CVEFinder.io

CVE-2014-6394

âš ī¸ high
🔍 Scan for this CVE
Summary

visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory.

CVSS Score
7.5
High
EPSS Score
4.3
Exploit Probability
Published Date
2014-10-08
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 68.9% of all 335,187 vulnerabilities in our database.

#104,397
Above average severity
Severity Percentile
Last Modified 2026-06-17
CWE IDs (Weakness Types)

đŸ“Ļ Affected Products 8

🔗 References 15

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-54230 âš ī¸ high 7.0 0.1 A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts wr... 2026-06-13
CVE-2026-54231 đŸ”ļ medium 5.5 0.1 A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script... 2026-06-13
CVE-2026-35093 âš ī¸ high 8.8 0.2 A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or ... 2026-04-01
CVE-2026-35094 â„šī¸ low 3.3 0.0 A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can expl... 2026-04-01
CVE-2026-28889 đŸ”ļ medium 6.2 0.0 A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 26.4. An app may be able to... 2026-03-25
CVE-2026-28890 đŸ”ļ medium 5.5 0.0 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 26.4. An app may be able... 2026-03-25
These CVEs affect the same products