naver 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk file inclusion and バッファオーバーフロー などに関し、一部は vendor impact memory corruption を招き、vendor surface production workloads and vendor surface software deployment 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-1513 | billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding. | [email protected] | 6.1 | 0.06% | 2026-01-28 | 2026-02-02 |
| CVE-2026-23769 | lucy-xss-filter before commit e5826c0 allows an attacker to execute malicious JavaScript due to improper sanitization caused by misconfigured default superset rule files. | [email protected] | 6.1 | 0.03% | 2026-01-16 | 2026-01-23 |
| CVE-2026-23768 | lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to arbitrary URLs when the ObjectSecurityListener or EmbedSecurityListener option is enabled and embed or object tags are used with a src attribute missing a file extension. | [email protected] | 6.1 | 0.02% | 2026-01-16 | 2026-01-23 |
| CVE-2025-49223 | billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | [email protected] | 9.8 | 0.83% | 2025-06-04 | 2025-06-06 |
| CVE-2024-28216 | nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery. | [email protected] | 5.4 | 0.26% | 2024-03-07 | 2025-05-07 |
| CVE-2024-28215 | nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery. | [email protected] | 7.5 | 0.33% | 2024-03-07 | 2025-05-07 |
| CVE-2024-28214 | nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker. | [email protected] | 2.7 | 0.46% | 2024-03-07 | 2025-05-07 |
| CVE-2024-28213 | nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization. | [email protected] | 9.8 | 8.12% | 2024-03-07 | 2025-05-07 |
| CVE-2024-28212 | nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization. | [email protected] | 9.8 | 7.04% | 2024-03-07 | 2025-05-07 |
| CVE-2024-28211 | nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker. | [email protected] | 9.8 | 2.18% | 2024-03-07 | 2025-05-07 |
| CVE-2023-25632 | The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser unlock function via 'Open in Whale' feature. | [email protected] | 5.5 | 0.01% | 2023-11-27 | 2024-11-21 |
| CVE-2022-24077 | Naver Cloud Explorer Beta allows the attacker to execute arbitrary code as System privilege via malicious DLL injection. | [email protected] | 7.8 | 0.04% | 2022-06-13 | 2024-11-21 |
| CVE-2021-33592 | NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arbitrary code via a crafted upgrade.xml file. Special characters in filename parameter can be the cause of bypassing code signing check function. | [email protected] | 9.8 | 1.04% | 2021-07-19 | 2024-11-21 |
| CVE-2021-33591 | An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HTML page. | [email protected] | 8.8 | 0.86% | 2021-05-28 | 2024-11-21 |
| CVE-2020-9753 | Whale Browser Installer before 1.2.0.5 versions don't support signature verification for Flash installer. | [email protected] | 9.1 | 0.17% | 2020-05-20 | 2024-11-21 |
| CVE-2020-9752 | Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe. | [email protected] | 9.8 | 0.50% | 2020-03-23 | 2024-11-21 |
| CVE-2020-9751 | Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker's server and execute it during the upgrade. | [email protected] | 9.1 | 0.15% | 2020-03-03 | 2024-11-21 |
| CVE-2019-13157 | nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive. | [email protected] | 7.5 | 0.43% | 2019-11-22 | 2024-11-21 |
| CVE-2019-13156 | NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers to cause a denial of service when reading data from IOCTL handle. | [email protected] | 7.5 | 0.39% | 2019-09-03 | 2024-11-21 |
| CVE-2016-5060 | Multiple cross-site scripting (XSS) vulnerabilities in nGrinder before 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) description, (2) email, or (3) username parameter to user/save. | [email protected] | 6.1 | 0.51% | 2016-12-13 | 2026-05-06 |