Nozominetworks

Cmc

41 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2025-40898

  • EPSS 0.34%
  • Veröffentlicht 18.12.2025 13:19:22
  • Zuletzt bearbeitet 14.04.2026 10:16:27

A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can pote...

6.1

CVE-2025-40893

  • EPSS 0.16%
  • Veröffentlicht 18.12.2025 13:17:54
  • Zuletzt bearbeitet 14.04.2026 10:16:27

A Stored HTML Injection vulnerability was discovered in the Asset List functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets to inject HTML tags into asset attributes....

8.9

CVE-2025-40892

  • EPSS 0.21%
  • Veröffentlicht 18.12.2025 13:16:25
  • Zuletzt bearbeitet 14.04.2026 10:16:27

A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a...

4.7

CVE-2025-40891

  • EPSS 0.14%
  • Veröffentlicht 18.12.2025 13:14:35
  • Zuletzt bearbeitet 14.04.2026 10:16:26

A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets at two different times to ...

7.9

CVE-2025-40890

  • EPSS 0.17%
  • Veröffentlicht 25.11.2025 15:30:34
  • Zuletzt bearbeitet 29.04.2026 01:00:01

A Stored Cross-Site Scripting vulnerability was discovered in the Dashboards functionality due to improper validation of an input parameter. An authenticated low-privilege user can craft a malicious dashboard containing a JavaScript payload and sh...

6.5

CVE-2025-40888

  • EPSS 0.22%
  • Veröffentlicht 07.10.2025 12:38:39
  • Zuletzt bearbeitet 09.10.2025 16:37:58

A SQL Injection vulnerability was discovered in the CLI functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application,...

8.1

CVE-2025-40889

  • EPSS 0.37%
  • Veröffentlicht 07.10.2025 12:37:58
  • Zuletzt bearbeitet 09.10.2025 16:37:35

A path traversal vulnerability was discovered in the Time Machine functionality due to missing validation of two input parameters. An authenticated user with limited privileges, by issuing a specifically-crafted request, can potentially alter the str...

6.5

CVE-2025-40887

  • EPSS 0.22%
  • Veröffentlicht 07.10.2025 12:37:10
  • Zuletzt bearbeitet 09.10.2025 16:38:07

A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web applicatio...

8.8

CVE-2025-40886

  • EPSS 0.24%
  • Veröffentlicht 07.10.2025 12:36:34
  • Zuletzt bearbeitet 09.10.2025 16:38:21

A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SQL statements on the DBMS used by the web application, pote...

6.5

CVE-2025-40885

  • EPSS 0.22%
  • Veröffentlicht 07.10.2025 12:35:57
  • Zuletzt bearbeitet 09.10.2025 16:38:33

A SQL Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web ap...