Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-28213 | 1 Naver | 1 Ngrinder | 2025-05-07 | N/A | N/A |
| nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization. | |||||
| CVE-2024-28215 | 1 Naver | 1 Ngrinder | 2025-05-07 | N/A | N/A |
| nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery. | |||||
| CVE-2024-28216 | 1 Naver | 1 Ngrinder | 2025-05-07 | N/A | N/A |
| nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery. | |||||
| CVE-2024-28214 | 1 Naver | 1 Ngrinder | 2025-05-07 | N/A | N/A |
| nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker. | |||||
| CVE-2024-28211 | 1 Naver | 1 Ngrinder | 2025-05-07 | N/A | N/A |
| nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker. | |||||
| CVE-2024-28212 | 1 Naver | 1 Ngrinder | 2025-05-07 | N/A | N/A |
| nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization. | |||||
| CVE-2016-5060 | 1 Naver | 1 Ngrinder | 2016-12-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in nGrinder before 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) description, (2) email, or (3) username parameter to user/save. | |||||