VYPR

Guardian

by Nozominetworks

CVEs (37)

  • CVE-2025-40892HigDec 18, 2025
    risk 0.58cvss 8.9epss 0.00

    A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a victim can be socially…

  • CVE-2025-40898HigDec 18, 2025
    risk 0.53cvss 8.1epss 0.00

    A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files…

  • CVE-2025-3718HigOct 7, 2025
    risk 0.51cvss 7.9epss 0.00

    A client-side path traversal vulnerability was discovered in the web management interface front-end due to missing validation of an input parameter. An authenticated user with limited privileges can craft a malicious URL which, if visited by an authenticated victim, leads to a…

  • CVE-2024-0218HigApr 10, 2024
    risk 0.49cvss 7.5epss 0.01

    A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian, caused by improper input validation in certain fields used in the Radius parsing functionality of our IDS, allows an unauthenticated attacker sending specially crafted malformed network packets to cause the IDS…

  • CVE-2024-13089HigJun 10, 2025
    risk 0.47cvss 7.2epss 0.01

    An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands. Users with administrative privileges may upload update packages to upgrade the versions of Nozomi Networks Guardian…

  • CVE-2025-40904MedMay 19, 2026
    risk 0.42cvss 6.5epss 0.00

    A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malicious remote strategies containing HTML tags through the sync. When a victim views…

  • CVE-2025-40893MedDec 18, 2025
    risk 0.40cvss 6.1epss 0.00

    A Stored HTML Injection vulnerability was discovered in the Asset List functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets to inject HTML tags into asset attributes. When a victim views the…

  • CVE-2025-40903MedMay 19, 2026
    risk 0.38cvss 5.9epss 0.00

    A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious restore schedule containing HTML tags. When a victim…

  • CVE-2025-40902MedMay 19, 2026
    risk 0.38cvss 5.9epss 0.00

    A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a malicious user whose username contains HTML tags. When a victim attempts to delete…

  • CVE-2025-40901MedMay 19, 2026
    risk 0.38cvss 5.9epss 0.00

    A Stored HTML Injection vulnerability was discovered in the Credentials Manager functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious identity containing HTML tags. When a victim attempts to…

  • CVE-2025-40891MedDec 18, 2025
    risk 0.31cvss 4.7epss 0.00

    A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets at two different times to inject HTML tags into asset…

  • CVE-2025-40900MedMay 19, 2026
    risk 0.30cvss 4.6epss 0.00

    An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing an Angular template payload, or a victim can be…

  • CVE-2025-40894MedMar 4, 2026
    risk 0.29cvss 4.4epss 0.00

    A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper validation on an input parameter. A malicious authenticated user with the required privileges could edit a node label to inject HTML tags. If the system is…

  • CVE-2025-40888Oct 7, 2025
    risk 0.00cvss epss 0.00

    A SQL Injection vulnerability was discovered in the CLI functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing…

  • CVE-2025-40889Oct 7, 2025
    risk 0.00cvss epss 0.00

    A path traversal vulnerability was discovered in the Time Machine functionality due to missing validation of two input parameters. An authenticated user with limited privileges, by issuing a specifically-crafted request, can potentially alter the structure and content of files…

  • CVE-2025-40887Oct 7, 2025
    risk 0.00cvss epss 0.00

    A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing…

  • CVE-2025-40886Oct 7, 2025
    risk 0.00cvss epss 0.00

    A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SQL statements on the DBMS used by the web application, potentially exposing unauthorized…

  • CVE-2025-40885Oct 7, 2025
    risk 0.00cvss epss 0.00

    A SQL Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially…

  • CVE-2025-3719Oct 7, 2025
    risk 0.00cvss epss 0.00

    An access control vulnerability was discovered in the CLI functionality due to a specific access restriction not being properly enforced for users with limited privileges. An authenticated user with limited privileges can issue administrative CLI commands, altering the device…

  • CVE-2024-4465Sep 11, 2024
    risk 0.00cvss epss 0.00

    An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enforced for users with limited privileges. If a logged-in user with reporting privileges learns how to create a specific application request, they…

Page 1 of 2