Recent vulnerabilities
Recent vulnerabilities from
Select from 70 available sources using the dropdown above.
| ID | Description | Published | Updated |
|---|---|---|---|
| nn-2019:1-01 | Stored XSS in field name data model | 2019-11-11T11:00:00.000Z | 2024-05-20T11:00:00.000Z |
| nn-2019:2-01 | CSV Injection on node label | 2019-11-11T11:00:00.000Z | 2024-05-20T11:00:00.000Z |
| nn-2020:2-01 | Cross-site request forgery attack on change password form | 2020-05-26T11:00:00.000Z | 2024-05-20T11:00:00.000Z |
| nn-2020:3-01 | Angular template injection on custom report name field | 2020-05-26T11:00:00.000Z | 2024-05-20T11:00:00.000Z |
| nn-2021:1-01 | Authenticated command injection when changing date settings or hostname in Guardian/CMC before 20.0.7.4 | 2021-02-22T11:00:00.000Z | 2024-05-20T11:00:00.000Z |
| nn-2021:2-01 | Authenticated command path traversal on timezone settings in Guardian/CMC before 20.0.7.4 | 2021-02-22T11:00:00.000Z | 2024-05-20T11:00:00.000Z |
| nn-2022:2-01 | Authenticated RCE on logo report upload in Guardian/CMC before 22.0.0 | 2022-02-14T11:00:00.000Z | 2024-09-19T11:00:00.000Z |
| nn-2022:2-02 | Authenticated RCE on project configuration import in Guardian/CMC before 22.0.0 | 2022-02-14T11:00:00.000Z | 2024-09-19T11:00:00.000Z |
| nn-2023:1-01 | Authenticated SQL Injection on Alerts in Guardian/CMC before 22.5.2 | 2023-05-03T11:00:00.000Z | 2024-05-20T11:00:00.000Z |
| nn-2023:2-01 | Authenticated Blind SQL Injection on sorting in Guardian/CMC before 22.6.2 | 2023-08-09T11:00:00.000Z | 2024-09-19T11:00:00.000Z |
| nn-2023:3-01 | Authenticated Blind SQL Injection on alerts count in Guardian/CMC before 22.6.2 | 2023-08-09T11:00:00.000Z | 2024-09-19T11:00:00.000Z |
| nn-2023:4-01 | Stored Cross-Site Scripting (XSS) in Threat Intelligence rules in Guardian/CMC before 22.6.2 | 2023-08-09T11:00:00.000Z | 2024-09-19T11:00:00.000Z |
| nn-2023:5-01 | Information disclosure via the debug function in assertions in Guardian/CMC before 22.6.2 | 2023-08-09T11:00:00.000Z | 2024-05-20T11:00:00.000Z |
| nn-2023:6-01 | Partial DoS on Reports section due to null report name in Guardian/CMC before 22.6.2 | 2023-08-09T11:00:00.000Z | 2024-09-19T11:00:00.000Z |
| nn-2023:7-01 | DoS via SAML configuration in Guardian/CMC before 22.6.2 | 2023-08-09T11:00:00.000Z | 2024-09-19T11:00:00.000Z |
| nn-2023:8-01 | Session Fixation in Guardian/CMC before 22.6.2 | 2023-08-09T11:00:00.000Z | 2024-09-19T11:00:00.000Z |
| nn-2023:10-01 | DoS on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0 | 2023-09-18T11:00:00.000Z | 2024-09-19T11:00:00.000Z |
| nn-2023:11-01 | SQL Injection on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0 | 2023-09-18T11:00:00.000Z | 2024-09-19T11:00:00.000Z |
| nn-2023:9-01 | Authenticated SQL Injection on Query functionality in Guardian/CMC before 22.6.3 and 23.1.0 | 2023-09-18T11:00:00.000Z | 2024-09-19T11:00:00.000Z |
| nn-2023:12-01 | Check Point IoT integration: WebSocket returns assets data without authentication in Guardian/CMC before 23.3.0 | 2024-01-15T11:00:00.000Z | 2024-09-19T11:00:00.000Z |
| nn-2023:17-01 | Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1 | 2024-04-10T11:00:00.000Z | 2024-09-19T11:00:00.000Z |
| nn-2024:1-01 | DoS on IDS parsing of malformed Radius packets in Guardian before 23.4.1 | 2024-04-10T11:00:00.000Z | 2024-09-19T11:00:00.000Z |
| nn-2023:13-01 | Missing authentication for local web interface in Arc before v1.6.0 | 2024-05-15T11:00:00.000Z | 2024-05-20T11:00:00.000Z |
| nn-2023:14-01 | Unsafe temporary data privileges on Unix systems in Arc before v1.6.0 | 2024-05-15T11:00:00.000Z | 2024-05-20T11:00:00.000Z |
| nn-2023:15-01 | Sensitive data exfiltration via unsafe permissions on Windows systems in Arc before v1.6.0 | 2024-05-15T11:00:00.000Z | 2024-09-19T11:00:00.000Z |
| nn-2023:16-01 | Path traversal via 'zip slip' in Arc before v1.6.0 | 2024-05-15T11:00:00.000Z | 2024-05-20T11:00:00.000Z |
| nn-2024:2-01 | Incorrect authorization for Reports configuration in Guardian/CMC before 24.2.0 | 2024-09-11T11:00:00.000Z | 2024-09-19T11:00:00.000Z |
| nn-2025:1-01 | Authenticated RCE in update functionality in Guardian/CMC before 24.6.0 | 2025-06-10T11:00:00.000Z | 2025-06-10T11:00:00.000Z |
| nn-2025:2-01 | Privilege escalation in Guardian/CMC before 24.6.0 | 2025-06-10T11:00:00.000Z | 2025-06-10T11:00:00.000Z |
| nn-2025:3-01 | Incorrect authorization for traces request/download in CMC before 25.1.0 | 2025-08-26T11:00:00.000Z | 2025-08-26T11:00:00.000Z |