503 matches found
Wazuh - Unsafe Deserialization Remote Code Execution
A critical Remote Code Execution RCE vulnerability exists in Wazuh server versions = 4.4.0 and = 4.4.0 and 4.9.1. The vulnerability occurs due to unsafe deserialization in the wazuh-manager package, specifically in the DistributedAPI where parameters are serialized as JSON and deserialized using...
CVE-2026-8149 vulnerabilities
Vulnerabilities for packages: bouncycastle-fips, opensearch, geoserver, wazuh-indexer, guacamole-client, keycloak-fips...
GHSA-MX76-R943-RF8G vulnerabilities
Vulnerabilities for packages: bouncycastle-fips, opensearch, geoserver, wazuh-indexer, guacamole-client, keycloak-fips...
CVE-2026-56401
Wazuh wazuh-modulesd before 5.0.0-beta3 contains a null pointer dereference vulnerability in inventorysync FlatBuffer DataValue handling. An enrolled agent can send a verifier-valid DataValue message omitting the optional id field, causing wazuh-modulesd to crash when dereferencing...
CVE-2026-56401 Wazuh - NULL Pointer Dereference in inventory_sync DataValue FlatBuffer Handling
Wazuh wazuh-modulesd before 5.0.0-beta3 contains a null pointer dereference vulnerability in inventorysync FlatBuffer DataValue handling. An enrolled agent can send a verifier-valid DataValue message omitting the optional id field, causing wazuh-modulesd to crash when dereferencing...
EUVD-2026-42261
Wazuh wazuh-modulesd before 5.0.0-beta3 contains a null pointer dereference vulnerability in inventorysync FlatBuffer DataValue handling. An enrolled agent can send a verifier-valid DataValue message omitting the optional id field, causing wazuh-modulesd to crash when dereferencing...
CVE-2026-56401
CVE-2026-56401 affects Wazuh wazuh-modulesd (inventory_sync FlatBuffer DataValue handling). The root cause is a null pointer dereference when an attacker omits the optional id field in a verifier-valid DataValue message, causing wazuh-modulesd to crash on dereferencing data->id()->string_vi...
GHSA-H6Q6-9HQW-RWFV vulnerabilities
Vulnerabilities for packages: wazuh-dashboard-fips, wazuh-dashboard...
CVE-2021-21366 vulnerabilities
Vulnerabilities for packages: wazuh-dashboard-fips, wazuh-dashboard...
GHSA-5FG8-2547-MR8Q vulnerabilities
Vulnerabilities for packages: wazuh-dashboard-fips, wazuh-dashboard...
CVE-2022-39353 vulnerabilities
Vulnerabilities for packages: wazuh-dashboard-fips, wazuh-dashboard...
CVE-2021-32796 vulnerabilities
Vulnerabilities for packages: wazuh-dashboard-fips, wazuh-dashboard...
GHSA-CRH6-FP67-6883 vulnerabilities
Vulnerabilities for packages: wazuh-dashboard-fips, wazuh-dashboard...
CVE-2026-56761 vulnerabilities
Vulnerabilities for packages: langfuse-fips, librechat, kibana, wazuh-dashboard, langfuse...
lab-purple-team
Lab Purple Team - Active Directory !screenshots/wazuhsecu...
GHSA-86QP-5C8J-P5MR vulnerabilities
Vulnerabilities for packages: wazuh-manager-fips, tritonserver-backend-vllm-cuda-12.9, wazuh-manager, nemo...
CVE-2026-48710 vulnerabilities
Vulnerabilities for packages: wazuh-manager-fips, tritonserver-backend-vllm-cuda-12.9, wazuh-manager, nemo...
Wazuh 4.14.2 Security Scanner
This Python script is a non-exploitative security scanner designed to test basic responsiveness and message handling behavior of a Wazuh cluster communication endpoint...
📄 Wazuh Cluster Remote Code Execution / Insecure Deserialization
This is a Metasploit Framework exploit module targeting a critical remote code execution vulnerability in Wazuh cluster mode identified as CVE-2026-25769. The flaw is described as an insecure deserialization issue in the cluster synchronization mechanism, where the master node improperly processe...
CVE-2026-41499
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, multiple heap-based out-of-bounds WRITE vulnerabilities exist in parseunamestring remotedop.c. This function processes OS identification data from agents and...