Every CVE whose affected-product data names Naver Ngrinder, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2024-28213 — CVSS 9.8 (critical): nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute…
CVE-2024-28211 — CVSS 9.8 (critical): nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via…
CVE-2024-28212 — CVSS 9.8 (critical): nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization.
CVE-2024-28215 — CVSS 7.5 (high): nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause…
CVE-2016-5060 — CVSS 6.1 (medium): Multiple cross-site scripting (XSS) vulnerabilities in nGrinder before 3.4 allow remote attackers to inject arbitrary web script or HTML…
CVE-2024-28216 — CVSS 5.4 (medium): nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause…
CVE-2024-28214 — CVSS 2.7 (low): nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker.