31 matches found
Directory Traversal
Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...
CVE-2025-62789
Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, fimalert implementation does not check whether the return value of ctimer is NULL or not before calling strdup on it. A compromised agent can cause a crash of analysisd by sending a...
CVE-2025-62787
Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.10.2, a buffer over-read occurs in DecodeWinevt when childattrp-attributesj is accessed, because the corresponding index j is incorrect. A compromised agent can cause a READ operation beyond t...
CVE-2025-62788
Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, wcopyeventforlog references memory initially allocated in OSCleanMSG after it has been freed. A compromised agent can potentially compromise the integrity of the application by sending a...
CVE-2025-62786
Wazuh is a free and open source platform used for threat prevention, detection, and response. A heap-based out-of-bounds WRITE occurs in decodewinpermissions, resulting in writing a NULL byte 2 bytes before the start of the buffer allocated to decodedit. A compromised agent can potentially levera...
CVE-2025-62792
Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.12.0, a buffer over-read occurs in wexpressionmatch when strlen is called on strtest, because the corresponding buffer is not being properly NULL terminated during its allocation in OSCleanMSG...
CVE-2025-62790
Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, fimfetchattributesstate implementation does not check whether timestring is NULL or not before calling strlen on it. A compromised agent can cause a crash of analysisd by sending a...
CVE-2025-62787
Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.10.2, a buffer over-read occurs in DecodeWinevt when childattrp-attributesj is accessed, because the corresponding index j is incorrect. A compromised agent can cause a READ operation beyond t...
EUVD-2025-36674
Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.12.0, a buffer over-read occurs in wexpressionmatch when strlen is called on strtest, because the corresponding buffer is not being properly NULL terminated during its allocation in OSCleanMSG...
CVE-2025-62792 Wazuh vulnerable to Heap-based Buffer Over-read in w_expression_match
Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.12.0, a buffer over-read occurs in wexpressionmatch when strlen is called on strtest, because the corresponding buffer is not being properly NULL terminated during its allocation in OSCleanMSG...
CVE-2025-62791 Wazuh vulnerable to NULL pointer dereference in DecodeCiscat
Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, DecodeCiscat implementation does not check the return the value of cJSONGetObjectItem for a possible NULL value in case of an error. A compromised agent can cause a crash of analysisd by...
CVE-2025-62791 Wazuh vulnerable to NULL pointer dereference in DecodeCiscat
Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, DecodeCiscat implementation does not check the return the value of cJSONGetObjectItem for a possible NULL value in case of an error. A compromised agent can cause a crash of analysisd by...
CVE-2025-62791
CVE-2025-62791 (Wazuh) : Prior to 4.11.0, DecodeCiscat() does not check the return value of cJSON_GetObjectItem(), allowing a NULL dereference when handling errors. A crafted agent message to the Wazuh manager can cause analysisd to crash and become unavailable. The issue is fixed in 4.11.0. Impa...
CVE-2025-62790 Wazuh vulnerable to NULL pointer dereference in fim_fetch_attributes_state
Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, fimfetchattributesstate implementation does not check whether timestring is NULL or not before calling strlen on it. A compromised agent can cause a crash of analysisd by sending a...
CVE-2025-62790 Wazuh vulnerable to NULL pointer dereference in fim_fetch_attributes_state
Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, fimfetchattributesstate implementation does not check whether timestring is NULL or not before calling strlen on it. A compromised agent can cause a crash of analysisd by sending a...
CVE-2025-62790
Wazuh before version 4.11.0 is vulnerable to a NULL pointer/NULL string dereference in fim_fetch_attributes_state(), where time_string is not checked for NULL before calling strlen(). A crafted agent message to the Wazuh manager can crash analysisd, causing denial of service and unavailability of...
CVE-2025-62789 Wazuh vulnerable to NULL pointer dereference in fim_alert line 712
Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, fimalert implementation does not check whether the return value of ctimer is NULL or not before calling strdup on it. A compromised agent can cause a crash of analysisd by sending a...
CVE-2025-62788 Wazuh Vulnerable to Heap Use After Free in w_copy_event_for_log
Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, wcopyeventforlog references memory initially allocated in OSCleanMSG after it has been freed. A compromised agent can potentially compromise the integrity of the application by sending a...
CVE-2025-62788
Summary: CVE-2025-62788 affects Wazuh versions prior to 4.11.0. The vulnerability is a heap use-after-free in w_copy_event_for_log() where memory allocated in OS_CleanMSG() is referenced after it has been freed. A compromised or attacker-controlled agent can craft and send a message to the Wazuh ...
EUVD-2025-36678
Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, wcopyeventforlog references memory initially allocated in OSCleanMSG after it has been freed. A compromised agent can potentially compromise the integrity of the application by sending a...