Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wazuh wazuh vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-42455
Wazuh is a security detection, visibility, and compliance open source project. In versions 4.4.0 and 4.4.1, it is possible to get the Wazuh API administrator key used by the Dashboard using the browser development tools. This allows a logged user to the dashboard to become admini...
Wazuh Wazuh-dashboard
Wazuh Wazuh-kibana-app
580
VMScore
CVE-2021-26814
Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. An authenticated user to the service may exploit incomplete input validation on the /manager/files API to inject arbitrary code withi...
Wazuh Wazuh
4 Github repositories
NA
CVE-2023-42463
Wazuh is a free and open source platform used for threat prevention, detection, and response. This bug introduced a stack overflow hazard that could allow a local privilege escalation. This vulnerability was patched in version 4.5.3.
Wazuh Wazuh
NA
CVE-2022-40497
Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Response endpoint.
Wazuh Wazuh
356
VMScore
CVE-2021-41821
Wazuh Manager in Wazuh up to and including 4.1.5 is affected by a remote Integer Underflow vulnerability that might lead to denial of service. A crafted message must be sent from an authenticated agent to the manager.
Wazuh Wazuh
668
VMScore
CVE-2021-44079
In the wazuh-slack active response script in Wazuh 4.2.x prior to 4.2.5, untrusted user agents are passed to a curl command line, potentially resulting in remote code execution.
Wazuh Wazuh
641
VMScore
CVE-2018-19666
The agent in OSSEC up to and including 3.1.0 on Windows allows local users to gain NT AUTHORITY\SYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC server.
Ossec Ossec
Wazuh Wazuh
NA
CVE-2023-50260
Wazuh is a free and open source platform used for threat prevention, detection, and response. A wrong validation in the `host_deny` script allows to write any string in the `hosts.deny` file, which can end in an arbitrary command execution on the target system. This vulnerability...
NA
CVE-2024-32038
Wazuh is a free and open source platform used for threat prevention, detection, and response. There is a buffer overflow hazard in wazuh-analysisd when handling Unicode characters from Windows Eventchannel messages. It impacts Wazuh Manager 3.8.0 and above. This vulnerability is ...
NA
CVE-2023-49275
Wazuh is a free and open source platform used for threat prevention, detection, and response. A NULL pointer dereference was detected during fuzzing of the analysis engine, allowing malicious clients to DoS the analysis engine. The bug occurs when `analysisd` receives a syscollec...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started