Approved changes feed: RSS · Atom
cpe:2.3:a:naver:ngrinder:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Naver (2e3d4894-d5bf-53f1-9aff-80b030ad77c4) |
|---|---|
| Product | Ngrinder (9e0a694b-4be5-5998-9fb0-01657411504e) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/naver/ngrinder |
purl2cpe | 2026-06-01 10:16:14.671784 |
pkg:sourceforge/ngrinder |
purl2cpe | 2026-06-01 10:16:14.671788 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-28216 |
not_vulnerable | 2026-06-03 14:55:25.323916 |
Details available
nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.
Published: 2024-03-07T04:50:15.338Z
Updated: 2024-09-06T04:17:45.466Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-28216 |
vulnerable | 2026-06-03 14:55:25.323886 |
Details available
nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.
Published: 2024-03-07T04:50:15.338Z
Updated: 2024-09-06T04:17:45.466Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-28215 |
not_vulnerable | 2026-06-03 14:55:25.323596 |
Details available
nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.
Published: 2024-03-07T04:50:08.422Z
Updated: 2024-09-06T04:15:12.049Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-28215 |
vulnerable | 2026-06-03 14:55:25.323565 |
Details available
nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.
Published: 2024-03-07T04:50:08.422Z
Updated: 2024-09-06T04:15:12.049Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-28214 |
vulnerable | 2026-06-03 14:55:25.323263 |
Details available
nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker.
Published: 2024-03-07T04:49:57.531Z
Updated: 2024-11-08T17:07:55.690Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-28214 |
not_vulnerable | 2026-06-03 14:55:25.323108 |
Details available
nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker.
Published: 2024-03-07T04:49:57.531Z
Updated: 2024-11-08T17:07:55.690Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-28213 |
not_vulnerable | 2026-06-03 14:55:25.322815 |
Details available
nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization.
Published: 2024-03-07T04:49:47.237Z
Updated: 2024-08-22T20:01:34.318Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-28213 |
vulnerable | 2026-06-03 14:55:25.322776 |
Details available
nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization.
Published: 2024-03-07T04:49:47.237Z
Updated: 2024-08-22T20:01:34.318Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-28212 |
not_vulnerable | 2026-06-03 14:55:25.322457 |
Details available
nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization.
Published: 2024-03-07T04:49:37.921Z
Updated: 2024-08-12T19:41:41.104Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-28212 |
vulnerable | 2026-06-03 14:55:25.322420 |
Details available
nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization.
Published: 2024-03-07T04:49:37.921Z
Updated: 2024-08-12T19:41:41.104Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-28211 |
not_vulnerable | 2026-06-03 14:55:25.322035 |
Details available
nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker.
Published: 2024-03-07T04:49:21.951Z
Updated: 2024-08-05T20:05:34.960Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-28211 |
vulnerable | 2026-06-03 14:55:25.321983 |
Details available
nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker.
Published: 2024-03-07T04:49:21.951Z
Updated: 2024-08-05T20:05:34.960Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-5060 |
vulnerable | 2026-06-03 14:35:54.362100 |
Details available
Multiple cross-site scripting (XSS) vulnerabilities in nGrinder before 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) description, (2) email, or (3) username parameter to user/save.
Published: 2016-12-13T22:00:00.000Z
Updated: 2024-08-06T00:46:40.273Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.