Skip to main content

Whale

11 CVEs product

Monthly

CVE-2025-53600 HIGH This Week

Whale browser before 4.32.315.22 allow an attacker to bypass the Same-Origin Policy in a dual-tab environment.

Authentication Bypass Whale
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-53599 CRITICAL Act Now

Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted javascript scheme.

XSS Apple Whale iOS
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2022-24075 MEDIUM This Month

Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Whale
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-24074 CRITICAL Act Now

Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Whale
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-24073 HIGH This Week

The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Whale
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2022-24072 MEDIUM This Month

The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Whale
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-33593 MEDIUM This Month

Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the address bar which may lead to address bar spoofing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Whale
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2018-12449 HIGH This Week

The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Whale
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2018-12448 MEDIUM This Month

Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker to display a malicious. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Whale
NVD
CVSS 3.0
5.3
EPSS
0.8%
CVE-2018-7635 MEDIUM This Month

Whale Browser before 1.0.41.8 displays no URL information but only a title of a web page on the browser's address bar when visiting a blank page, which allows an attacker to display a malicious web. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Whale
NVD
CVSS 3.0
5.3
EPSS
0.8%
CVE-2018-9859 HIGH This Week

The path of Whale update service was unquoted in NAVER Whale before 1.0.40.7. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Whale
NVD
CVSS 3.0
8.1
EPSS
0.9%
EPSS 0% CVSS 7.5
HIGH This Week

Whale browser before 4.32.315.22 allow an attacker to bypass the Same-Origin Policy in a dual-tab environment.

Authentication Bypass Whale
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted javascript scheme.

XSS Apple Whale +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Whale
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Whale
NVD
EPSS 1% CVSS 7.1
HIGH This Week

The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Whale
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Whale
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the address bar which may lead to address bar spoofing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Whale
NVD
EPSS 1% CVSS 7.8
HIGH This Week

The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Whale
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker to display a malicious. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Whale
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Whale Browser before 1.0.41.8 displays no URL information but only a title of a web page on the browser's address bar when visiting a blank page, which allows an attacker to display a malicious web. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Whale
NVD
EPSS 1% CVSS 8.1
HIGH This Week

The path of Whale update service was unquoted in NAVER Whale before 1.0.40.7. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Whale
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy