Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wazuh — Vulnerabilities & Security Advisories 34

Browse all 34 CVE security advisories affecting wazuh. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by wazuh:wazuhwazuh-managerwazuh-kibana-appWazuh Agentwazuh-dashboard-pluginswazuh-agentWazuh (GitHub Actions)Wazuh Provisioning Scripts (Agent Build Environment)
CVE IDTitleCVSSSeverityPublished
CVE-2025-15612 Wazuh Provisioning Scripts / Build Infrastructure Improper Certificate Validation leading to MITM and RCE — Wazuh Provisioning Scripts (Agent Build Environment)CWE-295 4.8 Medium2026-03-27
CVE-2025-15617 Wazuh GitHub Actions Workflow Exposure of Sensitive Credentials — Wazuh (GitHub Actions)CWE-522 6.5 Medium2026-03-27
CVE-2025-15616 Wazuh Agent and Manager OS Command Injection and Untrusted Search Path — wazuh-agentCWE-94 6.7 Medium2026-03-27
CVE-2025-15615 Wazuh Manager authd service Improper SSL/TLS Renegotiation Handling leading to Denial of Service — wazuh-managerCWE-276 6.5 Medium2026-03-27
CVE-2023-7340 Wazuh authd service (os_auth) Heap-based Buffer Overflow — WazuhCWE-125 3.1 Low2026-03-27
CVE-2026-32983 SSL/TLS Renegotiation DoS in Wazuh Manager authd service — wazuh-managerCWE-276 6.5 Medium2026-03-27
CVE-2026-32984 Heap buffer overflow in wazuh-authd — WazuhCWE-125 3.5 Low2026-03-27
CVE-2026-25790 Wazuh has Stack-Based Buffer Overflow in Security Configuration Assessment JSON Parser — wazuhCWE-121 4.9 Medium2026-03-17
CVE-2026-25772 Wazuh Database Synchronization Vulnerable to Stack-based Buffer Overflow via snprintf Integer Underflow — wazuhCWE-121 4.9 Medium2026-03-17
CVE-2026-25771 Wazuh Vulnerable to Denial of Service via Synchronous I/O Blocking in Asynchronous Authentication Middleware — wazuhCWE-400 5.3 Medium2026-03-17
CVE-2026-25770 Wazuh has Privilege Escalation to Root via Cluster Protocol File Write — wazuhCWE-22 9.1 Critical2026-03-17
CVE-2026-25769 Wazuh Cluster vulnerable to Remote Code Execution via Insecure Deserialization — wazuhCWE-502 9.1 Critical2026-03-17
CVE-2025-64169 Wazuh NULL pointer dereference in fim_alert line 666 — wazuhCWE-252 7.5 -2025-11-21
CVE-2025-54866 Wazuh installation fails to protected authd.pass on Windows — wazuhCWE-276 7.1 -2025-11-21
CVE-2025-30201 Wazuh NetNTLMv2 Hash Theft In Multiple Centralized Configuration Capabilities — wazuhCWE-73 7.7 High2025-11-21
CVE-2025-64483 Wazuh API – Agent Configuration Has Improper Access Control in Agent Enrollment Endpoint — wazuh-dashboard-pluginsCWE-284 8.8 -2025-11-21
CVE-2025-62792 Wazuh vulnerable to Heap-based Buffer Over-read in w_expression_match — wazuhCWE-126 7.5AIHighAI2025-10-29
CVE-2025-62791 Wazuh vulnerable to NULL pointer dereference in DecodeCiscat — wazuhCWE-252 7.5AIHighAI2025-10-29
CVE-2025-62790 Wazuh vulnerable to NULL pointer dereference in fim_fetch_attributes_state — wazuhCWE-476 7.5AIHighAI2025-10-29
CVE-2025-62789 Wazuh vulnerable to NULL pointer dereference in fim_alert line 712 — wazuhCWE-252 7.5AIHighAI2025-10-29
CVE-2025-62788 Wazuh Vulnerable to Heap Use After Free in w_copy_event_for_log — wazuhCWE-416 9.1AICriticalAI2025-10-29
CVE-2025-62787 Wazuh Vulnerable to Heap-based Buffer Over-read in DecodeWinevt — wazuhCWE-126 7.5AIHighAI2025-10-29
CVE-2025-62786 Wazuh Vulnerable to Heap-based Buffer Out-Of-Bounds WRITE in decode_win_permissions — wazuhCWE-124 9.8AICriticalAI2025-10-29
CVE-2025-62785 Wazuh fillData NULL pointer dereference causes analysisd crash — wazuhCWE-252 7.5AIHighAI2025-10-29
CVE-2025-59938 Heap buffer overflow in wazuh-analysisd — wazuhCWE-122 6.5 Medium2025-09-27
CVE-2024-1243 Remote code execution and local privilege escalation in Wazuh Windows agent via NetNTLMv2 hash theft — Wazuh AgentCWE-73 9.8AICriticalAI2025-06-11
CVE-2025-24016 Remote code execution in Wazuh server — wazuhCWE-502 9.9 Critical2025-02-10
CVE-2024-35177 Improper Access Control in wazuh-agent — wazuhCWE-284 7.8 High2025-02-03
CVE-2024-47770 Ability to view Agent list with no privilege access in wazuh-dashboard — wazuhCWE-269 4.6 Medium2025-02-03
CVE-2024-32038 Wazuh Analysis Engine Event Decoder Heap-based Buffer Overflow Remote Code Execution Vulnerability — wazuhCWE-122 9.8 Critical2024-04-19

This page lists every published CVE security advisory associated with wazuh. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.