VYPR

Vendor CVEs

Nozominetworks

All CVEs

42 total · sorted by risk
  • CVE-2025-40892HigDec 18, 2025
    risk 0.58cvss 8.9epss 0.00

    A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a victim can be socially…

  • CVE-2025-40897HigApr 15, 2026
    risk 0.53cvss 8.1epss 0.00

    An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality…

  • CVE-2025-40898HigDec 18, 2025
    risk 0.53cvss 8.1epss 0.00

    A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files…

  • CVE-2025-41278HigMay 29, 2026
    risk 0.51cvss 7.8epss 0.00

    Nozomi Networks Labs identified a CWE-125: Out-of-bounds Read in Waterfall WF-500 RX Host in version 7.10.0.0 R2601141040 that allows attackers with access to the TX Host to execute code on the RX Host.

  • CVE-2025-3718HigOct 7, 2025
    risk 0.51cvss 7.9epss 0.00

    A client-side path traversal vulnerability was discovered in the web management interface front-end due to missing validation of an input parameter. An authenticated user with limited privileges can craft a malicious URL which, if visited by an authenticated victim, leads to a…

  • CVE-2024-0218HigApr 10, 2024
    risk 0.49cvss 7.5epss 0.01

    A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian, caused by improper input validation in certain fields used in the Radius parsing functionality of our IDS, allows an unauthenticated attacker sending specially crafted malformed network packets to cause the IDS…

  • CVE-2024-13089HigJun 10, 2025
    risk 0.47cvss 7.2epss 0.01

    An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands. Users with administrative privileges may upload update packages to upgrade the versions of Nozomi Networks Guardian…

  • CVE-2025-40904MedMay 19, 2026
    risk 0.42cvss 6.5epss 0.00

    A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malicious remote strategies containing HTML tags through the sync. When a victim views…

  • CVE-2025-40893MedDec 18, 2025
    risk 0.40cvss 6.1epss 0.00

    A Stored HTML Injection vulnerability was discovered in the Asset List functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets to inject HTML tags into asset attributes. When a victim views the…

  • CVE-2025-40903MedMay 19, 2026
    risk 0.38cvss 5.9epss 0.00

    A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious restore schedule containing HTML tags. When a victim…

  • CVE-2025-40902MedMay 19, 2026
    risk 0.38cvss 5.9epss 0.00

    A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a malicious user whose username contains HTML tags. When a victim attempts to delete…

  • CVE-2025-40901MedMay 19, 2026
    risk 0.38cvss 5.9epss 0.00

    A Stored HTML Injection vulnerability was discovered in the Credentials Manager functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious identity containing HTML tags. When a victim attempts to…

  • CVE-2025-40891MedDec 18, 2025
    risk 0.31cvss 4.7epss 0.00

    A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets at two different times to inject HTML tags into asset…

  • CVE-2025-40900MedMay 19, 2026
    risk 0.30cvss 4.6epss 0.00

    An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing an Angular template payload, or a victim can be…

  • CVE-2025-40894MedMar 4, 2026
    risk 0.29cvss 4.4epss 0.00

    A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper validation on an input parameter. A malicious authenticated user with the required privileges could edit a node label to inject HTML tags. If the system is…

  • CVE-2025-1501MedAug 26, 2025
    risk 0.28cvss 4.3epss 0.00

    An access control vulnerability was discovered in the Request Trace and Download Trace functionalities of CMC before 25.1.0 due to a specific access restriction not being properly enforced for users with limited privileges. An authenticated user with limited privileges can…

  • CVE-2025-40895Mar 4, 2026
    risk 0.00cvss epss 0.00

    A Stored HTML Injection vulnerability was discovered in the CMC's Sensor Map functionality due to improper validation on connected Guardians' properties. A malicious authenticated user with administrator privileges on a Guardian connected to a CMC can edit the Guardian's…

  • CVE-2025-40888Oct 7, 2025
    risk 0.00cvss epss 0.00

    A SQL Injection vulnerability was discovered in the CLI functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing…

  • CVE-2025-40889Oct 7, 2025
    risk 0.00cvss epss 0.00

    A path traversal vulnerability was discovered in the Time Machine functionality due to missing validation of two input parameters. An authenticated user with limited privileges, by issuing a specifically-crafted request, can potentially alter the structure and content of files…

  • CVE-2025-40887Oct 7, 2025
    risk 0.00cvss epss 0.00

    A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing…

  • CVE-2025-40886Oct 7, 2025
    risk 0.00cvss epss 0.00

    A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SQL statements on the DBMS used by the web application, potentially exposing unauthorized…

  • CVE-2025-40885Oct 7, 2025
    risk 0.00cvss epss 0.00

    A SQL Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially…

  • CVE-2025-3719Oct 7, 2025
    risk 0.00cvss epss 0.00

    An access control vulnerability was discovered in the CLI functionality due to a specific access restriction not being properly enforced for users with limited privileges. An authenticated user with limited privileges can issue administrative CLI commands, altering the device…

  • CVE-2024-4465Sep 11, 2024
    risk 0.00cvss epss 0.00

    An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enforced for users with limited privileges. If a logged-in user with reporting privileges learns how to create a specific application request, they…

  • CVE-2023-5253Jan 15, 2024
    risk 0.00cvss epss 0.00

    A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication. Malicious unauthenticated users with knowledge on the…

  • CVE-2023-32649Sep 19, 2023
    risk 0.00cvss epss 0.01

    A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unauthenticated attacker to crash the IDS module by sending specially crafted…

  • CVE-2023-29245Sep 19, 2023
    risk 0.00cvss epss 0.01

    A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, may allow an unauthenticated attacker to execute arbitrary SQL statements on the DBMS used by the web…

  • CVE-2023-2567Sep 19, 2023
    risk 0.00cvss epss 0.01

    A SQL Injection vulnerability has been found in Nozomi Networks Guardian and CMC, due to improper input validation in certain parameters used in the Query functionality. Authenticated users may be able to execute arbitrary SQL statements on the DBMS used by the web application.

  • CVE-2023-23903Aug 9, 2023
    risk 0.00cvss epss 0.01

    An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return an error. The whole application in rendered unusable until a console…

  • CVE-2023-24015Aug 9, 2023
    risk 0.00cvss epss 0.00

    A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null. The reports section will be partially unavailable for all later attempts to use it, with the report list…

  • CVE-2023-24471Aug 9, 2023
    risk 0.00cvss epss 0.00

    An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in their debug functionality. An authenticated user with reduced visibility can obtain unauthorized information via the debug functionality, obtaining…

  • CVE-2023-22843Aug 9, 2023
    risk 0.00cvss epss 0.00

    An authenticated attacker with administrative access to the web management interface can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will be stored and can later be executed by another legitimate user viewing the details of such a…

  • CVE-2023-23574Aug 9, 2023
    risk 0.00cvss epss 0.01

    A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_count component, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. Authenticated users may be able…

  • CVE-2023-22378Aug 9, 2023
    risk 0.00cvss epss 0.01

    A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. Authenticated users may be able to…

  • CVE-2023-24477Aug 9, 2023
    risk 0.00cvss epss 0.00

    In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC versions before 22.6.2 do not always completely invalidate the user session upon logout. Thus an authenticated local attacker may gain acces to the original user's session.

  • CVE-2022-4259May 4, 2023
    risk 0.00cvss epss 0.01

    Due to improper input validation in the Alerts controller, a SQL injection vulnerability in Nozomi Networks Guardian and CMC allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.

  • CVE-2020-6220Jun 6, 2022
    risk 0.00cvss epss 0.00

    BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Exploit is possible only when the bttoken in victim’s session is active.

  • CVE-2022-0551Mar 24, 2022
    risk 0.00cvss epss 0.01

    Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi…

  • CVE-2022-0550Mar 24, 2022
    risk 0.00cvss epss 0.01

    Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an authenticated attacker with admin or report manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects:…

  • CVE-2021-26724Feb 22, 2021
    risk 0.00cvss epss 0.03

    OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior…

  • CVE-2021-26725Feb 22, 2021
    risk 0.00cvss epss 0.01

    Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to read-protected system files. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC…

  • CVE-2020-15307Jun 30, 2020
    risk 0.00cvss epss 0.01

    Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS (in the web front end) by leveraging the ability to create a custom field with a crafted field name.