Skip to main content
CVE-2014-2217 HIGH POC This Week

Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal RCE Telerik Ui For Asp Net Ajax
NVD
CVSS 2.0
7.5
EPSS
1.8%
CVE-2014-1449 MEDIUM POC This Month

The Maxthon Cloud Browser application before 4.1.6.2000 for Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses the history API. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Maxthon Cloud Browser
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-7300 HIGH PATCH This Week

GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Information Disclosure Linux Gnome Shell Enterprise Linux Desktop Enterprise Linux Hpc Node +2
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2014-7193 MEDIUM PATCH This Month

The Crumb plugin before 3.0.0 for Node.js does not properly restrict token access in situations where a hapi route handler has CORS enabled, which allows remote attackers to obtain sensitive. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Node.js Authentication Bypass Hapi Crumb
NVD GitHub
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-3971 MEDIUM This Month

The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service MongoDB
NVD GitHub
CVSS 2.0
5.0
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy