Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Guardian — Vulnerabilities & Security Advisories 36

All 36 CVE vulnerabilities found in Guardian, with AI-generated Chinese analysis, references, and POCs.

Vendor: Nozomi Networks

CVE IDTitleCVSSSeverityPublished
CVE-2025-40899 Stored Cross-Site Scripting (XSS) in Assets and Nodes in Guardian/CMC before 26.0.0 CWE-79 8.9 High2026-04-15
CVE-2025-40897 Incorrect authorization for Threat Intelligence in Guardian/CMC before 26.0.0 CWE-863 8.1 High2026-04-15
CVE-2026-39911 Hashgraph Guardian 3.5.0 Unsandboxed JavaScript Execution RCE CWE-668 8.8 High2026-04-09
CVE-2025-40894 HTML injection in Alerted Nodes Dashboard in Guardian/CMC before 25.6.0 CWE-79 4.4 Medium2026-03-04
CVE-2025-40898 Path traversal in Import Arc data archive functionality in Guardian/CMC before 25.5.0 CWE-22 8.1 High2025-12-18
CVE-2025-40893 HTML injection in Asset List in Guardian/CMC before 25.5.0 CWE-79 6.1 Medium2025-12-18
CVE-2025-40892 Stored Cross-Site Scripting (XSS) in Reports in Guardian/CMC before 25.5.0 CWE-79 8.9 High2025-12-18
CVE-2025-40891 HTML injection in in Time Machine functionality in Guardian/CMC before 25.5.0 CWE-79 4.7 Medium2025-12-18
CVE-2025-40890 Stored Cross-Site Scripting (XSS) in Dashboards in Guardian/CMC before 25.4.0 CWE-79 7.9 High2025-11-25
CVE-2025-40888 Authenticated SQL Injection on CLI functionality in Guardian/CMC before 25.3.0 CWE-89 5.3 Medium2025-10-07
CVE-2025-40889 Path traversal in Time Machine functionality in Guardian/CMC before 25.2.0 CWE-22 8.1 High2025-10-07
CVE-2025-40887 Authenticated SQL Injection on Alert functionality in Guardian/CMC before 25.2.0 CWE-89 5.3 Medium2025-10-07
CVE-2025-40886 Authenticated SQL Injection on Alert functionality in Guardian/CMC before 25.2.0 CWE-89 7.5 High2025-10-07
CVE-2025-40885 Authenticated SQL Injection on Smart Polling functionality in Guardian/CMC before 25.2.0 CWE-89 5.3 Medium2025-10-07
CVE-2025-3719 Incorrect authorization for CLI in Guardian/CMC before 25.2.0 CWE-863 8.1 High2025-10-07
CVE-2025-3718 Client-side path traversal in Guardian/CMC before 25.2.0 CWE-22 7.9 High2025-10-07
CVE-2024-13090 Privilege escalation in Guardian/CMC before 24.6.0 CWE-250 7.0 High2025-06-10
CVE-2024-13089 Authenticated RCE in update functionality in Guardian/CMC before 24.6.0 CWE-78 7.2 High2025-06-10
CVE-2024-4465 Incorrect authorization for Reports configuration in Guardian/CMC before 24.2.0 CWE-863 6.0 Medium2024-09-11
CVE-2024-0218 DoS on IDS parsing of malformed Radius packets in Guardian before 23.4.1 CWE-1286 7.5 High2024-04-10
CVE-2023-6916 Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1 CWE-201 7.2 High2024-04-10
CVE-2023-5253 Check Point IoT integration: WebSocket returns assets data without authentication in Guardian/CMC before 23.3.0 CWE-306 5.3 Medium2024-01-15
CVE-2023-32649 DoS on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0 CWE-1286 7.5 High2023-09-19
CVE-2023-29245 SQL Injection on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0 CWE-89 8.1 High2023-09-19
CVE-2023-2567 Authenticated SQL Injection on Query functionality in Guardian/CMC before 22.6.3 and 23.1.0 CWE-89 8.8 High2023-09-19
CVE-2023-23903 DoS via SAML configuration in Guardian/CMC before 22.6.2 CWE-1286 4.9 Medium2023-08-09
CVE-2023-24015 Partial DoS on Reports section due to null report name in Guardian/CMC before 22.6.2 CWE-1286 4.3 Medium2023-08-09
CVE-2023-24471 Information disclosure via the debug function in assertions in Guardian/CMC before 22.6.2 CWE-863 6.5 Medium2023-08-09
CVE-2023-22843 Stored Cross-Site Scripting (XSS) in Threat Intelligence rules in Guardian/CMC before 22.6.2 CWE-79 6.4 Medium2023-08-09
CVE-2023-23574 Authenticated Blind SQL Injection on alerts count in Guardian/CMC before 22.6.2 CWE-89 8.8 High2023-08-09

All 36 known CVE vulnerabilities affecting Guardian with full Chinese analysis, references, and POCs where available.