509 matches found
Wazuh - Unsafe Deserialization Remote Code Execution
A critical Remote Code Execution RCE vulnerability exists in Wazuh server versions = 4.4.0 and = 4.4.0 and 4.9.1. The vulnerability occurs due to unsafe deserialization in the wazuh-manager package, specifically in the DistributedAPI where parameters are serialized as JSON and deserialized using...
CVE-2022-31129 vulnerabilities
Vulnerabilities for packages: wazuh-dashboard-fips, wazuh-dashboard...
GHSA-WC69-RHJR-HC9G vulnerabilities
Vulnerabilities for packages: wazuh-dashboard-fips, wazuh-dashboard...
CVE-2022-24785 vulnerabilities
Vulnerabilities for packages: wazuh-dashboard-fips, wazuh-dashboard...
GHSA-8HFJ-J24R-96C4 vulnerabilities
Vulnerabilities for packages: wazuh-dashboard-fips, wazuh-dashboard...
CVE-2026-8643 vulnerabilities
Vulnerabilities for packages: graalvm, wazuh-manager-fips...
GHSA-WF93-45JW-7689 vulnerabilities
Vulnerabilities for packages: graalvm, wazuh-manager-fips...
CVE-2026-8149 vulnerabilities
Vulnerabilities for packages: keycloak-fips, bouncycastle-fips, geoserver, opensearch, wazuh-indexer, guacamole-client...
GHSA-MX76-R943-RF8G vulnerabilities
Vulnerabilities for packages: keycloak-fips, bouncycastle-fips, geoserver, opensearch, wazuh-indexer, guacamole-client...
CVE-2026-56401
Wazuh wazuh-modulesd before 5.0.0-beta3 contains a null pointer dereference vulnerability in inventorysync FlatBuffer DataValue handling. An enrolled agent can send a verifier-valid DataValue message omitting the optional id field, causing wazuh-modulesd to crash when dereferencing...
CVE-2026-56401 Wazuh - NULL Pointer Dereference in inventory_sync DataValue FlatBuffer Handling
Wazuh wazuh-modulesd before 5.0.0-beta3 contains a null pointer dereference vulnerability in inventorysync FlatBuffer DataValue handling. An enrolled agent can send a verifier-valid DataValue message omitting the optional id field, causing wazuh-modulesd to crash when dereferencing...
EUVD-2026-42261
Wazuh wazuh-modulesd before 5.0.0-beta3 contains a null pointer dereference vulnerability in inventorysync FlatBuffer DataValue handling. An enrolled agent can send a verifier-valid DataValue message omitting the optional id field, causing wazuh-modulesd to crash when dereferencing...
CVE-2026-56401
CVE-2026-56401 affects Wazuh wazuh-modulesd (inventory_sync FlatBuffer DataValue handling). The root cause is a null pointer dereference when an attacker omits the optional id field in a verifier-valid DataValue message, causing wazuh-modulesd to crash on dereferencing data->id()->string_vi...
GHSA-H6Q6-9HQW-RWFV vulnerabilities
Vulnerabilities for packages: wazuh-dashboard-fips, wazuh-dashboard...
CVE-2021-21366 vulnerabilities
Vulnerabilities for packages: wazuh-dashboard-fips, wazuh-dashboard...
CVE-2022-39353 vulnerabilities
Vulnerabilities for packages: wazuh-dashboard-fips, wazuh-dashboard...
GHSA-CRH6-FP67-6883 vulnerabilities
Vulnerabilities for packages: wazuh-dashboard-fips, wazuh-dashboard...
GHSA-5FG8-2547-MR8Q vulnerabilities
Vulnerabilities for packages: wazuh-dashboard-fips, wazuh-dashboard...
CVE-2021-32796 vulnerabilities
Vulnerabilities for packages: wazuh-dashboard-fips, wazuh-dashboard...
CVE-2026-56761 vulnerabilities
Vulnerabilities for packages: langfuse, librechat, wazuh-dashboard, kibana, langfuse-fips...