Every CVE whose affected-product data names Nozominetworks Cmc, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (33)
CVE-2025-40892 — CVSS 8.9 (high): A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter…
CVE-2023-23574 — CVSS 8.8 (high): A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_count component…
CVE-2022-4259 — CVSS 8.8 (high): Due to improper input validation in the Alerts controller, a SQL injection vulnerability in Nozomi Networks Guardian and CMC allows an…
CVE-2023-22378 — CVSS 8.8 (high): A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows…
CVE-2023-2567 — CVSS 8.8 (high): A SQL Injection vulnerability has been found in Nozomi Networks Guardian and CMC, due to improper input validation in certain parameters…
CVE-2023-29245 — CVSS 8.1 (high): A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset…
CVE-2025-40898 — CVSS 8.1 (high): A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input…
CVE-2025-40889 — CVSS 8.1 (high): A path traversal vulnerability was discovered in the Time Machine functionality due to missing validation of two input parameters. An…
CVE-2025-3719 — CVSS 8.1 (high): An access control vulnerability was discovered in the CLI functionality due to a specific access restriction not being properly enforced…
CVE-2025-3718 — CVSS 7.9 (high): A client-side path traversal vulnerability was discovered in the web management interface front-end due to missing validation of an input…
CVE-2023-32649 — CVSS 7.5 (high): A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the…
CVE-2025-40886 — CVSS 7.5 (high): A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated…
CVE-2022-0550 — CVSS 7.2 (high): Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an authenticated attacker…
CVE-2022-0551 — CVSS 7.2 (high): Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with…
CVE-2023-24477 — CVSS 7.0 (high): In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC versions before 22.6.2 do not always…
CVE-2025-40904 — CVSS 6.5 (medium): A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter…
CVE-2023-24471 — CVSS 6.5 (medium): An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in their debug…
CVE-2023-22843 — CVSS 6.4 (medium): An authenticated attacker with administrative access to the web management interface can inject malicious JavaScript code inside the…
CVE-2025-40893 — CVSS 6.1 (medium): A Stored HTML Injection vulnerability was discovered in the Asset List functionality due to improper validation of network traffic data. An…
CVE-2024-4465 — CVSS 6.0 (medium): An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enforced for…
CVE-2025-40901 — CVSS 5.9 (medium): A Stored HTML Injection vulnerability was discovered in the Credentials Manager functionality due to improper validation of an input…
CVE-2025-40903 — CVSS 5.9 (medium): A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input…
CVE-2025-40902 — CVSS 5.9 (medium): A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An…
CVE-2025-40888 — CVSS 5.3 (medium): A SQL Injection vulnerability was discovered in the CLI functionality due to improper validation of an input parameter. An authenticated…
CVE-2025-40887 — CVSS 5.3 (medium): A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated…
CVE-2025-40885 — CVSS 5.3 (medium): A SQL Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An…
CVE-2023-5253 — CVSS 5.3 (medium): A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may…
CVE-2023-23903 — CVSS 4.9 (medium): An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct…
CVE-2025-40895 — CVSS 4.8 (medium): A Stored HTML Injection vulnerability was discovered in the CMC's Sensor Map functionality due to improper validation on connected…
CVE-2025-40891 — CVSS 4.7 (medium): A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network…
CVE-2025-40900 — CVSS 4.6 (medium): An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter…
CVE-2025-40894 — CVSS 4.4 (medium): A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper validation on an input…
CVE-2023-24015 — CVSS 4.3 (medium): A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be…