Vulnerabilities > Direct Request ('Forced Browsing')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-04 | CVE-2024-45195 | Forced Browsing vulnerability in Apache Ofbiz Direct Request ('Forced Browsing') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue. | 7.5 |
| 2024-08-14 | CVE-2024-7753 | Forced Browsing vulnerability in Oretnom23 Clinic'S Patient Management System 1.0 A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. | 7.5 |
| 2024-08-12 | CVE-2024-42001 | Forced Browsing vulnerability in Vonets products An improper authentication vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior enables an unauthenticated remote attacker to bypass authentication via a specially crafted direct request when another user has an active session. | 9.8 |
| 2024-08-06 | CVE-2024-33897 | Forced Browsing vulnerability in Hms-Networks Ewon Cosy+ Firmware A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue. | 9.1 |
| 2024-07-09 | CVE-2024-39867 | Forced Browsing vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). | 7.3 |
| 2024-07-09 | CVE-2024-39868 | Forced Browsing vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). | 7.3 |
| 2024-02-14 | CVE-2023-46186 | Forced Browsing vulnerability in IBM Jazz for Service Management 1.1.3.20 IBM Jazz for Service Management 1.1.3.20 could allow an unauthorized user to obtain sensitive file information using forced browsing due to improper access controls. | 7.5 |
| 2024-02-02 | CVE-2023-50935 | Forced Browsing vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may allow a remote attacker to obtain unauthorized access to application functionality and/or resources. | 6.5 |
| 2024-01-22 | CVE-2024-0204 | Forced Browsing vulnerability in Fortra Goanywhere Managed File Transfer Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal. | 9.8 |
| 2023-11-14 | CVE-2023-44320 | Forced Browsing vulnerability in Siemens products A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V7.2.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V7.2.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V7.2.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V7.2.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V7.2.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V7.2.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V7.2.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V7.2.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V7.2.2). | 4.3 |