The webdriver for the Browser object expects an error object to be initialized when the webdriver_session_query function fails. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
When exporting media types, the password is exported in the YAML in plain text. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The researcher is showing that it is possible to leak a small amount of Zabbix Server memory using an out of bounds read in src/libs/zbxmedia/email.c. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.