Guardian 安全漏洞

Guardian is a policy-based digital asset management and verification platform developed by Hedera. Versions of Guardian 3.5.0 and earlier contain security vulnerabilities. These vulnerabilities stem from unshaded JavaScript execution within custom logic policy blocks in the worker threads, which...

CVE-2025-40887 Authenticated SQL Injection on Alert functionality in Guardian/CMC before 25.2.0

A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized data...

Authenticated RCE on project configuration import in Guardian/CMC before 22.0.0

Summary Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands on the appliance using web server user privileges. Impact Users with admin or import manage...