Filtered by vendor Naver
Subscriptions
Filtered by product Ngrinder
Subscriptions
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-28216 | 1 Naver | 1 Ngrinder | 2025-05-07 | 5.4 Medium |
| nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery. | ||||
| CVE-2024-28215 | 1 Naver | 1 Ngrinder | 2025-05-07 | 7.5 High |
| nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery. | ||||
| CVE-2024-28214 | 1 Naver | 1 Ngrinder | 2025-05-07 | 2.7 Low |
| nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker. | ||||
| CVE-2024-28213 | 1 Naver | 1 Ngrinder | 2025-05-07 | 9.8 Critical |
| nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization. | ||||
| CVE-2024-28212 | 1 Naver | 1 Ngrinder | 2025-05-07 | 9.8 Critical |
| nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization. | ||||
| CVE-2024-28211 | 1 Naver | 1 Ngrinder | 2025-05-07 | 9.8 Critical |
| nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker. | ||||
| CVE-2016-5060 | 1 Naver | 1 Ngrinder | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in nGrinder before 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) description, (2) email, or (3) username parameter to user/save. | ||||
Page 1 of 1.