Nozomi Networks — Vulnerabilities & Security Advisories 43

Browse all 43 CVE security advisories affecting Nozomi Networks. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Nozomi Networks:Guardian Arc CMC

CVE ID	Title	CVSS	Severity	Published
CVE-2025-40899	Stored Cross-Site Scripting (XSS) in Assets and Nodes in Guardian/CMC before 26.0.0 — GuardianCWE-79	8.9	High	2026-04-15
CVE-2025-40897	Incorrect authorization for Threat Intelligence in Guardian/CMC before 26.0.0 — GuardianCWE-863	8.1	High	2026-04-15
CVE-2025-40896	Lack of TLS certificate validation when connecting Arc to a Guardian or CMC, in Arc before v2.2.0 — ArcCWE-295	6.5	Medium	2026-03-04
CVE-2025-40895	HTML injection in Sensor Map in CMC before 25.6.0 — CMCCWE-79	4.8	Medium	2026-03-04
CVE-2025-40894	HTML injection in Alerted Nodes Dashboard in Guardian/CMC before 25.6.0 — GuardianCWE-79	4.4	Medium	2026-03-04
CVE-2025-40898	Path traversal in Import Arc data archive functionality in Guardian/CMC before 25.5.0 — GuardianCWE-22	8.1	High	2025-12-18
CVE-2025-40893	HTML injection in Asset List in Guardian/CMC before 25.5.0 — GuardianCWE-79	6.1	Medium	2025-12-18
CVE-2025-40892	Stored Cross-Site Scripting (XSS) in Reports in Guardian/CMC before 25.5.0 — GuardianCWE-79	8.9	High	2025-12-18
CVE-2025-40891	HTML injection in in Time Machine functionality in Guardian/CMC before 25.5.0 — GuardianCWE-79	4.7	Medium	2025-12-18
CVE-2025-40890	Stored Cross-Site Scripting (XSS) in Dashboards in Guardian/CMC before 25.4.0 — GuardianCWE-79	7.9	High	2025-11-25
CVE-2025-40888	Authenticated SQL Injection on CLI functionality in Guardian/CMC before 25.3.0 — GuardianCWE-89	5.3	Medium	2025-10-07
CVE-2025-40889	Path traversal in Time Machine functionality in Guardian/CMC before 25.2.0 — GuardianCWE-22	8.1	High	2025-10-07
CVE-2025-40887	Authenticated SQL Injection on Alert functionality in Guardian/CMC before 25.2.0 — GuardianCWE-89	5.3	Medium	2025-10-07
CVE-2025-40886	Authenticated SQL Injection on Alert functionality in Guardian/CMC before 25.2.0 — GuardianCWE-89	7.5	High	2025-10-07
CVE-2025-40885	Authenticated SQL Injection on Smart Polling functionality in Guardian/CMC before 25.2.0 — GuardianCWE-89	5.3	Medium	2025-10-07
CVE-2025-3719	Incorrect authorization for CLI in Guardian/CMC before 25.2.0 — GuardianCWE-863	8.1	High	2025-10-07
CVE-2025-3718	Client-side path traversal in Guardian/CMC before 25.2.0 — GuardianCWE-22	7.9	High	2025-10-07
CVE-2025-1501	Incorrect authorization for traces request/download in CMC before 25.1.0 — CMCCWE-863	4.3	Medium	2025-08-26
CVE-2024-13090	Privilege escalation in Guardian/CMC before 24.6.0 — GuardianCWE-250	7.0	High	2025-06-10
CVE-2024-13089	Authenticated RCE in update functionality in Guardian/CMC before 24.6.0 — GuardianCWE-78	7.2	High	2025-06-10
CVE-2024-4465	Incorrect authorization for Reports configuration in Guardian/CMC before 24.2.0 — GuardianCWE-863	6.0	Medium	2024-09-11
CVE-2023-5938	Path traversal via 'zip slip' in Arc before v1.6.0 — ArcCWE-22	8.0	High	2024-05-15
CVE-2023-5937	Sensitive data exfiltration via unsafe permissions on Windows systems in Arc before v1.6.0 — ArcCWE-538	3.8	Low	2024-05-15
CVE-2023-5936	Unsafe temporary data privileges on Unix systems in Arc before v1.6.0 — ArcCWE-732	7.8	High	2024-05-15
CVE-2023-5935	Missing authentication for local web interface in Arc before v1.6.0 — ArcCWE-306	7.4	High	2024-05-15
CVE-2024-0218	DoS on IDS parsing of malformed Radius packets in Guardian before 23.4.1 — GuardianCWE-1286	7.5	High	2024-04-10
CVE-2023-6916	Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1 — GuardianCWE-201	7.2	High	2024-04-10
CVE-2023-5253	Check Point IoT integration: WebSocket returns assets data without authentication in Guardian/CMC before 23.3.0 — GuardianCWE-306	5.3	Medium	2024-01-15
CVE-2023-32649	DoS on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0 — GuardianCWE-1286	7.5	High	2023-09-19
CVE-2023-29245	SQL Injection on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0 — GuardianCWE-89	8.1	High	2023-09-19

This page lists every published CVE security advisory associated with Nozomi Networks. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

Nozomi Networks — Vulnerabilities & Security Advisories 43