{"componentChunkName":"component---src-pages-index-js","path":"/","result":{"data":{"allMarkdownRemark":{"edges":[{"node":{"id":"c9ed36f2-8f5f-50f3-a16e-019fc241615d","frontmatter":{"date":"2026-03-04","issue_date":"2026-03-04","slug":"/NN-2025:18-01","id":"NN-2025:18-01","topic":"Lack of TLS certificate validation when connecting Arc to a Guardian or CMC, in Arc before v2.2.0","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"ffa0ce29-dfbd-5848-8d46-9b003a70d404","frontmatter":{"date":"2026-03-04","issue_date":"2026-03-04","slug":"/NN-2025:17-01","id":"NN-2025:17-01","topic":"HTML injection in Sensor Map in CMC before 25.6.0","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"d32dea69-0572-5153-a340-eafe7a84fbca","frontmatter":{"date":"2026-03-04","issue_date":"2026-03-04","slug":"/NN-2025:16-01","id":"NN-2025:16-01","topic":"HTML injection in Alerted Nodes Dashboard in Guardian/CMC before 25.6.0","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"c2493763-e0fd-514a-98df-e14e2c7a2c3a","frontmatter":{"date":"2025-12-18","issue_date":"2025-12-18","slug":"/NN-2025:15-01","id":"NN-2025:15-01","topic":"Path traversal in Import Arc data archive functionality in Guardian/CMC before 25.5.0","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"01f11d06-ae80-5403-870d-0b27b5dbd41f","frontmatter":{"date":"2025-12-18","issue_date":"2025-12-18","slug":"/NN-2025:14-01","id":"NN-2025:14-01","topic":"HTML injection in Asset List in Guardian/CMC before 25.5.0","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"c3a7013f-df78-5af2-96c9-b29642fae68b","frontmatter":{"date":"2025-12-18","issue_date":"2025-12-18","slug":"/NN-2025:13-01","id":"NN-2025:13-01","topic":"Stored Cross-Site Scripting (XSS) in Reports in Guardian/CMC before 25.5.0","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"6451ca9c-e09f-5930-bdc4-f627487eafe1","frontmatter":{"date":"2025-12-18","issue_date":"2025-12-18","slug":"/NN-2025:12-01","id":"NN-2025:12-01","topic":"HTML injection in in Time Machine functionality in Guardian/CMC before 25.5.0","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"6b4b6103-260e-5ab1-aff4-90f53516355b","frontmatter":{"date":"2025-11-26","issue_date":"2025-11-25","slug":"/NN-2025:11-01","id":"NN-2025:11-01","topic":"Stored Cross-Site Scripting (XSS) in Dashboards in Guardian/CMC before 25.4.0","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"3bfdb5d0-d395-5c1c-ac4e-1945ddba5fc2","frontmatter":{"date":"2025-10-07","issue_date":"2025-10-07","slug":"/NN-2025:10-01","id":"NN-2025:10-01","topic":"Authenticated SQL Injection on CLI functionality in Guardian/CMC before 25.3.0","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"95e1db4e-2baf-54c1-88f4-c3a76bac6a73","frontmatter":{"date":"2025-10-07","issue_date":"2025-10-07","slug":"/NN-2025:9-01","id":"NN-2025:9-01","topic":"Path traversal in Time Machine functionality in Guardian/CMC before 25.2.0","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"91e002fa-7891-5546-9d12-797b25a63bd6","frontmatter":{"date":"2025-10-07","issue_date":"2025-10-07","slug":"/NN-2025:8-01","id":"NN-2025:8-01","topic":"Authenticated SQL Injection on Alert functionality in Guardian/CMC before 25.2.0","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"f55987ca-0843-5a65-adcc-3bc0392f7ce8","frontmatter":{"date":"2025-10-07","issue_date":"2025-10-07","slug":"/NN-2025:7-01","id":"NN-2025:7-01","topic":"Authenticated SQL Injection on Alert functionality in Guardian/CMC before 25.2.0","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"a0ff4875-c900-55a7-a101-786e7b887e20","frontmatter":{"date":"2025-10-07","issue_date":"2025-10-07","slug":"/NN-2025:6-01","id":"NN-2025:6-01","topic":"Authenticated SQL Injection on Smart Polling functionality in Guardian/CMC before 25.2.0","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"61aa4bdc-01d6-5bdb-b426-46ac658701ab","frontmatter":{"date":"2025-10-07","issue_date":"2025-10-07","slug":"/NN-2025:5-01","id":"NN-2025:5-01","topic":"Incorrect authorization for CLI in Guardian/CMC before 25.2.0","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"657e1807-0b65-5ae2-a230-4933461cb034","frontmatter":{"date":"2025-10-07","issue_date":"2025-10-07","slug":"/NN-2025:4-01","id":"NN-2025:4-01","topic":"Client-side path traversal in Guardian/CMC before 25.2.0","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"1dbbec01-df7f-5d8a-b1b5-f32319b88d57","frontmatter":{"date":"2025-08-26","issue_date":"2025-08-26","slug":"/NN-2025:3-01","id":"NN-2025:3-01","topic":"Incorrect authorization for traces request/download in CMC before 25.1.0","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"5462cf92-7ba1-586d-824c-24c11c2d24ea","frontmatter":{"date":"2025-06-10","issue_date":"2025-06-10","slug":"/NN-2025:2-01","id":"NN-2025:2-01","topic":"Privilege escalation in Guardian/CMC before 24.6.0","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"c81ede2b-295c-5b1d-bc7c-a4b941e76f79","frontmatter":{"date":"2025-06-10","issue_date":"2025-06-10","slug":"/NN-2025:1-01","id":"NN-2025:1-01","topic":"Authenticated RCE in update functionality in Guardian/CMC before 24.6.0","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"6a548cd3-e406-5042-83f1-cfa4959680d7","frontmatter":{"date":"2024-09-19","issue_date":"2024-09-11","slug":"/NN-2024:2-01","id":"NN-2024:2-01","topic":"Incorrect authorization for Reports configuration in Guardian/CMC before 24.2.0","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"29980288-a060-527f-962f-7a594beee4fb","frontmatter":{"date":"2024-05-20","issue_date":"2024-05-15","slug":"/NN-2023:16-01","id":"NN-2023:16-01","topic":"Path traversal via 'zip slip' in Arc before v1.6.0","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"124dd8cf-28b6-5be6-ad2f-8e614164dd45","frontmatter":{"date":"2024-09-19","issue_date":"2024-05-15","slug":"/NN-2023:15-01","id":"NN-2023:15-01","topic":"Sensitive data exfiltration via unsafe permissions on Windows systems in Arc before v1.6.0","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"84a351a1-5693-586f-b3ba-fa1751f58c89","frontmatter":{"date":"2024-05-20","issue_date":"2024-05-15","slug":"/NN-2023:14-01","id":"NN-2023:14-01","topic":"Unsafe temporary data privileges on Unix systems in Arc before v1.6.0","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"77402037-58e9-5ec2-ac10-ab195dcf80fe","frontmatter":{"date":"2024-05-20","issue_date":"2024-05-15","slug":"/NN-2023:13-01","id":"NN-2023:13-01","topic":"Missing authentication for local web interface in Arc before v1.6.0","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"872d91ad-44b0-5de4-a060-abd20a9c5f61","frontmatter":{"date":"2024-09-19","issue_date":"2024-04-10","slug":"/NN-2024:1-01","id":"NN-2024:1-01","topic":"DoS on IDS parsing of malformed Radius packets in Guardian before 23.4.1","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"0e2c898e-78fb-5852-8b83-f8c38e6d33a2","frontmatter":{"date":"2024-09-19","issue_date":"2024-04-10","slug":"/NN-2023:17-01","id":"NN-2023:17-01","topic":"Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"2330b9c9-252b-56d4-9c18-0a2c574a6338","frontmatter":{"date":"2024-09-19","issue_date":"2024-01-15","slug":"/NN-2023:12-01","id":"NN-2023:12-01","topic":"Check Point IoT integration: WebSocket returns assets data without authentication in Guardian/CMC before 23.3.0","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"76f25915-7bbc-51c2-9d36-ee8c3c5dffba","frontmatter":{"date":"2024-09-19","issue_date":"2023-09-18","slug":"/NN-2023:11-01","id":"NN-2023:11-01","topic":"SQL Injection on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"082b684b-0ffa-583c-bfd4-4fa4658d5da5","frontmatter":{"date":"2024-09-19","issue_date":"2023-09-18","slug":"/NN-2023:10-01","id":"NN-2023:10-01","topic":"DoS on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"cfa752e1-0603-5072-bd71-25cbbdac9a5b","frontmatter":{"date":"2024-09-19","issue_date":"2023-09-18","slug":"/NN-2023:9-01","id":"NN-2023:9-01","topic":"Authenticated SQL Injection on Query functionality in Guardian/CMC before 22.6.3 and 23.1.0","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"f386f023-8c45-5182-b3c5-4f61cd1087d6","frontmatter":{"date":"2024-09-19","issue_date":"2023-08-09","slug":"/NN-2023:8-01","id":"NN-2023:8-01","topic":"Session Fixation in Guardian/CMC before 22.6.2","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"57bb3372-efe0-55f6-aa76-6415e1b87921","frontmatter":{"date":"2024-09-19","issue_date":"2023-08-09","slug":"/NN-2023:7-01","id":"NN-2023:7-01","topic":"DoS via SAML configuration in Guardian/CMC before 22.6.2","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"83386a93-c77f-52a7-931b-6890de03a678","frontmatter":{"date":"2024-09-19","issue_date":"2023-08-09","slug":"/NN-2023:6-01","id":"NN-2023:6-01","topic":"Partial DoS on Reports section due to null report name in Guardian/CMC before 22.6.2","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"3b1eb6e0-62e1-5cc1-89ef-0f405e2ab0e0","frontmatter":{"date":"2024-05-20","issue_date":"2023-08-09","slug":"/NN-2023:5-01","id":"NN-2023:5-01","topic":"Information disclosure via the debug function in assertions in Guardian/CMC before 22.6.2","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"33b12c76-34d0-5476-b253-622f8bfafc11","frontmatter":{"date":"2024-09-19","issue_date":"2023-08-09","slug":"/NN-2023:4-01","id":"NN-2023:4-01","topic":"Stored Cross-Site Scripting (XSS) in Threat Intelligence rules in Guardian/CMC before 22.6.2","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"6ae01b70-86e1-55fa-a336-fa68d3ed22f7","frontmatter":{"date":"2024-09-19","issue_date":"2023-08-09","slug":"/NN-2023:3-01","id":"NN-2023:3-01","topic":"Authenticated Blind SQL Injection on alerts count in Guardian/CMC before 22.6.2","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"d96f1fc1-8c23-5063-af61-55c72d7f3268","frontmatter":{"date":"2024-09-19","issue_date":"2023-08-09","slug":"/NN-2023:2-01","id":"NN-2023:2-01","topic":"Authenticated Blind SQL Injection on sorting in Guardian/CMC before 22.6.2","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"1f56c5f6-65d4-5288-8167-3f3b01051cc0","frontmatter":{"date":"2024-05-20","issue_date":"2023-05-03","slug":"/NN-2023:1-01","id":"NN-2023:1-01","topic":"Authenticated SQL Injection on Alerts in Guardian/CMC before 22.5.2","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"33caf405-3624-5e9f-875c-b6e8d23650eb","frontmatter":{"date":"2024-09-19","issue_date":"2022-02-14","slug":"/NN-2022:2-02","id":"NN-2022:2-02","topic":"Authenticated RCE on project configuration import in Guardian/CMC before 22.0.0","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"2de586fa-4acd-5127-91c7-c8f5dc1eaf7b","frontmatter":{"date":"2024-09-19","issue_date":"2022-02-14","slug":"/NN-2022:2-01","id":"NN-2022:2-01","topic":"Authenticated RCE on logo report upload in Guardian/CMC before 22.0.0","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"6777a0ba-ce4f-5f08-9758-ff802fddd64f","frontmatter":{"date":"2024-05-20","issue_date":"2021-02-04","slug":"/NN-2021:2-01","id":"NN-2021:2-01","topic":"Authenticated command path traversal on timezone settings in Guardian/CMC before 20.0.7.4","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"ec709c16-1660-5712-b566-2154986b1489","frontmatter":{"date":"2024-05-20","issue_date":"2021-02-04","slug":"/NN-2021:1-01","id":"NN-2021:1-01","topic":"Authenticated command injection when changing date settings or hostname in Guardian/CMC before 20.0.7.4","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"636bdb04-35c6-51d1-8cac-507a3b94e75b","frontmatter":{"date":"2024-05-20","issue_date":"2020-05-26","slug":"/NN-2020:3-01","id":"NN-2020:3-01","topic":"Angular template injection on custom report name field","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"a063dcbe-5467-59b4-9853-3884d7afc547","frontmatter":{"date":"2024-05-20","issue_date":"2020-05-26","slug":"/NN-2020:2-01","id":"NN-2020:2-01","topic":"Cross-site request forgery attack on change password form","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"0bbac306-385a-530f-b988-2acaff641e2b","frontmatter":{"date":"2024-05-20","issue_date":"2020-02-25","slug":"/NN-2020:1-01","id":"NN-2020:1-01","topic":"NGINX allows HTTP request smuggling","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"b71adb59-c4bb-5cc0-a817-0e772fc82dbc","frontmatter":{"date":"2024-05-20","issue_date":"2019-11-11","slug":"/NN-2019:2-01","id":"NN-2019:2-01","topic":"CSV Injection on node label","is_sa":"Y","is_public":"Y"}}},{"node":{"id":"d6132c80-ae10-5776-9739-ed12c2e2ee7a","frontmatter":{"date":"2024-05-20","issue_date":"2019-11-11","slug":"/NN-2019:1-01","id":"NN-2019:1-01","topic":"Stored XSS in field name data model","is_sa":"Y","is_public":"Y"}}}]}},"pageContext":{}},"staticQueryHashes":["1561529759","2355022246","3649515864","63159454"],"slicesMap":{}}