CVE-2025-62791 Wazuh vulnerable to NULL pointer dereference in DecodeCiscat

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, DecodeCiscat implementation does not check the return the value of cJSONGetObjectItem for a possible NULL value in case of an error. A compromised agent can cause a crash of analysisd by...

CVE-2025-62785

Wazuh CVE-2025-62785 describes a NULL dereference in fillData() where value is not checked before os_strdup(), allowing a crafted agent message to crash analysisd and take it offline. Affected software is Wazuh (analysisd component) with vulnerability in the message handling path. The issue is fi...

EUVD-2025-31396

Malicious code in bioql PyPI...

CVE-2025-59938

Wazuh is a free and open source platform used for threat prevention, detection, and response. In versions starting from 3.8.0 to before 4.11.0, wazuh-analysisd is vulnerable to a heap buffer overflow when parsing XML elements from Windows EventChannel messages. This issue has been patched in...

CVE-2025-59938

Wazuh is a free and open source platform used for threat prevention, detection, and response. In versions starting from 3.8.0 to before 4.11.0, wazuh-analysisd is vulnerable to a heap buffer overflow when parsing XML elements from Windows EventChannel messages. This issue has been patched in...

Wazuh 安全漏洞

Wazuh is a Wazuh open source application. It is used to collect, aggregate, index and analyze security data to help organizations detect intrusions, threats and behavioral anomalies. A security vulnerability exists in Wazuh versions 3.8.0 through 4.7.2 that stems from a buffer overflow in...