Vulnerabilities > Wazuh > High

DATE CVE VULNERABILITY TITLE RISK
2024-01-12 CVE-2023-42463 Unspecified vulnerability in Wazuh
Wazuh is a free and open source platform used for threat prevention, detection, and response.
local
low complexity
wazuh
7.8
2023-10-09 CVE-2023-42455 Authorization Bypass Through User-Controlled Key vulnerability in Wazuh Wazuh-Dashboard and Wazuh-Kibana-App
Wazuh is a security detection, visibility, and compliance open source project.
network
low complexity
wazuh CWE-639
8.8
2022-09-28 CVE-2022-40497 Unspecified vulnerability in Wazuh
Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Response endpoint.
network
low complexity
wazuh
8.8
2021-03-06 CVE-2021-26814 Path Traversal vulnerability in Wazuh
Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI.
network
low complexity
wazuh CWE-22
8.8
2018-11-29 CVE-2018-19666 Path Traversal vulnerability in multiple products
The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITY\SYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC server.
local
low complexity
ossec wazuh CWE-22
7.8