Vulnerabilities > Direct Request ('Forced Browsing')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-21 | CVE-2019-16340 | Forced Browsing vulnerability in Linksys products Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfo_json.cgi URI. | 9.8 |
| 2019-10-28 | CVE-2019-14927 | Forced Browsing vulnerability in multiple products An issue was discovered on Mitsubishi Electric Europe B.V. | 7.5 |
| 2019-10-11 | CVE-2019-17503 | Forced Browsing vulnerability in Kirona Dynamic Resource Scheduling 5.5.3.5 An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. | 5.3 |
| 2019-09-20 | CVE-2019-11326 | Forced Browsing vulnerability in Topcon Net-G5 Firmware 5.2.2 An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. | 8.8 |
| 2019-09-11 | CVE-2019-1220 | Forced Browsing vulnerability in Microsoft Edge and Internet Explorer A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs, aka 'Microsoft Browser Security Feature Bypass Vulnerability'. | 4.3 |
| 2019-08-14 | CVE-2019-9584 | Forced Browsing vulnerability in Eq-3 Homematic Ccu2 Firmware and Homematic Ccu3 Firmware eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile details, shutting down the VPN service and to delete the VPN service configuration. | 9.8 |
| 2019-08-14 | CVE-2019-13030 | Forced Browsing vulnerability in Mediola NEO Server eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3' prior to 2.4.5 allows uncontrolled admin access to start or stop the Node.js process, resulting in the ability to obtain mediola configuration details. | 8.2 |
| 2019-08-06 | CVE-2019-14347 | Forced Browsing vulnerability in Schben Adive Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an administrator account via admin/user/add, as demonstrated by a Python PoC script. | 8.8 |
| 2019-07-25 | CVE-2019-9884 | Forced Browsing vulnerability in Eclass IP 2.5 eClass platform < ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page. | 9.8 |
| 2019-07-19 | CVE-2019-13981 | Forced Browsing vulnerability in Rangerstudio Directus 7 API In Directus 7 API through 2.3.0, remote attackers can read image files via a direct request for a filename under the uploads/_/originals/ directory. | 5.3 |