Lucene search
K

272 matches found

Vulnrichment
Vulnrichment
added 2025/12/18 1:16 p.m.3 views

CVE-2025-40892 Stored Cross-Site Scripting (XSS) in Reports in Guardian/CMC before 25.5.0

A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a victim can be socially engineered to import a...

8.9CVSS4.9AI score0.0021EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/18 1:14 p.m.3 views

CVE-2025-40891 HTML injection in in Time Machine functionality in Guardian/CMC before 25.5.0

A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets at two different times to inject HTML tags into asset attributes across t...

4.7CVSS6.1AI score0.00143EPSS
Exploits0References1
NOZOMI
NOZOMI
added 2025/12/18 12:0 a.m.5 views

Path traversal in Import Arc data archive functionality in Guardian/CMC before 25.5.0

Summary A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. Impact An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in...

8.1CVSS6.8AI score0.00338EPSS
Exploits0Affected Software2
NOZOMI
NOZOMI
added 2025/12/18 12:0 a.m.7 views

HTML injection in Asset List in Guardian/CMC before 25.5.0

Summary A Stored HTML Injection vulnerability was discovered in the Asset List functionality due to improper validation of network traffic data. Impact An unauthenticated attacker can send specially crafted network packets to inject HTML tags into asset attributes. When a victim views the affecte...

6.1CVSS6AI score0.0016EPSS
Exploits0Affected Software2
Cvelist
Cvelist
added 2025/11/25 3:30 p.m.12 views

CVE-2025-40890 Stored Cross-Site Scripting (XSS) in Dashboards in Guardian/CMC before 25.4.0

A Stored Cross-Site Scripting vulnerability was discovered in the Dashboards functionality due to improper validation of an input parameter. An authenticated low-privilege user can craft a malicious dashboard containing a JavaScript payload and share it with victim users, or a victim can be...

7.9CVSS0.00165EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/25 12:0 a.m.7 views

Nozomi Networks CMC和Nozomi Networks Guardian 跨站脚本漏洞

Nozomi Networks CMC and Nozomi Networks Guardian are both products of Nozomi Networks, Inc. of the U.S. Nozomi Networks CMC is a network management platform.Nozomi Networks Guardian is a protection software. A cross-site scripting vulnerability exists in Nozomi Networks CMC and Nozomi Networks...

7.9CVSS5.9AI score0.00165EPSS
Exploits0References1
NOZOMI
NOZOMI
added 2025/11/25 12:0 a.m.10 views

Stored Cross-Site Scripting (XSS) in Dashboards in Guardian/CMC before 25.4.0

Summary A Stored Cross-Site Scripting vulnerability was discovered in the Dashboards functionality due to improper validation of an input parameter. Impact An authenticated low-privilege user can craft a malicious dashboard containing a JavaScript payload and share it with victim users, or a vict...

7.9CVSS5.2AI score0.00165EPSS
Exploits0Affected Software2
Vulnrichment
Vulnrichment
added 2025/10/07 12:37 p.m.5 views

CVE-2025-40889 Path traversal in Time Machine functionality in Guardian/CMC before 25.2.0

A path traversal vulnerability was discovered in the Time Machine functionality due to missing validation of two input parameters. An authenticated user with limited privileges, by issuing a specifically-crafted request, can potentially alter the structure and content of files in the /data folder...

8.1CVSS6.3AI score0.00379EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/07 12:37 p.m.15 views

CVE-2025-40887 Authenticated SQL Injection on Alert functionality in Guardian/CMC before 25.2.0

A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized data...

6CVSS0.00223EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/07 12:36 p.m.4 views

CVE-2025-40886 Authenticated SQL Injection on Alert functionality in Guardian/CMC before 25.2.0

A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SQL statements on the DBMS used by the web application, potentially exposing unauthorized data, altering...

7.7CVSS7.7AI score0.00248EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/07 12:35 p.m.2 views

CVE-2025-40885 Authenticated SQL Injection on Smart Polling functionality in Guardian/CMC before 25.2.0

A SQL Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized da...

6CVSS7.7AI score0.00223EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/07 12:35 p.m.6 views

CVE-2025-40885 Authenticated SQL Injection on Smart Polling functionality in Guardian/CMC before 25.2.0

A SQL Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized da...

6CVSS0.00223EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/07 12:34 p.m.7 views

CVE-2025-3719 Incorrect authorization for CLI in Guardian/CMC before 25.2.0

An access control vulnerability was discovered in the CLI functionality due to a specific access restriction not being properly enforced for users with limited privileges. An authenticated user with limited privileges can issue administrative CLI commands, altering the device configuration, and/o...

8.1CVSS0.0025EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/07 12:33 p.m.8 views

CVE-2025-3718 Client-side path traversal in Guardian/CMC before 25.2.0

A client-side path traversal vulnerability was discovered in the web management interface front-end due to missing validation of an input parameter. An authenticated user with limited privileges can craft a malicious URL which, if visited by an authenticated victim, leads to a Cross-Site Scriptin...

7.9CVSS0.0021EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/07 12:33 p.m.2 views

CVE-2025-3718 Client-side path traversal in Guardian/CMC before 25.2.0

A client-side path traversal vulnerability was discovered in the web management interface front-end due to missing validation of an input parameter. An authenticated user with limited privileges can craft a malicious URL which, if visited by an authenticated victim, leads to a Cross-Site Scriptin...

7.9CVSS5.4AI score0.0021EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-27406

Malware in sbrugna...

9CVSS7AI score0.04693EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-9014

Malware in sbrugna...

6.1CVSS6.3AI score0.00846EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-27407

Malware in sbrugna...

5.4CVSS5.6AI score0.00624EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-12570

Malware in sbrugna...

4CVSS3.8AI score0.00978EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2020-17743

Malware in sbrugna...

7.5CVSS7.6AI score0.00431EPSS
Exploits0References2
Rows per page
Query Builder