Vulnerabilities > Wazuh > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-12 | CVE-2023-42463 | Stack-based Buffer Overflow vulnerability in Wazuh Wazuh is a free and open source platform used for threat prevention, detection, and response. | 7.8 |
| 2023-10-09 | CVE-2023-42455 | Authorization Bypass Through User-Controlled Key vulnerability in Wazuh Wazuh-Dashboard and Wazuh-Kibana-App Wazuh is a security detection, visibility, and compliance open source project. | 8.8 |
| 2022-09-28 | CVE-2022-40497 | Unspecified vulnerability in Wazuh Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Response endpoint. | 8.8 |
| 2021-03-06 | CVE-2021-26814 | Path Traversal vulnerability in Wazuh Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. | 8.8 |
| 2018-11-29 | CVE-2018-19666 | Path Traversal vulnerability in multiple products The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITY\SYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC server. | 7.8 |