Vulnerabilities in NAVER

33 results

CVE-2021-33592—NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arbitrary code via a crafted upgrade.xml file. Special characters in fileEPSS 2.1%CVE-2021-33591—An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HEPSS 1.6%CVE-2024-28213CRITICALnGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbiEPSS 1.2%CVE-2024-28212CRITICALnGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization.EPSS 1.0%CVE-2022-24074—Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itEPSS 1.0%CVE-2022-24075—Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP fiEPSS 0.8%CVE-2024-28211CRITICALnGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMIEPSS 0.8%CVE-2025-49223CRITICALbillboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to executeEPSS 0.7%CVE-2021-33593—Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the address bar which may EPSS 0.7%CVE-2020-9754—NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode.EPSS 0.7%CVE-2022-24071—A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controllinEPSS 0.7%CVE-2024-28214LOWnGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker.EPSS 0.6%CVE-2022-24072—The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store weEPSS 0.6%CVE-2022-24073—The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users acceEPSS 0.6%CVE-2024-28215HIGHnGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause oEPSS 0.5%CVE-2025-62583CRITICALWhale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment.EPSS 0.5%CVE-2025-53599CRITICALWhale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted javascript scheme.EPSS 0.4%CVE-2024-40618CRITICALWhale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to improper sanitization when processing a built-in EPSS 0.4%CVE-2025-62585HIGHWhale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific scheme in a dual-tab environment.EPSS 0.3%CVE-2024-28216MEDIUMnGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause oEPSS 0.3%

← previouspage 1 / 2next →