Shodan
Vulnerabilities
Vulnerable Software
Naver:  Security Vulnerabilities
CVE-2026-1513
billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-01-28
CVE-2026-23768
lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to arbitrary URLs when the ObjectSecurityListener or EmbedSecurityListener option is enabled and embed or object tags are used with a src attribute missing a file extension.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-01-16
CVE-2026-23769
lucy-xss-filter before commit e5826c0 allows an attacker to execute malicious JavaScript due to improper sanitization caused by misconfigured default superset rule files.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-01-16
CVE-2025-49223
billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
CVSS Score
9.8
EPSS Score
0.008
Published
2025-06-04
CVE-2024-28216
nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.
CVSS Score
5.4
EPSS Score
0.003
Published
2024-03-07
CVE-2024-28211
nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker.
CVSS Score
9.8
EPSS Score
0.022
Published
2024-03-07
CVE-2024-28212
nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization.
CVSS Score
9.8
EPSS Score
0.07
Published
2024-03-07
CVE-2024-28213
nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization.
CVSS Score
9.8
EPSS Score
0.081
Published
2024-03-07
CVE-2024-28214
nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker.
CVSS Score
2.7
EPSS Score
0.005
Published
2024-03-07
CVE-2024-28215
nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-03-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved