CVE-2024-28216
- EPSS 0.26%
- Veröffentlicht 07.03.2024 05:15:55
- Zuletzt bearbeitet 07.05.2025 15:30:48
nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.
CVE-2024-28211
- EPSS 2.18%
- Veröffentlicht 07.03.2024 05:15:54
- Zuletzt bearbeitet 07.05.2025 15:29:35
nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker.
CVE-2024-28212
- EPSS 7.05%
- Veröffentlicht 07.03.2024 05:15:54
- Zuletzt bearbeitet 07.05.2025 15:29:59
nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization.
CVE-2024-28213
- EPSS 7.05%
- Veröffentlicht 07.03.2024 05:15:54
- Zuletzt bearbeitet 07.05.2025 15:30:21
nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization.
CVE-2024-28214
- EPSS 0.46%
- Veröffentlicht 07.03.2024 05:15:54
- Zuletzt bearbeitet 07.05.2025 15:30:32
nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker.
CVE-2024-28215
- EPSS 0.33%
- Veröffentlicht 07.03.2024 05:15:54
- Zuletzt bearbeitet 07.05.2025 15:30:40
nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.
CVE-2016-5060
- EPSS 0.51%
- Veröffentlicht 13.12.2016 22:59:02
- Zuletzt bearbeitet 12.04.2025 10:46:40
Multiple cross-site scripting (XSS) vulnerabilities in nGrinder before 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) description, (2) email, or (3) username parameter to user/save.