Skip to main content
CVE-2014-1449 MEDIUM POC This Month

The Maxthon Cloud Browser application before 4.1.6.2000 for Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses the history API. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Maxthon Cloud Browser
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-7193 MEDIUM PATCH This Month

The Crumb plugin before 3.0.0 for Node.js does not properly restrict token access in situations where a hapi route handler has CORS enabled, which allows remote attackers to obtain sensitive. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Node.js Authentication Bypass Hapi Crumb
NVD GitHub
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-3971 MEDIUM This Month

The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service MongoDB
NVD GitHub
CVSS 2.0
5.0
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy