Nozominetworks Guardian — known CVE vulnerabilities
Every CVE whose affected-product data names Nozominetworks Guardian, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (36)
CVE-2025-40892 — CVSS 8.9 (high): A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter…
CVE-2023-23574 — CVSS 8.8 (high): A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_count component…
CVE-2022-4259 — CVSS 8.8 (high): Due to improper input validation in the Alerts controller, a SQL injection vulnerability in Nozomi Networks Guardian and CMC allows an…
CVE-2023-22378 — CVSS 8.8 (high): A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows…
CVE-2023-2567 — CVSS 8.8 (high): A SQL Injection vulnerability has been found in Nozomi Networks Guardian and CMC, due to improper input validation in certain parameters…
CVE-2023-29245 — CVSS 8.1 (high): A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset…
CVE-2025-3719 — CVSS 8.1 (high): An access control vulnerability was discovered in the CLI functionality due to a specific access restriction not being properly enforced…
CVE-2025-40889 — CVSS 8.1 (high): A path traversal vulnerability was discovered in the Time Machine functionality due to missing validation of two input parameters. An…
CVE-2025-40898 — CVSS 8.1 (high): A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input…
CVE-2025-3718 — CVSS 7.9 (high): A client-side path traversal vulnerability was discovered in the web management interface front-end due to missing validation of an input…
CVE-2025-40886 — CVSS 7.5 (high): A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated…
CVE-2023-32649 — CVSS 7.5 (high): A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the…
CVE-2020-7049 — CVSS 7.3 (high): Nozomi Networks OS before 19.0.4 allows /#/network?tab=network_node_list.html CSV Injection.
CVE-2021-26725 — CVSS 7.2 (high): Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to…
CVE-2021-26724 — CVSS 7.2 (high): OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows…
CVE-2022-0551 — CVSS 7.2 (high): Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with…
CVE-2022-0550 — CVSS 7.2 (high): Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an authenticated attacker…
CVE-2023-24477 — CVSS 7.0 (high): In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC versions before 22.6.2 do not always…
CVE-2025-40904 — CVSS 6.5 (medium): A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter…
CVE-2023-24471 — CVSS 6.5 (medium): An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in their debug…
CVE-2023-22843 — CVSS 6.4 (medium): An authenticated attacker with administrative access to the web management interface can inject malicious JavaScript code inside the…
CVE-2020-15307 — CVSS 6.1 (medium): Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS (in the web front end) by leveraging the ability to create a custom…
CVE-2025-40893 — CVSS 6.1 (medium): A Stored HTML Injection vulnerability was discovered in the Asset List functionality due to improper validation of network traffic data. An…
CVE-2024-4465 — CVSS 6.0 (medium): An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enforced for…
CVE-2025-40902 — CVSS 5.9 (medium): A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An…
CVE-2025-40901 — CVSS 5.9 (medium): A Stored HTML Injection vulnerability was discovered in the Credentials Manager functionality due to improper validation of an input…
CVE-2025-40903 — CVSS 5.9 (medium): A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input…
CVE-2025-40887 — CVSS 5.3 (medium): A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated…
CVE-2025-40888 — CVSS 5.3 (medium): A SQL Injection vulnerability was discovered in the CLI functionality due to improper validation of an input parameter. An authenticated…
CVE-2023-5253 — CVSS 5.3 (medium): A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may…
CVE-2025-40885 — CVSS 5.3 (medium): A SQL Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An…
CVE-2023-23903 — CVSS 4.9 (medium): An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct…
CVE-2025-40891 — CVSS 4.7 (medium): A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network…
CVE-2025-40900 — CVSS 4.6 (medium): An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter…
CVE-2025-40894 — CVSS 4.4 (medium): A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper validation on an input…
CVE-2023-24015 — CVSS 4.3 (medium): A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be…