Vulnerabilities (CVE)

  1. Yack CVE
  2. Vulnerabilities (CVE)
Filtered by vendor Naver
Angry Yack Logo
Total 24 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2026-1513 1 Naver 1 Billboard.js 2026-02-02 N/A 6.1 MEDIUM
billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding.
CVE-2026-23768 1 Naver 1 Lucy-xss-filter 2026-01-23 N/A 6.1 MEDIUM
lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to arbitrary URLs when the ObjectSecurityListener or EmbedSecurityListener option is enabled and embed or object tags are used with a src attribute missing a file extension.
CVE-2026-23769 1 Naver 1 Lucy-xss-filter 2026-01-23 N/A 6.1 MEDIUM
lucy-xss-filter before commit e5826c0 allows an attacker to execute malicious JavaScript due to improper sanitization caused by misconfigured default superset rule files.
CVE-2025-49223 1 Naver 1 Billboard.js 2025-06-06 N/A 9.8 CRITICAL
billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
CVE-2024-28216 1 Naver 1 Ngrinder 2025-05-07 N/A 5.4 MEDIUM
nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.
CVE-2024-28215 1 Naver 1 Ngrinder 2025-05-07 N/A 7.5 HIGH
nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.
CVE-2024-28214 1 Naver 1 Ngrinder 2025-05-07 N/A 2.7 LOW
nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker.
CVE-2024-28213 1 Naver 1 Ngrinder 2025-05-07 N/A 9.8 CRITICAL
nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization.
CVE-2024-28212 1 Naver 1 Ngrinder 2025-05-07 N/A 9.8 CRITICAL
nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization.
CVE-2024-28211 1 Naver 1 Ngrinder 2025-05-07 N/A 9.8 CRITICAL
nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker.
CVE-2016-5060 1 Naver 1 Ngrinder 2025-04-12 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in nGrinder before 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) description, (2) email, or (3) username parameter to user/save.
CVE-2014-6980 1 Naver 1 Line Play 2025-04-12 5.4 MEDIUM N/A
The LINE PLAY (aka jp.naver.lineplay.android) application 2.3.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2012-5183 1 Naver 1 Loctouch 2025-04-11 2.6 LOW N/A
The Loctouch application 3.4.6 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for system log files.
CVE-2012-5182 1 Naver 1 Loctouch 2025-04-11 4.3 MEDIUM N/A
The Loctouch application 3.4.6 and earlier for Android does not properly handle implicit intents, which allows attackers to obtain sensitive information about logged locations via a crafted application.
CVE-2012-4005 1 Naver 1 Nhn Japan Naver Line 2025-04-11 5.0 MEDIUM N/A
The NHN Japan NAVER LINE application before 2.5.5 for Android does not properly handle implicit intents, which allows remote attackers to obtain sensitive message information via a crafted application.
CVE-2023-25632 1 Naver 1 Whale Browser 2024-11-21 N/A 5.5 MEDIUM
The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser unlock function via 'Open in Whale' feature.
CVE-2022-24077 1 Naver 1 Cloud Explorer 2024-11-21 6.9 MEDIUM 7.8 HIGH
Naver Cloud Explorer Beta allows the attacker to execute arbitrary code as System privilege via malicious DLL injection.
CVE-2021-33592 1 Naver 1 Toolbar 2024-11-21 7.5 HIGH 9.8 CRITICAL
NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arbitrary code via a crafted upgrade.xml file. Special characters in filename parameter can be the cause of bypassing code signing check function.
CVE-2021-33591 1 Naver 1 Comic Viewer 2024-11-21 6.8 MEDIUM 8.8 HIGH
An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
CVE-2020-9753 1 Naver 1 Whale Browser Installer 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
Whale Browser Installer before 1.2.0.5 versions don't support signature verification for Flash installer.
CVE-2020-9752 1 Naver 1 Cloud Explorer 2024-11-21 7.5 HIGH 9.8 CRITICAL
Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe.
CVE-2020-9751 1 Naver 1 Cloud Explorer 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker's server and execute it during the upgrade.
CVE-2019-13157 1 Naver 1 Vaccine 2024-11-21 6.4 MEDIUM 7.5 HIGH
nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive.
CVE-2019-13156 1 Naver 1 Cloud Explorer 2024-11-21 5.0 MEDIUM 7.5 HIGH
NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers to cause a denial of service when reading data from IOCTL handle.