NAVER Security Vulnerabilities
nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request...
6.9AI Score
0.0004EPSS
nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote...
7.9AI Score
0.0004EPSS
nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request...
7AI Score
0.0004EPSS
nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe...
8.5AI Score
0.0004EPSS
nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects...
8.7AI Score
0.0004EPSS
nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote...
7.3AI Score
0.0004EPSS
The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser unlock function via 'Open in Whale'...
5.5CVSS
7.2AI Score
0.0004EPSS
Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process...
9.8CVSS
9.2AI Score
0.002EPSS
NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arbitrary code via a crafted upgrade.xml file. Special characters in filename parameter can be the cause of bypassing code signing check...
9.8CVSS
9.5AI Score
0.011EPSS
NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito...
5.3CVSS
7.3AI Score
0.001EPSS
Naver Cloud Explorer Beta allows the attacker to execute arbitrary code as System privilege via malicious DLL...
7.8CVSS
8.1AI Score
0.001EPSS
The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the...
7.1CVSS
6.8AI Score
0.001EPSS
Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the...
6.5CVSS
6.3AI Score
0.002EPSS
The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer...
6.1CVSS
6.1AI Score
0.001EPSS
A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal...
4.3CVSS
4.7AI Score
0.001EPSS
Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the address bar which may lead to address bar...
5.3CVSS
5AI Score
0.001EPSS
An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HTML...
8.8CVSS
8.6AI Score
0.004EPSS
Whale Browser Installer before 1.2.0.5 versions don't support signature verification for Flash...
9.1CVSS
7.5AI Score
0.002EPSS
Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named...
9.8CVSS
7.3AI Score
0.002EPSS
Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker's server and execute it during the...
9.1CVSS
7.7AI Score
0.002EPSS
nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz...
7.5CVSS
7.5AI Score
0.002EPSS
NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers to cause a denial of service when reading data from IOCTL...
7.5CVSS
7.4AI Score
0.001EPSS
7.8CVSS
7.4AI Score
0.001EPSS
Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain...
5.3CVSS
7AI Score
0.001EPSS
Multiple cross-site scripting (XSS) vulnerabilities in nGrinder before 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) description, (2) email, or (3) username parameter to...
6.1CVSS
5.9AI Score
0.001EPSS
The LINE PLAY (aka jp.naver.lineplay.android) application 2.3.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...
6.6AI Score
0.0005EPSS
The Loctouch application 3.4.6 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for system log...
5.9AI Score
0.001EPSS
The Loctouch application 3.4.6 and earlier for Android does not properly handle implicit intents, which allows attackers to obtain sensitive information about logged locations via a crafted...
6AI Score
0.001EPSS
The NHN Japan NAVER LINE application before 2.5.5 for Android does not properly handle implicit intents, which allows remote attackers to obtain sensitive message information via a crafted...
6.3AI Score
0.002EPSS