Vulnerabilities
Recent vulnerabilities
Recent vulnerabilities from
π GNA-1 (CIRCL)
Select from 78 available sources using the dropdown above.
| ID | Description | Published | Updated |
|---|---|---|---|
| nn-2026:9-01 | Open Redirect in SAML Single Sign-On in Guardian/CMC before 26.2.0 | 2026-07-07T11:00:00.000Z | 2026-07-07T11:00:00.000Z |
| nn-2026:8-01 | HTML injection in Diagram tab and Graph view in Guardian/CMC before 26.2.0 | 2026-07-07T11:00:00.000Z | 2026-07-07T11:00:00.000Z |
| nn-2026:13-01 | Incorrect privilege assignment for Arc sensors in Guardian/CMC before 26.2.0 | 2026-07-07T11:00:00.000Z | 2026-07-07T11:00:00.000Z |
| nn-2026:12-01 | Disabled and non-configurable TLS certificate validation in n2os-tui when connecting the Remote Collector to a Guardian or CMC, in Remote Collector before v26.2.0 | 2026-07-07T11:00:00.000Z | 2026-07-07T11:00:00.000Z |
| nn-2026:11-01 | DoS through oversized audit log entries in Guardian/CMC before 26.2.0 | 2026-07-07T11:00:00.000Z | 2026-07-07T11:00:00.000Z |
| nn-2026:10-01 | Missing authentication in SSH keys synchronization endpoint in Guardian/CMC before 26.2.0 | 2026-07-07T11:00:00.000Z | 2026-07-07T11:00:00.000Z |
| nn-2026:7-01 | HTML injection in Smart Polling in Guardian/CMC before 26.1.0 | 2026-05-19T11:00:00.000Z | 2026-05-19T11:00:00.000Z |
| nn-2026:6-01 | HTML injection in Schedule Restore Archive in Guardian/CMC before 26.1.0 | 2026-05-19T11:00:00.000Z | 2026-05-19T11:00:00.000Z |
| nn-2026:5-01 | HTML injection in Users in Guardian/CMC before 26.1.0 | 2026-05-19T11:00:00.000Z | 2026-05-19T11:00:00.000Z |
| nn-2026:4-01 | HTML injection in Credentials Manager in Guardian/CMC before 26.1.0 | 2026-05-19T11:00:00.000Z | 2026-05-19T11:00:00.000Z |
| nn-2026:3-01 | Angular template injection in Reports in Guardian/CMC before 26.1.0 | 2026-05-19T11:00:00.000Z | 2026-05-19T11:00:00.000Z |
| nn-2026:2-01 | Stored Cross-Site Scripting (XSS) in Assets and Nodes in Guardian/CMC before 26.0.0 | 2026-04-15T11:00:00.000Z | 2026-04-15T11:00:00.000Z |
| nn-2026:1-01 | Incorrect authorization for Threat Intelligence in Guardian/CMC before 26.0.0 | 2026-04-15T11:00:00.000Z | 2026-04-15T11:00:00.000Z |
| nn-2025:18-01 | Lack of TLS certificate validation when connecting Arc to a Guardian or CMC, in Arc before v2.2.0 | 2026-03-04T11:00:00.000Z | 2026-03-04T11:00:00.000Z |
| nn-2025:17-01 | HTML injection in Sensor Map in CMC before 25.6.0 | 2026-03-04T11:00:00.000Z | 2026-03-04T11:00:00.000Z |
| nn-2025:16-01 | HTML injection in Alerted Nodes Dashboard in Guardian/CMC before 25.6.0 | 2026-03-04T11:00:00.000Z | 2026-03-04T11:00:00.000Z |
| nn-2025:15-01 | Path traversal in Import Arc data archive functionality in Guardian/CMC before 25.5.0 | 2025-12-18T11:00:00.000Z | 2025-12-18T11:00:00.000Z |
| nn-2025:14-01 | HTML injection in Asset List in Guardian/CMC before 25.5.0 | 2025-12-18T11:00:00.000Z | 2025-12-18T11:00:00.000Z |
| nn-2025:13-01 | Stored Cross-Site Scripting (XSS) in Reports in Guardian/CMC before 25.5.0 | 2025-12-18T11:00:00.000Z | 2025-12-18T11:00:00.000Z |
| nn-2025:12-01 | HTML injection in in Time Machine functionality in Guardian/CMC before 25.5.0 | 2025-12-18T11:00:00.000Z | 2025-12-18T11:00:00.000Z |
| nn-2025:11-01 | Stored Cross-Site Scripting (XSS) in Dashboards in Guardian/CMC before 25.4.0 | 2025-11-25T11:00:00.000Z | 2025-11-26T11:00:00.000Z |
| nn-2025:9-01 | Path traversal in Time Machine functionality in Guardian/CMC before 25.2.0 | 2025-10-07T11:00:00.000Z | 2025-10-07T11:00:00.000Z |
| nn-2025:8-01 | Authenticated SQL Injection on Alert functionality in Guardian/CMC before 25.2.0 | 2025-10-07T11:00:00.000Z | 2025-10-07T11:00:00.000Z |
| nn-2025:7-01 | Authenticated SQL Injection on Alert functionality in Guardian/CMC before 25.2.0 | 2025-10-07T11:00:00.000Z | 2025-10-07T11:00:00.000Z |
| nn-2025:6-01 | Authenticated SQL Injection on Smart Polling functionality in Guardian/CMC before 25.2.0 | 2025-10-07T11:00:00.000Z | 2025-10-07T11:00:00.000Z |
| nn-2025:5-01 | Incorrect authorization for CLI in Guardian/CMC before 25.2.0 | 2025-10-07T11:00:00.000Z | 2025-10-07T11:00:00.000Z |
| nn-2025:4-01 | Client-side path traversal in Guardian/CMC before 25.2.0 | 2025-10-07T11:00:00.000Z | 2025-10-07T11:00:00.000Z |
| nn-2025:10-01 | Authenticated SQL Injection on CLI functionality in Guardian/CMC before 25.3.0 | 2025-10-07T11:00:00.000Z | 2025-10-07T11:00:00.000Z |
| nn-2025:3-01 | Incorrect authorization for traces request/download in CMC before 25.1.0 | 2025-08-26T11:00:00.000Z | 2025-08-26T11:00:00.000Z |
| nn-2025:2-01 | Privilege escalation in Guardian/CMC before 24.6.0 | 2025-06-10T11:00:00.000Z | 2025-06-10T11:00:00.000Z |