CVE-2026-39911

<= 3.5.0

Hashgraph Guardian through version 3.5.1, fixed in commit 45fbe2f, contains an unsandboxed JavaScript execution vulnerability in t

8.8HIGH

CVE-2025-40894

< 25.6.0

A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper validation on an

4.4MEDIUM

CVE-2025-40898

< 25.5.0

A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the i

8.1HIGH

CVE-2025-40893

< 25.5.0

A Stored HTML Injection vulnerability was discovered in the Asset List functionality due to improper validation of network traffic

6.1MEDIUM

CVE-2025-40892

< 25.5.0

A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input par

8.9HIGH

CVE-2025-40891

< 25.5.0

A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of

4.7MEDIUM

CVE-2025-40889

< 25.2.0

A path traversal vulnerability was discovered in the Time Machine functionality due to missing validation of two input parameters.

8.1HIGH

CVE-2025-40888

< 25.3.0

A SQL Injection vulnerability was discovered in the CLI functionality due to improper validation of an input parameter. An authent

5.3MEDIUM

CVE-2025-40887

< 25.2.0

A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authe

5.3MEDIUM

CVE-2025-40886

< 25.2.0

A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authe

7.5HIGH

CVE-2025-40885

< 25.2.0

A SQL Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter.

5.3MEDIUM

CVE-2025-3719

< 25.2.0

An access control vulnerability was discovered in the CLI functionality due to a specific access restriction not being properly en

8.1HIGH

CVE-2025-3718

< 25.2.0

A client-side path traversal vulnerability was discovered in the web management interface front-end due to missing validation of a

7.9HIGH

CVE-2024-4465

< 24.2.0

An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enfo

6.0MEDIUM

CVE-2023-22836

< 2.278.0

In cases where a multi-tenant stack user is operating Foundry’s Linter service, and the user changes a group name from the defau

3.5LOW

CVE-2023-5253

< 23.3.0

A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and C

5.3MEDIUM

CVE-2023-32649

>= 22.6.0 and < 22.6.3

A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields us

7.5HIGH

CVE-2023-2567

< 22.6.3

A SQL Injection vulnerability has been found in Nozomi Networks Guardian and CMC, due to improper input validation in certain para

8.8HIGH

CVE-2023-29245

>= 22.6.0 and < 22.6.3

A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the

8.1HIGH

CVE-2023-24015

< 22.6.2

A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a repo

4.3MEDIUM

CVE-2023-23903

< 22.6.2

An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the c

4.9MEDIUM

CVE-2023-24471

< 22.6.2

An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in the

6.5MEDIUM

CVE-2023-23574

< 22.6.2

A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_count comp

8.8HIGH

CVE-2023-22843

< 22.6.2

An authenticated attacker with administrative access to the web management interface can inject malicious JavaScript code inside t

6.4MEDIUM

CVE-2023-22378

< 22.6.2

A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter

8.8HIGH

CVE-2023-24477

< 22.6.2

In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC versions before 22.6.2 do not alw

7.0HIGH

CVE-2022-4259

< 22.5.2

Due to improper input validation in the Alerts controller, a SQL injection vulnerability in Nozomi Networks Guardian and CMC allow

8.8HIGH

CVE-2022-0551

< 22.0.0

Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacke

7.2HIGH

CVE-2022-0550

< 22.0.0

Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an authenticated

7.2HIGH

CVE-2021-26725

>= 19.0.0 and < 19.0.12

Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated adminis

7.2HIGH

CVE-2021-26724

>= 19.0.0 and < 19.0.12

OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allow

7.2HIGH

CVE-2020-7049

< 19.0.4

Nozomi Networks OS before 19.0.4 allows /#/network?tab=network_node_list.html CSV Injection.

7.3HIGH

CVE-2020-15307

< 19.0.4

Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS (in the web front end) by leveraging the ability to create a

6.1MEDIUM