|
181
|
4.4 |
MEDIUM
Local
|
-
|
-
|
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 1.0.0 to before version 4.14.4, a heap-based out-of-bounds WRITE occurs in GetAlertData, res…
New
|
CWE-124
CWE-191
Buffer Underflow
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-26204
|
2026-05-1 00:11 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
182
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, Wazuh's server API brute-force protection for POST /security…
New
|
CWE-307
CWE-362
CWE-367
mproper Restriction of Excessive Authentication Attempts
Race Condition
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-26206
|
2026-05-1 00:11 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
183
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.8.0 to before version 4.14.4, a stack-based buffer overflow exists in print_hex_string() i…
New
|
CWE-121
CWE-400
Stack-based Buffer Overflow
Uncontrolled Resource Consumption
|
CVE-2026-28221
|
2026-05-1 00:11 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
184
|
9.0 |
CRITICAL
Network
|
-
|
-
|
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.4.0 to before version 4.14.4, a path traversal vulnerability in Wazuh's cluster synchroniz…
New
|
CWE-22
CWE-73
Path Traversal
External Control of File Name or Path
|
CVE-2026-30893
|
2026-05-1 00:11 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
185
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, multiple heap-based out-of-bounds WRITE vulnerabilities exis…
New
|
CWE-124
CWE-191
Buffer Underflow
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-41499
|
2026-05-1 00:11 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
186
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send…
New
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2018-25316
|
2026-05-1 00:11 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
187
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Tenda W3002R/A302/W309R wireless routers version V5.07.64_en contain a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient se…
New
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2018-25317
|
2026-05-1 00:11 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
188
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Tenda FH303/A300 firmware V5.07.68_EN contains a session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient cookie validation. Attackers ca…
New
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2018-25318
|
2026-05-1 00:11 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
189
|
5.5 |
MEDIUM
Local
|
-
|
-
|
ICMPv6 PvD protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
New
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-5299
|
2026-05-1 00:10 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
190
|
5.5 |
MEDIUM
Local
|
-
|
-
|
AFP Spotlight protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
New
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-5401
|
2026-05-1 00:10 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
