Ngrinder

ngrinder

Vendor: Naver • 7 CVEs

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-28216 1Naver 1Ngrinder May 7, 2025 Mar 7, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.
CVE-2024-28215 1Naver 1Ngrinder May 7, 2025 Mar 7, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.
CVE-2024-28214 1Naver 1Ngrinder May 7, 2025 Mar 7, 2024 N/A· v4 2.7 LOW· v3 N/A· v2 nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker.
CVE-2024-28213 1Naver 1Ngrinder May 7, 2025 Mar 7, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization.
CVE-2024-28212 1Naver 1Ngrinder May 7, 2025 Mar 7, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization.
CVE-2024-28211 1Naver 1Ngrinder May 7, 2025 Mar 7, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker.
CVE-2016-5060 1Naver 1Ngrinder May 6, 2026 Dec 13, 2016 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in nGrinder before 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) description, (2) email, or (3) username parameter to user/save.