Lucene search
K

503 matches found

Nuclei
Nuclei
added 3 days ago151 views

Wazuh - Unsafe Deserialization Remote Code Execution

A critical Remote Code Execution RCE vulnerability exists in Wazuh server versions = 4.4.0 and = 4.4.0 and 4.9.1. The vulnerability occurs due to unsafe deserialization in the wazuh-manager package, specifically in the DistributedAPI where parameters are serialized as JSON and deserialized using...

9.9CVSS7.4AI score0.93027EPSS
Exploits10References3
Chainguard
Chainguard
added 6 days ago6 views

CVE-2026-8149 vulnerabilities

Vulnerabilities for packages: bouncycastle-fips, opensearch, geoserver, wazuh-indexer, guacamole-client, keycloak-fips...

5.1CVSS6.1AI score0.00158EPSS
Exploits0
Chainguard
Chainguard
added 6 days ago6 views

GHSA-MX76-R943-RF8G vulnerabilities

Vulnerabilities for packages: bouncycastle-fips, opensearch, geoserver, wazuh-indexer, guacamole-client, keycloak-fips...

6.1AI score
Exploits0
NVD
NVD
added 6 days ago9 views

CVE-2026-56401

Wazuh wazuh-modulesd before 5.0.0-beta3 contains a null pointer dereference vulnerability in inventorysync FlatBuffer DataValue handling. An enrolled agent can send a verifier-valid DataValue message omitting the optional id field, causing wazuh-modulesd to crash when dereferencing...

7.1CVSS0.00325EPSS
Exploits1References3
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-56401 Wazuh - NULL Pointer Dereference in inventory_sync DataValue FlatBuffer Handling

Wazuh wazuh-modulesd before 5.0.0-beta3 contains a null pointer dereference vulnerability in inventorysync FlatBuffer DataValue handling. An enrolled agent can send a verifier-valid DataValue message omitting the optional id field, causing wazuh-modulesd to crash when dereferencing...

7.1CVSS0.00325EPSS
Exploits1References3
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42261

Wazuh wazuh-modulesd before 5.0.0-beta3 contains a null pointer dereference vulnerability in inventorysync FlatBuffer DataValue handling. An enrolled agent can send a verifier-valid DataValue message omitting the optional id field, causing wazuh-modulesd to crash when dereferencing...

7.1CVSS6AI score0.00325EPSS
Exploits1References3
CVE
CVE
added 6 days ago15 views

CVE-2026-56401

CVE-2026-56401 affects Wazuh wazuh-modulesd (inventory_sync FlatBuffer DataValue handling). The root cause is a null pointer dereference when an attacker omits the optional id field in a verifier-valid DataValue message, causing wazuh-modulesd to crash on dereferencing data->id()->string_vi...

7.1CVSS6AI score0.00325EPSS
Exploits1References3Affected Software1
Chainguard
Chainguard
added 2026/07/06 8:24 p.m.9 views

GHSA-H6Q6-9HQW-RWFV vulnerabilities

Vulnerabilities for packages: wazuh-dashboard-fips, wazuh-dashboard...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/07/06 8:24 p.m.11 views

CVE-2021-21366 vulnerabilities

Vulnerabilities for packages: wazuh-dashboard-fips, wazuh-dashboard...

4.3CVSS6.4AI score0.01328EPSS
Exploits0
Chainguard
Chainguard
added 2026/07/06 8:24 p.m.9 views

GHSA-5FG8-2547-MR8Q vulnerabilities

Vulnerabilities for packages: wazuh-dashboard-fips, wazuh-dashboard...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/07/06 8:24 p.m.11 views

CVE-2022-39353 vulnerabilities

Vulnerabilities for packages: wazuh-dashboard-fips, wazuh-dashboard...

9.8CVSS7AI score0.01182EPSS
Exploits1
Chainguard
Chainguard
added 2026/07/06 8:24 p.m.10 views

CVE-2021-32796 vulnerabilities

Vulnerabilities for packages: wazuh-dashboard-fips, wazuh-dashboard...

6.5CVSS6.6AI score0.01347EPSS
Exploits0
Chainguard
Chainguard
added 2026/07/06 8:24 p.m.11 views

GHSA-CRH6-FP67-6883 vulnerabilities

Vulnerabilities for packages: wazuh-dashboard-fips, wazuh-dashboard...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/25 8:37 p.m.6 views

CVE-2026-56761 vulnerabilities

Vulnerabilities for packages: langfuse-fips, librechat, kibana, wazuh-dashboard, langfuse...

5.3CVSS6.1AI score0.00174EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/06/14 4:27 p.m.83 views

lab-purple-team

Lab Purple Team - Active Directory !screenshots/wazuhsecu...

5.4AI score
Exploits0
Chainguard
Chainguard
added 2026/06/13 1:18 a.m.18 views

GHSA-86QP-5C8J-P5MR vulnerabilities

Vulnerabilities for packages: wazuh-manager-fips, tritonserver-backend-vllm-cuda-12.9, wazuh-manager, nemo...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/13 1:18 a.m.13 views

CVE-2026-48710 vulnerabilities

Vulnerabilities for packages: wazuh-manager-fips, tritonserver-backend-vllm-cuda-12.9, wazuh-manager, nemo...

6.5CVSS6.3AI score0.01438EPSS
Exploits2
Packet Storm News
Packet Storm News
added 2026/06/08 12:0 a.m.13 views

Wazuh 4.14.2 Security Scanner

This Python script is a non-exploitative security scanner designed to test basic responsiveness and message handling behavior of a Wazuh cluster communication endpoint...

5.5AI score
Exploits0
Packet Storm
Packet Storm
added 2026/06/08 12:0 a.m.61 views

📄 Wazuh Cluster Remote Code Execution / Insecure Deserialization

This is a Metasploit Framework exploit module targeting a critical remote code execution vulnerability in Wazuh cluster mode identified as CVE-2026-25769. The flaw is described as an insecure deserialization issue in the cluster synchronization mechanism, where the master node improperly processe...

9.1CVSS6.6AI score0.09246EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.8 views

CVE-2026-41499

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, multiple heap-based out-of-bounds WRITE vulnerabilities exist in parseunamestring remotedop.c. This function processes OS identification data from agents and...

6.5CVSS5.4AI score0.00254EPSS
Exploits0References1
Rows per page
Query Builder