Vulnerabilities > Direct Request ('Forced Browsing')

DATE	CVE	VULNERABILITY TITLE	RISK
2024-11-10	CVE-2024-11049	Forced Browsing vulnerability in Zkteco Zkbio Time 9.0.1 A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. network high complexity zkteco CWE-425	3.7
2024-09-04	CVE-2024-45195	Forced Browsing vulnerability in Apache Ofbiz Direct Request ('Forced Browsing') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue. network low complexity apache CWE-425	7.5
2024-08-14	CVE-2024-7753	Forced Browsing vulnerability in Oretnom23 Clinic'S Patient Management System 1.0 A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. network low complexity oretnom23 CWE-425	7.5
2024-08-12	CVE-2024-42001	Forced Browsing vulnerability in Vonets products An improper authentication vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior enables an unauthenticated remote attacker to bypass authentication via a specially crafted direct request when another user has an active session. network low complexity vonets CWE-425 critical	9.8
2024-08-06	CVE-2024-33897	Forced Browsing vulnerability in Hms-Networks Ewon Cosy+ Firmware A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue. network low complexity hms-networks CWE-425 critical	9.1
2024-07-09	CVE-2024-39867	Forced Browsing vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). network low complexity siemens CWE-425	7.3
2024-07-09	CVE-2024-39868	Forced Browsing vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). network low complexity siemens CWE-425	7.3
2024-01-22	CVE-2024-0204	Forced Browsing vulnerability in Fortra Goanywhere Managed File Transfer Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal. network low complexity fortra CWE-425 critical	9.8
2023-10-26	CVE-2023-5786	Forced Browsing vulnerability in Geoserver Geowebcache A vulnerability was found in GeoServer GeoWebCache up to 1.15.1. network low complexity geoserver CWE-425	8.8
2023-10-23	CVE-2023-5702	Forced Browsing vulnerability in Viessmann Vitogate 300 Firmware 2.1.3.0 A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and classified as problematic. low complexity viessmann CWE-425	6.5