NaverCVEs & Vulnerabilities

21 CVEs affecting Naver products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

ngrinder 7cloud explorer 4loctouch 2nhn japan naver line 1toolbar 1vaccine 1whale browser 1billboard.js 1
CVE-2025-49223CRITICAL

billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

4 Jun 2025
9.8
CVSS
CVE-2024-28216MEDIUM

nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.

7 Mar 2024
5.4
CVSS
CVE-2024-28215HIGH

nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.

7 Mar 2024
7.5
CVSS
CVE-2024-28214LOW

nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker.

7 Mar 2024
2.7
CVSS
CVE-2024-28213CRITICAL

nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization.

7 Mar 2024
9.8
CVSS
CVE-2024-28212CRITICAL

nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization.

7 Mar 2024
9.8
CVSS
CVE-2024-28211CRITICAL

nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker.

7 Mar 2024
9.8
CVSS
CVE-2023-25632MEDIUM

The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser unlock function via 'Open in Whale' feature.

27 Nov 2023
5.5
CVSS
CVE-2022-24077HIGH

Naver Cloud Explorer Beta allows the attacker to execute arbitrary code as System privilege via malicious DLL injection.

13 Jun 2022
7.8
CVSS
CVE-2021-33592CRITICAL

NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arbitrary code via a crafted upgrade.xml file. Special characters in filename parameter can be the cause of bypassing code signing check function.

19 Jul 2021
9.8
CVSS
CVE-2021-33591HIGH

An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

28 May 2021
8.8
CVSS
CVE-2020-9753CRITICAL

Whale Browser Installer before 1.2.0.5 versions don't support signature verification for Flash installer.

20 May 2020
9.1
CVSS
CVE-2020-9752CRITICAL

Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe.

23 Mar 2020
9.8
CVSS
CVE-2020-9751CRITICAL

Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker's server and execute it during the upgrade.

3 Mar 2020
9.1
CVSS
CVE-2019-13157HIGH

nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive.

22 Nov 2019
7.5
CVSS
CVE-2019-13156HIGH

NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers to cause a denial of service when reading data from IOCTL handle.

3 Sep 2019
7.5
CVSS
CVE-2016-5060MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in nGrinder before 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) description, (2) email, or (3) username parameter to user/save.

14 Dec 2016
6.1
CVSS
CVE-2014-6980MEDIUM

The LINE PLAY (aka jp.naver.lineplay.android) application 2.3.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

16 Oct 2014
5.4
CVSS
CVE-2012-5183LOW

The Loctouch application 3.4.6 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for system log files.

26 Dec 2012
2.6
CVSS
CVE-2012-5182MEDIUM

The Loctouch application 3.4.6 and earlier for Android does not properly handle implicit intents, which allows attackers to obtain sensitive information about logged locations via a crafted application.

26 Dec 2012
4.3
CVSS
CVE-2012-4005MEDIUM

The NHN Japan NAVER LINE application before 2.5.5 for Android does not properly handle implicit intents, which allows remote attackers to obtain sensitive message information via a crafted application.

7 Aug 2012
5.0
CVSS
← PrevPage 1 / 1Next →