VYPR

Vendor CVEs

Naver

All CVEs

35 total · sorted by risk
  • CVE-2020-9752CriMar 23, 2020
    risk 0.64cvss 9.8epss 0.01

    Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe.

  • CVE-2024-40618CriJul 11, 2024
    risk 0.62cvss 9.6epss 0.00

    Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to improper sanitization when processing a built-in extension.

  • CVE-2020-9753CriMay 20, 2020
    risk 0.59cvss 9.1epss 0.01

    Whale Browser Installer before 1.2.0.5 versions don't support signature verification for Flash installer.

  • CVE-2020-9751CriMar 3, 2020
    risk 0.59cvss 9.1epss 0.00

    Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker's server and execute it during the upgrade.

  • CVE-2021-33591HigMay 28, 2021
    risk 0.57cvss 8.8epss 0.02

    An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

  • CVE-2018-9859HigJun 16, 2018
    risk 0.53cvss 8.1epss 0.01

    The path of Whale update service was unquoted in NAVER Whale before 1.0.40.7. This vulnerability can be used for persistent privilege escalation if it's available to create an executable file with System privilege by other vulnerable applications.

  • CVE-2026-8148HigMay 8, 2026
    risk 0.51cvss 7.8epss 0.00

    NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM via registry manipulation due to improper privilege checks.

  • CVE-2022-24077HigJun 13, 2022
    risk 0.51cvss 7.8epss 0.00

    Naver Cloud Explorer Beta allows the attacker to execute arbitrary code as System privilege via malicious DLL injection.

  • CVE-2018-12449HigOct 11, 2018
    risk 0.51cvss 7.8epss 0.01

    The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking.

  • CVE-2019-13157HigNov 22, 2019
    risk 0.49cvss 7.5epss 0.02

    nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive.

  • CVE-2019-13156HigSep 3, 2019
    risk 0.49cvss 7.5epss 0.01

    NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers to cause a denial of service when reading data from IOCTL handle.

  • CVE-2022-24073HigMar 17, 2022
    risk 0.46cvss 7.1epss 0.01

    The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store.

  • CVE-2022-24075MedMar 17, 2022
    risk 0.42cvss 6.5epss 0.01

    Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files.

  • CVE-2024-50583MedOct 25, 2024
    risk 0.41cvss 6.3epss 0.00

    Whale browser Installer before 3.1.0.0 allows an attacker to execute a malicious DLL in the user environment due to improper permission settings.

  • CVE-2016-5060MedDec 13, 2016
    risk 0.40cvss 6.1epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in nGrinder before 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) description, (2) email, or (3) username parameter to user/save.

  • CVE-2020-9754MedJun 27, 2022
    risk 0.35cvss 5.3epss 0.01

    NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode.

  • CVE-2021-33593MedNov 2, 2021
    risk 0.35cvss 5.3epss 0.01

    Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the address bar which may lead to address bar spoofing.

  • CVE-2018-12448MedAug 2, 2018
    risk 0.35cvss 5.3epss 0.01

    Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain name.

  • CVE-2018-7635MedJul 3, 2018
    risk 0.35cvss 5.3epss 0.01

    Whale Browser before 1.0.41.8 displays no URL information but only a title of a web page on the browser's address bar when visiting a blank page, which allows an attacker to display a malicious web page with a fake domain name.

  • CVE-2022-24071MedJan 28, 2022
    risk 0.28cvss 4.3epss 0.01

    A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs.

  • CVE-2024-28212Mar 7, 2024
    risk 0.01cvss epss 0.01

    nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization.

  • CVE-2026-1513Jan 28, 2026
    risk 0.00cvss epss 0.00

    billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding.

  • CVE-2025-14023Dec 15, 2025
    risk 0.00cvss epss 0.00

    LINE client for iOS prior to 15.19 allows UI spoofing due to inconsistencies between the navigation state and the in-app browser's user interface, which could create confusion about the trust context of displayed pages or interactive elements under specific conditions.

  • CVE-2025-58323Aug 29, 2025
    risk 0.00cvss epss 0.00

    NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by executing arbitrary files due to improper privilege checks.

  • CVE-2025-58322Aug 28, 2025
    risk 0.00cvss epss 0.00

    NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by invoking arbitrary DLLs due to improper privilege checks.

  • CVE-2025-49223Jun 4, 2025
    risk 0.00cvss epss 0.01

    billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

  • CVE-2024-28216Mar 7, 2024
    risk 0.00cvss epss 0.00

    nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.

  • CVE-2024-28215Mar 7, 2024
    risk 0.00cvss epss 0.01

    nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.

  • CVE-2024-28214Mar 7, 2024
    risk 0.00cvss epss 0.01

    nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker.

  • CVE-2024-28213Mar 7, 2024
    risk 0.00cvss epss 0.01

    nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization.

  • CVE-2024-28211Mar 7, 2024
    risk 0.00cvss epss 0.01

    nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker.

  • CVE-2014-6980Oct 16, 2014
    risk 0.00cvss epss 0.00

    The LINE PLAY (aka jp.naver.lineplay.android) application 2.3.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

  • CVE-2012-5183Dec 26, 2012
    risk 0.00cvss epss 0.01

    The Loctouch application 3.4.6 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for system log files.

  • CVE-2012-5182Dec 26, 2012
    risk 0.00cvss epss 0.01

    The Loctouch application 3.4.6 and earlier for Android does not properly handle implicit intents, which allows attackers to obtain sensitive information about logged locations via a crafted application.

  • CVE-2012-4005Aug 7, 2012
    risk 0.00cvss epss 0.01

    The NHN Japan NAVER LINE application before 2.5.5 for Android does not properly handle implicit intents, which allows remote attackers to obtain sensitive message information via a crafted application.