Filtered by vendor Naver
Subscriptions
Total
25 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53600 | 1 Naver | 1 Whale Browser | 2025-07-13 | 7.5 High |
| Whale browser before 4.32.315.22 allow an attacker to bypass the Same-Origin Policy in a dual-tab environment. | ||||
| CVE-2024-50583 | 1 Naver | 1 Whale Browser Installer | 2025-07-13 | 6.3 Medium |
| Whale browser Installer before 3.1.0.0 allows an attacker to execute a malicious DLL in the user environment due to improper permission settings. | ||||
| CVE-2025-53599 | 1 Naver | 1 Whale Browser | 2025-07-12 | 9.8 Critical |
| Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted javascript scheme. | ||||
| CVE-2025-49223 | 1 Naver | 1 Billboard.js | 2025-06-06 | 9.8 Critical |
| billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||||
| CVE-2024-28216 | 1 Naver | 1 Ngrinder | 2025-05-07 | 5.4 Medium |
| nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery. | ||||
| CVE-2024-28215 | 1 Naver | 1 Ngrinder | 2025-05-07 | 7.5 High |
| nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery. | ||||
| CVE-2024-28214 | 1 Naver | 1 Ngrinder | 2025-05-07 | 2.7 Low |
| nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker. | ||||
| CVE-2024-28213 | 1 Naver | 1 Ngrinder | 2025-05-07 | 9.8 Critical |
| nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization. | ||||
| CVE-2024-28212 | 1 Naver | 1 Ngrinder | 2025-05-07 | 9.8 Critical |
| nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization. | ||||
| CVE-2024-28211 | 1 Naver | 1 Ngrinder | 2025-05-07 | 9.8 Critical |
| nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker. | ||||
| CVE-2016-5060 | 1 Naver | 1 Ngrinder | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in nGrinder before 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) description, (2) email, or (3) username parameter to user/save. | ||||
| CVE-2014-6980 | 1 Naver | 1 Line Play | 2025-04-12 | N/A |
| The LINE PLAY (aka jp.naver.lineplay.android) application 2.3.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2012-5182 | 1 Naver | 1 Loctouch | 2025-04-11 | N/A |
| The Loctouch application 3.4.6 and earlier for Android does not properly handle implicit intents, which allows attackers to obtain sensitive information about logged locations via a crafted application. | ||||
| CVE-2012-5183 | 1 Naver | 1 Loctouch | 2025-04-11 | N/A |
| The Loctouch application 3.4.6 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for system log files. | ||||
| CVE-2012-4005 | 1 Naver | 1 Nhn Japan Naver Line | 2025-04-11 | N/A |
| The NHN Japan NAVER LINE application before 2.5.5 for Android does not properly handle implicit intents, which allows remote attackers to obtain sensitive message information via a crafted application. | ||||
| CVE-2024-40618 | 1 Naver | 1 Whale Browser | 2024-11-21 | 9.6 Critical |
| Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to improper sanitization when processing a built-in extension. | ||||
| CVE-2023-25632 | 1 Naver | 1 Whale Browser | 2024-11-21 | 5.5 Medium |
| The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser unlock function via 'Open in Whale' feature. | ||||
| CVE-2022-24077 | 1 Naver | 1 Cloud Explorer | 2024-11-21 | 7.8 High |
| Naver Cloud Explorer Beta allows the attacker to execute arbitrary code as System privilege via malicious DLL injection. | ||||
| CVE-2021-33592 | 1 Naver | 1 Toolbar | 2024-11-21 | 9.8 Critical |
| NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arbitrary code via a crafted upgrade.xml file. Special characters in filename parameter can be the cause of bypassing code signing check function. | ||||
| CVE-2021-33591 | 1 Naver | 1 Comic Viewer | 2024-11-21 | 8.8 High |
| An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HTML page. | ||||