CVE-2025-40893

The CVE-2025-40893 issue affects Nozomi Networks Guardian/CMC Asset List functionality where improper validation of network traffic data allows stored HTML injection (XSS) via specially crafted packets. Unauthenticated attackers can insert HTML into asset attributes, which then renders in a victi...

HTML injection in Asset List in Guardian/CMC before 25.5.0

Summary A Stored HTML Injection vulnerability was discovered in the Asset List functionality due to improper validation of network traffic data. Impact An unauthenticated attacker can send specially crafted network packets to inject HTML tags into asset attributes. When a victim views the affecte...

Path traversal in Import Arc data archive functionality in Guardian/CMC before 25.5.0

Summary A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. Impact An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in...

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel due to a race condition in handleasyncdeletion, invoked during the authorization flow. An attacker who can convince a user to authorize an app can maintain unauthorized access to...

CVE-2025-53099

Sentry is a developer-first error tracking and performance monitoring tool. Prior to version 25.5.0, an attacker with a malicious OAuth application registered with Sentry can take advantage of a race condition and improper handling of authorization code within Sentry to maintain persistence to a...

PT-2025-27554 · Sentry · Sentry

Name of the Vulnerable Software and Affected Versions: Sentry versions prior to 25.5.0 Description: The issue allows an attacker with a malicious OAuth application registered with Sentry to take advantage of a race condition and improper handling of authorization code within Sentry, maintaining...

CVE-2025-47931

CVE-2025-47931 affects LibreNMS (PHP/MySQL/SNMP) journeled to include a Stored XSS in the group name parameter of the poller/groups form. Affected versions: LibreNMS v25.4.0 and prior; exploitation involves injecting scripts that are later rendered in pages viewed by other users. The issue has a ...

PT-2025-21798 · Librenms · Librenms

Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 25.5.0 Description: The issue is a Stored Cross-Site Scripting XSS vulnerability that affects the group name parameter of the "http://localhost/poller/groups" form. This allows attackers to inject malicious scripts...