CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

58 matches found

RedhatCVE•added 2026/03/26 3:13 p.m.•0 views

CVE-2026-25790

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, multiple stack-based buffer overflows exist in the Security Configuration Assessment SCA decoder wazuh-analysisd. The use of sprintf with a...

7.2CVSS6.3AI score0.0018EPSS

Exploits1References1

NVD•added 2026/03/17 7:16 p.m.•1 views

CVE-2026-25790

7.2CVSS0.0018EPSS

Exploits1References1

RedhatCVE•added 2025/11/26 4:56 p.m.•2 views

CVE-2025-64169

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 3.7.0 to before 4.12.0, fimalert implementation does not check whether oldsum-md5 is NULL or not before dereferencing it. A compromised agent can cause a crash of analysisd by sending a...

5.1CVSS6.8AI score0.00085EPSS

Exploits1References1

NVD•added 2025/11/21 7:16 p.m.•2 views

CVE-2025-64169

5.1CVSS0.00085EPSS

Exploits1References1

EUVD•added 2025/11/21 6:39 p.m.•1 views

EUVD-2025-198506

5.1CVSS6.3AI score0.00085EPSS

Exploits1References1

OSV•added 2025/11/21 6:39 p.m.•1 views

CVE-2025-64169 Wazuh NULL pointer dereference in fim_alert line 666

5.1CVSS6.7AI score0.00085EPSS

Exploits1References3

CVE•added 2025/11/21 6:39 p.m.•13 views

CVE-2025-64169

CVE-2025-64169 — Wazuh NULL pointer dereference in fim_alert : The issue affects Wazuh 3.7.0 up to, but not including, 4.12.0, where fim_alert() may dereference oldsum->md5 without NULL-check, potentially causing analysisd to crash when a compromised agent sends a crafted message. The vulnerab...

5.1CVSS6.5AI score0.00085EPSS

Exploits1References1Affected Software1

Cvelist•added 2025/11/21 6:39 p.m.•5 views

CVE-2025-64169 Wazuh NULL pointer dereference in fim_alert line 666

5.1CVSS0.00085EPSS

Exploits1References1

Positive Technologies•added 2025/11/21 12:0 a.m.•1 views

PT-2025-47795

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 3.7.0 to before 4.12.0, fim alert implementation does not check whether oldsum-md5 is NULL or not before dereferencing it. A compromised agent can cause a crash of analysisd by sending a...

5.1CVSS6.8AI score0.00085EPSS

Exploits1References2

RedhatCVE•added 2025/10/30 5:9 p.m.•1 views

CVE-2025-62790

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, fimfetchattributesstate implementation does not check whether timestring is NULL or not before calling strlen on it. A compromised agent can cause a crash of analysisd by sending a...

7.5CVSS6.7AI score0.00105EPSS

Exploits1References1

RedhatCVE•added 2025/10/30 5:9 p.m.•1 views

CVE-2025-62789

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, fimalert implementation does not check whether the return value of ctimer is NULL or not before calling strdup on it. A compromised agent can cause a crash of analysisd by sending a...

7.5CVSS6.7AI score0.00105EPSS

Exploits1References1

RedhatCVE•added 2025/10/30 5:9 p.m.•1 views

CVE-2025-62791

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, DecodeCiscat implementation does not check the return the value of cJSONGetObjectItem for a possible NULL value in case of an error. A compromised agent can cause a crash of analysisd by...

7.5CVSS6.7AI score0.00075EPSS

Exploits0References1

RedhatCVE•added 2025/10/30 4:18 p.m.•2 views

CVE-2025-62785

Wazuh is a free and open source platform used for threat prevention, detection, and response. fillData implementation does not check whether value is NULL or not before calling osstrdup on it. A compromised agent can cause a crash of analysisd by sending a specially crafted message to the wazuh...

7.5CVSS6.7AI score0.00105EPSS

Exploits1References1

NVD•added 2025/10/29 5:15 p.m.•1 views

CVE-2025-62791

7.5CVSS0.00075EPSS

Exploits0References1

NVD•added 2025/10/29 5:15 p.m.•1 views

CVE-2025-62790

7.5CVSS0.00105EPSS

Exploits1References1

NVD•added 2025/10/29 5:15 p.m.•1 views

CVE-2025-62789

7.5CVSS0.00105EPSS

Exploits1References1

EUVD•added 2025/10/29 4:48 p.m.•1 views

EUVD-2025-36675

6.9CVSS6.2AI score0.00075EPSS

Exploits0References1

Cvelist•added 2025/10/29 4:48 p.m.•6 views

CVE-2025-62791 Wazuh vulnerable to NULL pointer dereference in DecodeCiscat

6.9CVSS0.00075EPSS

Exploits0References1

OSV•added 2025/10/29 4:48 p.m.•1 views

CVE-2025-62791 Wazuh vulnerable to NULL pointer dereference in DecodeCiscat

6.9CVSS6.7AI score0.00075EPSS

Exploits0References3

CVE•added 2025/10/29 4:48 p.m.•7 views

CVE-2025-62791

CVE-2025-62791 (Wazuh) : Prior to 4.11.0, DecodeCiscat() does not check the return value of cJSON_GetObjectItem(), allowing a NULL dereference when handling errors. A crafted agent message to the Wazuh manager can cause analysisd to crash and become unavailable. The issue is fixed in 4.11.0. Impa...

7.5CVSS6.3AI score0.00075EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by