These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-23925 is a medium-severity vulnerability in Zabbix that allows an authenticated user with template/host write permissions to create unauthorized hosts, potentially leading to confidentiality loss. The vulnerability has a CVSS score of 5.1 and was published on March 6, 2026.
CVE-2022-23134 is a Zabbix Frontend improper access control vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2022-02-22. Because it is on the KEV list, organizations should treat it as a high-priority remediation item and follow vendor update guidance without delay. The supplied sources do not include affected versions or exploit details, so the safest response is to identif [truncated]
CVE-2022-23131 is a Zabbix Frontend authentication bypass vulnerability that CISA added to the Known Exploited Vulnerabilities catalog on 2022-02-22. Because it is on the KEV list, defenders should treat it as an active risk and prioritize vendor-guided remediation promptly.
CVE-2016-10134 is a critical SQL injection vulnerability in Zabbix. According to NVD, the flaw affects Zabbix before 2.2.14 and 3.0 before 3.0.4, and can let a remote attacker execute arbitrary SQL commands through the toggle_ids array parameter in latest.php. The CVSS vector is network-based, requires no privileges or user interaction, and is rated 9.8 (Critical).
CVE-2016-4338 is a high-severity injection flaw in Zabbix agent's mysql user parameter configuration script. In affected deployments, using userparameter_mysql.conf with a shell other than bash can allow abuse of the mysql.size parameter to execute arbitrary code or SQL commands. The issue is rated 8.1 HIGH in the supplied NVD record, so Zabbix installations that use this script should be prioritized for [truncated]