference_id": "ZBX-25015", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T12:39:48Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-25015" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-22114" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4s92-5es4-yka5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95543?format=api", "vulnerability_id": "VCID-4uxg-fxv7-rua8", "summary": "An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32727", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64394", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64302", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64369", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.6436", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64381", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64331", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64287", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64335", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.6435", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64363", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64351", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64322", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64358", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32727" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32727", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32727" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-23857", "reference_id": "ZBX-23857", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-07T20:37:31Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-23857" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2023-32727" ], "risk_score": 1.7, "exploitability": "0.5", "weighted_severity": "3.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4uxg-fxv7-rua8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95539?format=api", "vulnerability_id": "VCID-547a-p94b-6fep", "summary": "The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32722", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.57968", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.57972", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58005", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.57969", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.57985", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.5799", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.57966", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58022", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58024", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58041", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58019", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.57999", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58029", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58028", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32722" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32722", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32722" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053877", "reference_id": "1053877", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053877" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-23390", "reference_id": "ZBX-23390", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-18T15:26:49Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-23390" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2023-32722" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-547a-p94b-6fep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95496?format=api", "vulnerability_id": "VCID-5s7j-6aea-qucr", "summary": "Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application, then the application saves the payload (e.g., in a database or server-side text files), and finally, the application unintentionally executes the payload for every victim visiting its web pages.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29454", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00646", "scoring_system": "epss", "scoring_elements": "0.70673", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00646", "scoring_system": "epss", "scoring_elements": "0.70654", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.74251", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.74217", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.74209", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.74244", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.74253", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.74126", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.74159", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.74174", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.74195", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.74177", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.7417", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.74208", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29454" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29454", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29454" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175", "reference_id": "1055175", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-22985", "reference_id": "ZBX-22985", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T21:06:47Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-22985" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2023-29454" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5s7j-6aea-qucr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95497?format=api", "vulnerability_id": "VCID-673b-qsd3-e3hz", "summary": "Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29455", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00917", "scoring_system": "epss", "scoring_elements": "0.75899", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00917", "scoring_system": "epss", "scoring_elements": "0.75866", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01219", "scoring_system": "epss", "scoring_elements": "0.79136", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01219", "scoring_system": "epss", "scoring_elements": "0.79082", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01219", "scoring_system": "epss", "scoring_elements": "0.79081", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01219", "scoring_system": "epss", "scoring_elements": "0.79114", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01219", "scoring_system": "epss", "scoring_elements": "0.79121", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01219", "scoring_system": "epss", "scoring_elements": "0.79028", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01219", "scoring_system": "epss", "scoring_elements": "0.79052", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01219", "scoring_system": "epss", "scoring_elements": "0.79059", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01219", "scoring_system": "epss", "scoring_elements": "0.79083", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01219", "scoring_system": "epss", "scoring_elements": "0.79068", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01219", "scoring_system": "epss", "scoring_elements": "0.79058", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01219", "scoring_system": "epss", "scoring_elements": "0.79085", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29455" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29455", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29455" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175", "reference_id": "1055175", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-22986", "reference_id": "ZBX-22986", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T21:06:45Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-22986" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2023-29455" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-673b-qsd3-e3hz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96579?format=api", "vulnerability_id": "VCID-69kr-fmzb-nbdr", "summary": "Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. In Zabbix 5.0 this allows for remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27234", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25637", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25868", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.2693", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26983", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27028", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26987", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27031", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.2694", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.2776", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30644", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30353", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30271", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30678", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30467", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27234" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27234", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27234" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-26985", "reference_id": "ZBX-26985", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-12T15:16:38Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-26985" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" } ], "aliases": [ "CVE-2025-27234" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-69kr-fmzb-nbdr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95493?format=api", "vulnerability_id": "VCID-6u3x-x7qt-g3fa", "summary": "JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles (Admin and Superadmin). Administrative privileges should be typically granted to users who need to perform tasks that require more control over the system. The security risk is limited because not all users have this level of access.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29449", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00755", "scoring_system": "epss", "scoring_elements": "0.73212", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00755", "scoring_system": "epss", "scoring_elements": "0.73191", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75096", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75049", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75087", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75092", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.7498", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75014", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75026", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75047", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75015", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75051", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75059", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29449" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29449", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29449" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175", "reference_id": "1055175", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-22589", "reference_id": "ZBX-22589", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T16:25:49Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-22589" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2023-29449" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6u3x-x7qt-g3fa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96118?format=api", "vulnerability_id": "VCID-7bzf-3c9x-8qc4", "summary": "An authenticated user with API access (e.g.: user with default User role), more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group (e.g.: Zabbix Administrators), except to groups that are disabled or having restricted GUI access.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36467", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47359", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47425", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47366", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47339", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.4736", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47308", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47363", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47384", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55627", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55708", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55633", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.5565", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55729", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36467" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36467" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088689", "reference_id": "1088689", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088689" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-25614", "reference_id": "ZBX-25614", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-04T04:55:25Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-25614" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-36467" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7bzf-3c9x-8qc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96179?format=api", "vulnerability_id": "VCID-7f3g-hebk-3qad", "summary": "In the src/libs/zbxembed/browser.c file, the es_browser_ctor method retrieves a heap pointer from the Duktape JavaScript engine. This heap pointer is subsequently utilized by the browser_push_error method in the src/libs/zbxembed/browser_error.c file. A use-after-free bug can occur at this stage if the wd->browser heap pointer is freed by garbage collection.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42331", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13557", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13676", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13685", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13655", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13822", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13878", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13679", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13762", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13812", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13781", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13744", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13694", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13605", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13602", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42331" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42331", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42331" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088689", "reference_id": "1088689", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088689" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-25627", "reference_id": "ZBX-25627", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:55:25Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-25627" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-42331" ], "risk_score": 0.8, "exploitability": "0.5", "weighted_severity": "1.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7f3g-hebk-3qad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96116?format=api", "vulnerability_id": "VCID-7yp1-231f-a3eq", "summary": "The implementation of atob in \"Zabbix JS\" allows to create a string with arbitrary content and use it to access internal properties of objects.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36463", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59351", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59373", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59354", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59332", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59297", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59321", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59286", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59336", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59349", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59368", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59352", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59334", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59367", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36463" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36463", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36463" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-25611", "reference_id": "ZBX-25611", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-26T16:21:34Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-25611" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-36463" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7yp1-231f-a3eq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95199?format=api", "vulnerability_id": "VCID-8cpy-mqfn-y3f9", "summary": "An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35230", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00874", "scoring_system": "epss", "scoring_elements": "0.75349", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00874", "scoring_system": "epss", "scoring_elements": "0.75221", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00874", "scoring_system": "epss", "scoring_elements": "0.75251", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00874", "scoring_system": "epss", "scoring_elements": "0.75229", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00874", "scoring_system": "epss", "scoring_elements": "0.75271", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00874", "scoring_system": "epss", "scoring_elements": "0.75282", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00874", "scoring_system": "epss", "scoring_elements": "0.75302", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00874", "scoring_system": "epss", "scoring_elements": "0.7528", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00874", "scoring_system": "epss", "scoring_elements": "0.75269", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00874", "scoring_system": "epss", "scoring_elements": "0.75308", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00874", "scoring_system": "epss", "scoring_elements": "0.75315", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00874", "scoring_system": "epss", "scoring_elements": "0.75306", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00874", "scoring_system": "epss", "scoring_elements": "0.75342", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00874", "scoring_system": "epss", "scoring_elements": "0.75346", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35230" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35230", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35230" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014994", "reference_id": "1014994", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014994" }, { "reference_url": "https://usn.ubuntu.com/6751-1/", "reference_id": "USN-6751-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6751-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" } ], "aliases": [ "CVE-2022-35230" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8cpy-mqfn-y3f9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95198?format=api", "vulnerability_id": "VCID-9aju-xvg1-n7e5", "summary": "An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35229", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00808", "scoring_system": "epss", "scoring_elements": "0.74277", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00808", "scoring_system": "epss", "scoring_elements": "0.74152", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00808", "scoring_system": "epss", "scoring_elements": "0.74179", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00808", "scoring_system": "epss", "scoring_elements": "0.74151", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00808", "scoring_system": "epss", "scoring_elements": "0.74184", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00808", "scoring_system": "epss", "scoring_elements": "0.74199", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00808", "scoring_system": "epss", "scoring_elements": "0.7422", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00808", "scoring_system": "epss", "scoring_elements": "0.74203", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00808", "scoring_system": "epss", "scoring_elements": "0.74196", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00808", "scoring_system": "epss", "scoring_elements": "0.74233", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00808", "scoring_system": "epss", "scoring_elements": "0.74243", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00808", "scoring_system": "epss", "scoring_elements": "0.74234", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00808", "scoring_system": "epss", "scoring_elements": "0.74269", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00808", "scoring_system": "epss", "scoring_elements": "0.74278", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35229" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35229", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35229" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014992", "reference_id": "1014992", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014992" }, { "reference_url": "https://usn.ubuntu.com/6751-1/", "reference_id": "USN-6751-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6751-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" } ], "aliases": [ "CVE-2022-35229" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9aju-xvg1-n7e5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95541?format=api", "vulnerability_id": "VCID-9z8h-gg7t-b7f8", "summary": "Memory pointer is in a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory access and manipulation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32724", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.72557", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.72559", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.72428", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.72446", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.72422", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.72461", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.72474", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.72496", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.72478", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.72469", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.7251", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.72519", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.72509", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.72552", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32724" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32724", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32724" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053877", "reference_id": "1053877", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053877" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-23391", "reference_id": "ZBX-23391", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T13:43:17Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-23391" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2023-32724" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9z8h-gg7t-b7f8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96178?format=api", "vulnerability_id": "VCID-aetr-jrab-6fg5", "summary": "The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42330", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38183", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38205", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38159", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38249", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38272", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38141", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38191", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38199", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38218", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45716", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45838", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45764", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45775", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45892", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42330" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088689", "reference_id": "1088689", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088689" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-25626", "reference_id": "ZBX-25626", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:12:32Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-25626" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-42330" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aetr-jrab-6fg5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96117?format=api", "vulnerability_id": "VCID-b8tm-2187-wkhz", "summary": "When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36464", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15318", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15167", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15252", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15385", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15455", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15258", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15346", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15396", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15356", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20515", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20663", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.2055", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20547", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20672", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36464" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36464", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36464" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1090030", "reference_id": "1090030", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1090030" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-25630", "reference_id": "ZBX-25630", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:27:15Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-25630" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-36464" ], "risk_score": 0.7, "exploitability": "0.5", "weighted_severity": "1.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b8tm-2187-wkhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95950?format=api", "vulnerability_id": "VCID-batr-txtv-s3cf", "summary": "Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and zabbix_server will try to communicate with it as modem. As a result, log file will be broken with AT commands and small part for log file content will be leaked to UI.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22123", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.60847", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.60826", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.60852", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.60757", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.60786", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.60751", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.60799", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.60815", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.60836", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.60823", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.60804", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61534", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61539", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22123" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22123", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22123" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078553", "reference_id": "1078553", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078553" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-25013", "reference_id": "ZBX-25013", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:40:56Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-25013" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-22123" ], "risk_score": 0.7, "exploitability": "0.5", "weighted_severity": "1.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-batr-txtv-s3cf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95500?format=api", "vulnerability_id": "VCID-cuqx-wxkd-nffa", "summary": "Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29458", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28309", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28265", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.3183", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.32038", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.3191", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.32206", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.32254", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.32284", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.32285", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.32247", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.32216", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.32249", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.32229", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.32199", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29458" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29458", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29458" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175", "reference_id": "1055175", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-22989", "reference_id": "ZBX-22989", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T16:19:37Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-22989" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2023-29458" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cuqx-wxkd-nffa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95542?format=api", "vulnerability_id": "VCID-d7uk-h423-77f5", "summary": "The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32726", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32596", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33077", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33109", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.3294", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32985", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33016", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33019", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32981", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32956", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32998", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32976", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32939", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32792", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32679", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32726" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32726", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32726" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2023-32726" ], "risk_score": 1.3, "exploitability": "0.5", "weighted_severity": "2.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d7uk-h423-77f5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95499?format=api", "vulnerability_id": "VCID-ftt2-5jnt-9ye2", "summary": "Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script can be activated through Action form fields, which can be sent as request to a website with a vulnerability that enables execution of malicious scripts.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29457", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.58661", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.5864", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.65616", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.65594", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.65607", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.65591", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.65606", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.65617", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.65516", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.65569", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.65581", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.656", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.65586", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.65558", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29457" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29457", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29457" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175", "reference_id": "1055175", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-22988", "reference_id": "ZBX-22988", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T21:06:43Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-22988" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2023-29457" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ftt2-5jnt-9ye2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95075?format=api", "vulnerability_id": "VCID-gbn9-b2t2-5fbs", "summary": "During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23132", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.33859", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34448", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34477", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34343", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34386", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34415", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34418", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34379", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34355", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34389", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34375", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34335", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.33962", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.33943", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23132" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23132", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23132" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" } ], "aliases": [ "CVE-2022-23132" ], "risk_score": 0.8, "exploitability": "0.5", "weighted_severity": "1.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gbn9-b2t2-5fbs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96114?format=api", "vulnerability_id": "VCID-gp3f-yz9h-eqax", "summary": "The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36460", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63508", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.6348", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63499", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63513", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63426", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63453", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63418", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.6347", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63487", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63504", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63488", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63454", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63495", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36460" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36460" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078553", "reference_id": "1078553", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078553" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-25017", "reference_id": "ZBX-25017", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-09T15:04:09Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-25017" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-36460" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gp3f-yz9h-eqax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95498?format=api", "vulnerability_id": "VCID-kx3g-p2zj-duaj", "summary": "URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29456", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00122", "scoring_system": "epss", "scoring_elements": "0.31519", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00122", "scoring_system": "epss", "scoring_elements": "0.31478", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35643", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36041", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35989", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35762", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.3573", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36006", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36056", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36074", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36081", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36042", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36016", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36055", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29456" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29456", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29456" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175", "reference_id": "1055175", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-22987", "reference_id": "ZBX-22987", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T16:19:48Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-22987" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2023-29456" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kx3g-p2zj-duaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95102?format=api", "vulnerability_id": "VCID-mggj-rvdd-eqc6", "summary": "An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24917", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53445", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53387", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53413", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53382", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53434", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53429", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53478", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53462", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00882", "scoring_system": "epss", "scoring_elements": "0.75477", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00882", "scoring_system": "epss", "scoring_elements": "0.75438", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00882", "scoring_system": "epss", "scoring_elements": "0.75444", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00882", "scoring_system": "epss", "scoring_elements": "0.75433", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00882", "scoring_system": "epss", "scoring_elements": "0.75468", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00882", "scoring_system": "epss", "scoring_elements": "0.75472", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24917" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24917", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24917" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" } ], "aliases": [ "CVE-2022-24917" ], "risk_score": 0.9, "exploitability": "0.5", "weighted_severity": "1.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mggj-rvdd-eqc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96210?format=api", "vulnerability_id": "VCID-mhx5-hcg2-wfc4", "summary": "The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45699", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43417", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43566", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43496", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.435", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43591", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43618", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43554", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43605", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.4361", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43629", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43597", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43581", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43642", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43631", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45699" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-26254", "reference_id": "ZBX-26254", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-02T16:28:20Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-26254" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-45699" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mhx5-hcg2-wfc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96115?format=api", "vulnerability_id": "VCID-nrkb-pzcu-8ueg", "summary": "Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36461", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00725", "scoring_system": "epss", "scoring_elements": "0.72667", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00725", "scoring_system": "epss", "scoring_elements": "0.7262", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00725", "scoring_system": "epss", "scoring_elements": "0.72662", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00725", "scoring_system": "epss", "scoring_elements": "0.72671", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00725", "scoring_system": "epss", "scoring_elements": "0.72536", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00725", "scoring_system": "epss", "scoring_elements": "0.72553", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00725", "scoring_system": "epss", "scoring_elements": "0.7253", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00725", "scoring_system": "epss", "scoring_elements": "0.72568", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00725", "scoring_system": "epss", "scoring_elements": "0.7258", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00725", "scoring_system": "epss", "scoring_elements": "0.72604", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00725", "scoring_system": "epss", "scoring_elements": "0.72587", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00725", "scoring_system": "epss", "scoring_elements": "0.72576", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00725", "scoring_system": "epss", "scoring_elements": "0.72618", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00725", "scoring_system": "epss", "scoring_elements": "0.72629", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36461" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36461", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36461" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078553", "reference_id": "1078553", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078553" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-25018", "reference_id": "ZBX-25018", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T15:21:52Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-25018" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-36461" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nrkb-pzcu-8ueg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96177?format=api", "vulnerability_id": "VCID-psak-h1x6-1kca", "summary": "Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42325", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.27921", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28309", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28251", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28263", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28245", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28198", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28111", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.27999", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28348", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28352", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31776", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31731", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31594", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31647", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42325" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42325", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42325" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-26258", "reference_id": "ZBX-26258", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-02T14:48:54Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-26258" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-42325" ], "risk_score": 0.9, "exploitability": "0.5", "weighted_severity": "1.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-psak-h1x6-1kca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95104?format=api", "vulnerability_id": "VCID-qhxc-w75p-kqaj", "summary": "An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24919", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53445", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53387", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53413", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53382", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53434", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53429", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53478", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53462", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00882", "scoring_system": "epss", "scoring_elements": "0.75477", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00882", "scoring_system": "epss", "scoring_elements": "0.75438", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00882", "scoring_system": "epss", "scoring_elements": "0.75444", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00882", "scoring_system": "epss", "scoring_elements": "0.75433", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00882", "scoring_system": "epss", "scoring_elements": "0.75468", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00882", "scoring_system": "epss", "scoring_elements": "0.75472", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24919" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24919", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24919" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" } ], "aliases": [ "CVE-2022-24919" ], "risk_score": 0.9, "exploitability": "0.5", "weighted_severity": "1.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qhxc-w75p-kqaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95494?format=api", "vulnerability_id": "VCID-r65p-6wkq-sfb9", "summary": "JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user \"zabbix\") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29450", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48684", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48662", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52339", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52389", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52428", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52434", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52366", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52376", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52321", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52374", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52369", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52419", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52403", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29450" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29450", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29450" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175", "reference_id": "1055175", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-22588", "reference_id": "ZBX-22588", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-06T14:20:54Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-22588" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2023-29450" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r65p-6wkq-sfb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95103?format=api", "vulnerability_id": "VCID-uu3f-3rbn-9fad", "summary": "An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24918", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0097", "scoring_system": "epss", "scoring_elements": "0.76701", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0097", "scoring_system": "epss", "scoring_elements": "0.76569", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0097", "scoring_system": "epss", "scoring_elements": "0.76598", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0097", "scoring_system": "epss", "scoring_elements": "0.76578", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0097", "scoring_system": "epss", "scoring_elements": "0.7661", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0097", "scoring_system": "epss", "scoring_elements": "0.76621", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0097", "scoring_system": "epss", "scoring_elements": "0.76647", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0097", "scoring_system": "epss", "scoring_elements": "0.76627", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0097", "scoring_system": "epss", "scoring_elements": "0.76617", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0097", "scoring_system": "epss", "scoring_elements": "0.76659", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0097", "scoring_system": "epss", "scoring_elements": "0.76663", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0097", "scoring_system": "epss", "scoring_elements": "0.76651", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0097", "scoring_system": "epss", "scoring_elements": "0.76682", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0097", "scoring_system": "epss", "scoring_elements": "0.76689", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24918" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24918", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24918" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" } ], "aliases": [ "CVE-2022-24918" ], "risk_score": 0.9, "exploitability": "0.5", "weighted_severity": "1.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uu3f-3rbn-9fad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96180?format=api", "vulnerability_id": "VCID-uxdf-6tyd-rucd", "summary": "The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attack requires an SNMP item to be configured as text on the target host.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42332", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62269", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62249", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62259", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62276", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.6216", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62191", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62158", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62208", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62226", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62244", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62234", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62212", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62258", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62265", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42332" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42332", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42332" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088689", "reference_id": "1088689", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088689" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-25628", "reference_id": "ZBX-25628", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:54:59Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-25628" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-42332" ], "risk_score": 0.9, "exploitability": "0.5", "weighted_severity": "1.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uxdf-6tyd-rucd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95946?format=api", "vulnerability_id": "VCID-wczj-cv1m-7qce", "summary": "An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22116", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65908", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65889", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65899", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.6591", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65815", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65845", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65811", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65863", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65875", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65894", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65881", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65851", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65886", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65901", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22116" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22116", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22116" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078553", "reference_id": "1078553", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078553" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-25016", "reference_id": "ZBX-25016", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-04T04:55:28Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-25016" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-22116" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wczj-cv1m-7qce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95292?format=api", "vulnerability_id": "VCID-wfae-uyd7-ybc3", "summary": "Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be prevented from being disclosed. An attacker can bypass this protection and access the instance using IP address not listed in the defined range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43515", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31727", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31813", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31684", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.3172", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.3176", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31757", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31857", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31676", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39369", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39757", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39728", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39644", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39465", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39451", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43515" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43515", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43515" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026847", "reference_id": "1026847", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026847" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-22050", "reference_id": "ZBX-22050", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T17:57:56Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-22050" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" } ], "aliases": [ "CVE-2022-43515" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wfae-uyd7-ybc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96181?format=api", "vulnerability_id": "VCID-zc7p-7yts-5yae", "summary": "The researcher is showing that it is possible to leak a small amount of Zabbix Server memory using an out of bounds read in src/libs/zbxmedia/email.c", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42333", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.2673", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26682", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26673", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26826", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26866", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26652", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.2672", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.2677", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26774", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32287", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32641", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32486", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32371", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.3267", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42333" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42333" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088689", "reference_id": "1088689", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088689" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-25629", "reference_id": "ZBX-25629", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:54:27Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-25629" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-42333" ], "risk_score": 0.7, "exploitability": "0.5", "weighted_severity": "1.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zc7p-7yts-5yae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95947?format=api", "vulnerability_id": "VCID-zrfp-skzu-cbet", "summary": "When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding sysmapelementurlid + 1. This action prevents others from adding URLs to the map element.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22117", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.1763", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17788", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17698", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17675", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.1797", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18024", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17723", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17811", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17871", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17887", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17844", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17795", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.1774", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.1775", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22117" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22117", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22117" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://support.zabbix.com/browse/ZBX-25610", "reference_id": "ZBX-25610", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-26T15:03:28Z/" } ], "url": "https://support.zabbix.com/browse/ZBX-25610" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994478?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-172p-q6d5-9ya3" }, { "vulnerability": "VCID-1xr6-n296-cyfd" }, { "vulnerability": "VCID-3g1d-2tvh-akh4" }, { "vulnerability": "VCID-3qru-uxsd-e3c8" }, { "vulnerability": "VCID-464s-8ex9-kqdz" }, { "vulnerability": "VCID-4s92-5es4-yka5" }, { "vulnerability": "VCID-4uxg-fxv7-rua8" }, { "vulnerability": "VCID-547a-p94b-6fep" }, { "vulnerability": "VCID-5nmy-hdh8-xbg1" }, { "vulnerability": "VCID-5s7j-6aea-qucr" }, { "vulnerability": "VCID-5t3e-bfve-d3he" }, { "vulnerability": "VCID-673b-qsd3-e3hz" }, { "vulnerability": "VCID-6u3x-x7qt-g3fa" }, { "vulnerability": "VCID-76qf-8jm4-8kct" }, { "vulnerability": "VCID-7bzf-3c9x-8qc4" }, { "vulnerability": "VCID-7f3g-hebk-3qad" }, { "vulnerability": "VCID-7yp1-231f-a3eq" }, { "vulnerability": "VCID-9jfn-6nvg-a3b6" }, { "vulnerability": "VCID-9z8h-gg7t-b7f8" }, { "vulnerability": "VCID-aetr-jrab-6fg5" }, { "vulnerability": "VCID-b8tm-2187-wkhz" }, { "vulnerability": "VCID-batr-txtv-s3cf" }, { "vulnerability": "VCID-cdyd-79m9-pyhv" }, { "vulnerability": "VCID-cuqx-wxkd-nffa" }, { "vulnerability": "VCID-d7uk-h423-77f5" }, { "vulnerability": "VCID-dej6-dxbp-a3bt" }, { "vulnerability": "VCID-ftt2-5jnt-9ye2" }, { "vulnerability": "VCID-fxqr-51kp-3ber" }, { "vulnerability": "VCID-gp3f-yz9h-eqax" }, { "vulnerability": "VCID-gyqk-zsww-ykdj" }, { "vulnerability": "VCID-kx3g-p2zj-duaj" }, { "vulnerability": "VCID-mhx5-hcg2-wfc4" }, { "vulnerability": "VCID-n5md-76wa-dbaa" }, { "vulnerability": "VCID-nrkb-pzcu-8ueg" }, { "vulnerability": "VCID-nyhx-57xy-wugc" }, { "vulnerability": "VCID-psak-h1x6-1kca" }, { "vulnerability": "VCID-qzp5-px2f-vqc8" }, { "vulnerability": "VCID-qzzk-mcfu-sfhv" }, { "vulnerability": "VCID-r65p-6wkq-sfb9" }, { "vulnerability": "VCID-r8yr-aet5-yydn" }, { "vulnerability": "VCID-ry8x-mjbp-qqct" }, { "vulnerability": "VCID-s1mb-1gsj-pbed" }, { "vulnerability": "VCID-sudd-unuw-wqa9" }, { "vulnerability": "VCID-uh37-bv9z-1bdz" }, { "vulnerability": "VCID-uxdf-6tyd-rucd" }, { "vulnerability": "VCID-vkfp-asar-7bhw" }, { "vulnerability": "VCID-wczj-cv1m-7qce" }, { "vulnerability": "VCID-zc7p-7yts-5yae" }, { "vulnerability": "VCID-zrfp-skzu-cbet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994479?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-22117" ], "risk_score": 0.7, "exploitability": "0.5", "weighted_severity": "1.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zrfp-skzu-cbet" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" }