Naver

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-1513 1Naver 1Billboard.js Feb 2, 2026 Jan 28, 2026 N/A· v4 6.1 MEDIUM· v3 N/A· v2 billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding.
CVE-2026-23769 1Naver 1Lucy Xss Filter Jan 23, 2026 Jan 16, 2026 N/A· v4 6.1 MEDIUM· v3 N/A· v2 lucy-xss-filter before commit e5826c0 allows an attacker to execute malicious JavaScript due to improper sanitization caused by misconfigured default superset rule files.
CVE-2026-23768 1Naver 1Lucy Xss Filter Jan 23, 2026 Jan 16, 2026 N/A· v4 6.1 MEDIUM· v3 N/A· v2 lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to arbitrary URLs when the ObjectSecurityListener or EmbedSecurityListener option is enabled and embed or object tags are used...Show more lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to arbitrary URLs when the ObjectSecurityListener or EmbedSecurityListener option is enabled and embed or object tags are used with a src attribute missing a file extension.Show less
CVE-2025-49223 1Naver 1Billboard.js Jun 6, 2025 Jun 4, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary prope...Show more billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.Show less
CVE-2024-28216 1Naver 1Ngrinder May 7, 2025 Mar 7, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.
CVE-2024-28215 1Naver 1Ngrinder May 7, 2025 Mar 7, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.
CVE-2024-28214 1Naver 1Ngrinder May 7, 2025 Mar 7, 2024 N/A· v4 2.7 LOW· v3 N/A· v2 nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker.
CVE-2024-28213 1Naver 1Ngrinder May 7, 2025 Mar 7, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization.
CVE-2024-28212 1Naver 1Ngrinder May 7, 2025 Mar 7, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization.
CVE-2024-28211 1Naver 1Ngrinder May 7, 2025 Mar 7, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker.
CVE-2023-25632 1Naver 1Whale Browser Nov 21, 2024 Nov 27, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser unlock function via 'Open in Whale' feature.
CVE-2022-24077 1Naver 1Cloud Explorer Nov 21, 2024 Jun 13, 2022 N/A· v4 7.8 HIGH· v3 6.9 MEDIUM· v2 Naver Cloud Explorer Beta allows the attacker to execute arbitrary code as System privilege via malicious DLL injection.
CVE-2021-33592 1Naver 1Toolbar Nov 21, 2024 Jul 19, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arbitrary code via a crafted upgrade.xml file. Special characters in filename parameter can be the cause of bypassing code signing check function.
CVE-2021-33591 1Naver 1Comic Viewer Nov 21, 2024 May 28, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
CVE-2020-9753 1Naver 1Whale Browser Installer Nov 21, 2024 May 20, 2020 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 Whale Browser Installer before 1.2.0.5 versions don't support signature verification for Flash installer.
CVE-2020-9752 1Naver 1Cloud Explorer Nov 21, 2024 Mar 23, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe.
CVE-2020-9751 1Naver 1Cloud Explorer Nov 21, 2024 Mar 3, 2020 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker's server and execute it during the upgrade.
CVE-2019-13157 1Naver 1Vaccine Nov 21, 2024 Nov 22, 2019 N/A· v4 7.5 HIGH· v3 6.4 MEDIUM· v2 nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive.
CVE-2019-13156 1Naver 1Cloud Explorer Nov 21, 2024 Sep 3, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers to cause a denial of service when reading data from IOCTL handle.
CVE-2016-5060 1Naver 1Ngrinder May 6, 2026 Dec 13, 2016 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in nGrinder before 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) description, (2) email, or (3) username parameter to user/save.

12 Next