CVE-2026-41499

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, multiple heap-based out-of-bounds WRITE vulnerabilities exist in parseunamestring remotedop.c. This function processes OS identification data from agents and...

CVE-2026-25770

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, a privilege escalation vulnerability exists in the Wazuh Manager's cluster synchronization protocol. The wazuh-clusterd service allows authenticated...

CVE-2026-25790

CVE-2026-25790 affects Wazuh prior to 4.14.3 (from 3.9.0 up to but excluding 4.14.3). The issue is a stack-based buffer overflow in the Security Configuration Assessment (SCA) decoder used by wazuh-analysisd, caused by unbounded use of sprintf with a floating-point value into a 128-byte stack buf...

CVE-2026-25771

Wazuh vulnerability CVE-2026-25771 affects versions 4.3.0 through prior to 4.14.3. The DoS arises in the API authentication middleware: the async Starlette/Asyncio loop calls a synchronous generate_keypair function that performs blocking disk I/O on every request with a Bearer token, allowing an ...

CVE-2026-25770

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, a privilege escalation vulnerability exists in the Wazuh Manager's cluster synchronization protocol. The wazuh-clusterd service allows authenticated...

CVE-2026-25769

Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.0.0 through 4.14.2 have a Remote Code Execution RCE vulnerability due to Deserialization of Untrusted Data. All Wazuh deployments using cluster mode master/worker architecture and any...

GHSA-4JRW-64VR-7G8M Apache Camel camel-neo4j component is vulnerable to cypher injection

Cypher Injection vulnerability in Apache Camel camel-neo4j component. This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0 Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0...

Apache Camel camel-neo4j component is vulnerable to cypher injection

Cypher Injection vulnerability in Apache Camel camel-neo4j component. This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0 Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0...

WordPress ProfilePress Plugin <= 4.14.3 is vulnerable to Cross Site Scripting (XSS)

Software ProfilePress Type Plugin Vulnerable versions = 4.14.3 Fixed in 4.14.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1046 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 32548a65a82c Credits Ngô Thiên An ancorn...

WordPress Pinterest Automatic Pin plugin <= 4.14.3 - Unauthenticated Arbitrary WordPress Options Change vulnerability

Unauthenticated Arbitrary WordPress Options Change vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Pinterest Automatic Pin plugin versions = 4.14.3. Solution Update the WordPress Pinterest Automatic Pin plugin to the latest available version at least 4.14.4...

DEBIAN-CVE-2017-18203

The dmgetfromkobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service BUG by leveraging a race condition with dmdestroy during creation and removal of DM devices...

Linux kernel memory misreference vulnerability (CNVD-2018-00233)

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A memory misreference vulnerability exists in the dccpdisconnect function in net/dccp/proto.c in 4.14.3 and earlier...