Affected Products

Vendor / product matrix with CVE counts sourced from the CPE catalog.

Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
naver
815034.3%CRITICAL

Related CVEs

15
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2026-1513billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding.MEDIUM6.15.3%Jan 28, 2026
CVE-2026-23769lucy-xss-filter before commit e5826c0 allows an attacker to execute malicious JavaScript due to improper sanitization caused by misconfigured default superset rule files.MEDIUM6.19.7%Jan 16, 2026
CVE-2026-23768lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to arbitrary URLs when the ObjectSecurityListener or EmbedSecurityListener option is enabled and embed or object tags are used with a src attribute missing a file extension.MEDIUM6.112.0%Jan 16, 2026
CVE-2025-49223billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.CRITICAL9.849.4%Jun 4, 2025
CVE-2024-28216nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.MEDIUM5.425.1%Mar 7, 2024
CVE-2024-28215nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.HIGH7.541.7%Mar 7, 2024
CVE-2024-28214nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker.LOW2.744.5%Mar 7, 2024
CVE-2024-28213nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization.CRITICAL9.864.3%Mar 7, 2024
CVE-2024-28212nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization.CRITICAL9.859.3%Mar 7, 2024
CVE-2024-28211nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker.CRITICAL9.851.9%Mar 7, 2024
CVE-2023-25632The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser unlock function via 'Open in Whale' feature.MEDIUM5.513.9%Nov 27, 2023
CVE-2022-24077Naver Cloud Explorer Beta allows the attacker to execute arbitrary code as System privilege via malicious DLL injection.HIGH7.8Jun 13, 2022
CVE-2021-33592NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arbitrary code via a crafted upgrade.xml file. Special characters in filename parameter can be the cause of bypassing code signing check function.CRITICAL9.8Jul 19, 2021
CVE-2021-33591An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HTML page.HIGH8.8May 28, 2021
CVE-2020-9753Whale Browser Installer before 1.2.0.5 versions don't support signature verification for Flash installer.CRITICAL9.1May 20, 2020