ByteOS Network

NCSOFT

Source -

CNA

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-9676

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-4.8||MEDIUM

EPSS-Not Assigned

Published-29 Aug, 2025 | 21:02

Updated-29 Aug, 2025 | 21:15

NCSOFT Universe App com.ncsoft.universeapp AndroidManifest.xml improper export of android application components

A vulnerability was identified in NCSOFT Universe App up to 1.3.0. Impacted is an unknown function of the file AndroidManifest.xml of the component com.ncsoft.universeapp. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor-NCSOFT

Product-Universe App

CWE ID-CWE-926

Improper Export of Android Application Components

CVE-2019-12805

Assigner-KrCERT/CC

View Details

Assigner-KrCERT/CC

CVSS Score-8.8||HIGH

EPSS-2.41% / 84.49%

7 Day CHG~0.00%

Published-09 Aug, 2019 | 16:11

Updated-16 Sep, 2024 | 19:05

NC Launcher 2 Arbitrary Command Injection Vulnerability

NCSOFT Game Launcher, NC Launcher2 2.4.1.691 and earlier versions have a vulnerability in the custom protocol handler that could allow remote attacker to execute arbitrary command. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. This can be leveraged for code execution in the context of the current user.

Vendor-ncsoft NCSOFT

Product-nc_launcher2 NC Launcher2

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')