nozomi networks Latest Vulnerabilities

Latest vulnerabilities published by nozomi networks

JSON RSS CSV 🔔 Create Alert Trigger

10 June 2025

Privilege Escalation Vulnerability in Local Service Accounts by Vendor
CVE-2024-13090
Nozomi NetworksGuardian7.3HIGH
OS Command Injection Vulnerability in Nozomi Networks Guardian and CMC
CVE-2024-13089
Nozomi NetworksGuardian7.5HIGH

11 September 2024

Access Control Vulnerability Affects Reporting Configuration in Guardian/CMC
CVE-2024-4465
Nozomi NetworksGuardian5MEDIUM

15 May 2024

Arc Vulnerable to Path Traversal Attacks via 'Zip Slip'
CVE-2023-5938
Nozomi NetworksArc8HIGH
Windows Configuration Files Vulnerable to Information Disclosure
CVE-2023-5937
Nozomi NetworksArc3.8LOW
Arc Temporary File Vulnerability Allows Root Privilege Execution
CVE-2023-5936
Nozomi NetworksArc7.8HIGH
Local Web Interface Vulnerability in Arc Could Lead to Sensitive Information Extraction and Arbitrary Code Execution
CVE-2023-5935
Nozomi NetworksArc7.4HIGH

10 April 2024

Unauthenticated Denial of Service Vulnerability in Nozomi Networks Guardian
CVE-2024-0218
Nozomi NetworksGuardian7.5HIGH
Sensitive Information at Risk of Unauthorized Access in OpenAPI Audit Records
CVE-2023-6916
Nozomi NetworksGuardian7.2HIGH

15 January 2024

Check Point IoT integration: WebSocket returns assets data without authentication in Guardian/CMC before 23.3.0
CVE-2023-5253
Nozomi NetworksGuardian6.3MEDIUM

19 September 2023

Authenticated SQL Injection on Query functionality in Guardian/CMC before 22.6.3 and 23.1.0
CVE-2023-2567
Nozomi NetworksGuardian8.7HIGH
SQL Injection on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0
CVE-2023-29245
Nozomi NetworksGuardian9.2CRITICAL
DoS on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0
CVE-2023-32649
Nozomi NetworksGuardian8.2HIGH

9 August 2023

DoS via SAML configuration in Guardian/CMC before 22.6.2
CVE-2023-23903
Nozomi NetworksGuardian4.9MEDIUM
Partial DoS on Reports section due to null report name in Guardian/CMC before 22.6.2
CVE-2023-24015
Nozomi NetworksGuardian4.3MEDIUM
Authenticated Blind SQL Injection on sorting in Guardian/CMC before 22.6.2
CVE-2023-22378
Nozomi NetworksGuardian6.5MEDIUM
Stored Cross-Site Scripting (XSS) in Threat Intelligence rules in Guardian/CMC before 22.6.2
CVE-2023-22843
Nozomi NetworksGuardian4.8MEDIUM
Authenticated Blind SQL Injection on alerts count in Guardian/CMC before 22.6.2
CVE-2023-23574
Nozomi NetworksGuardian8.8HIGH
Information disclosure via the debug function in assertions in Guardian/CMC before 22.6.2
CVE-2023-24471
Nozomi NetworksGuardian6.5MEDIUM
Session Fixation in Guardian/CMC before 22.6.2
CVE-2023-24477
Nozomi NetworksGuardian7HIGH

4 May 2023

Authenticated SQL Injection on Alerts in Guardian/CMC before 22.5.2
CVE-2022-4259
Nozomi NetworksCmc8.8HIGH

24 March 2022

Authenticated RCE on project configuration import in Guardian/CMC before 22.0.0
CVE-2022-0551
Nozomi NetworksGuardian7.2HIGH
Authenticated RCE on logo report upload in Guardian/CMC before 22.0.0
CVE-2022-0550
Nozomi NetworksGuardian7.2HIGH

22 February 2021

Authenticated command injection when changing date settings or hostname in Guardian/CMC before 20.0.7.4
CVE-2021-26724
Nozomi NetworksGuardian7.2HIGH
Authenticated command path traversal on timezone settings in Guardian/CMC before 20.0.7.4
CVE-2021-26725
Nozomi NetworksGuardian7.2HIGH

nozomi networks Latest Vulnerabilities

Vulnerability Published:

Sort By:

10 June 2025

Privilege Escalation Vulnerability in Local Service Accounts by Vendor

OS Command Injection Vulnerability in Nozomi Networks Guardian and CMC

11 September 2024

Access Control Vulnerability Affects Reporting Configuration in Guardian/CMC

15 May 2024

Arc Vulnerable to Path Traversal Attacks via 'Zip Slip'

Windows Configuration Files Vulnerable to Information Disclosure

Arc Temporary File Vulnerability Allows Root Privilege Execution

Local Web Interface Vulnerability in Arc Could Lead to Sensitive Information Extraction and Arbitrary Code Execution

10 April 2024

Unauthenticated Denial of Service Vulnerability in Nozomi Networks Guardian

Sensitive Information at Risk of Unauthorized Access in OpenAPI Audit Records

15 January 2024

Check Point IoT integration: WebSocket returns assets data without authentication in Guardian/CMC before 23.3.0

19 September 2023

Authenticated SQL Injection on Query functionality in Guardian/CMC before 22.6.3 and 23.1.0

SQL Injection on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0

DoS on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0

9 August 2023

DoS via SAML configuration in Guardian/CMC before 22.6.2

Partial DoS on Reports section due to null report name in Guardian/CMC before 22.6.2

Authenticated Blind SQL Injection on sorting in Guardian/CMC before 22.6.2

Stored Cross-Site Scripting (XSS) in Threat Intelligence rules in Guardian/CMC before 22.6.2

Authenticated Blind SQL Injection on alerts count in Guardian/CMC before 22.6.2

Information disclosure via the debug function in assertions in Guardian/CMC before 22.6.2

Session Fixation in Guardian/CMC before 22.6.2

4 May 2023

Authenticated SQL Injection on Alerts in Guardian/CMC before 22.5.2

24 March 2022

Authenticated RCE on project configuration import in Guardian/CMC before 22.0.0

Authenticated RCE on logo report upload in Guardian/CMC before 22.0.0

22 February 2021

Authenticated command injection when changing date settings or hostname in Guardian/CMC before 20.0.7.4

Authenticated command path traversal on timezone settings in Guardian/CMC before 20.0.7.4