Vulnerabilities > Direct Request ('Forced Browsing')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-29 | CVE-2015-1313 | Forced Browsing vulnerability in Jetbrains Teamcity JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request. | 6.5 |
| 2023-03-30 | CVE-2023-1699 | Forced Browsing vulnerability in Rapid7 Nexpose Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. | 9.8 |
| 2023-03-29 | CVE-2023-1663 | Forced Browsing vulnerability in Synopsys Coverity Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. | 5.3 |
| 2023-03-29 | CVE-2023-1682 | Forced Browsing vulnerability in Xunruicms 4.6.1 A vulnerability has been found in Xunrui CMS 4.61 and classified as problematic. | 7.5 |
| 2023-02-08 | CVE-2022-42438 | Forced Browsing vulnerability in IBM Cloud PAK for Multicloud Management Monitoring IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths. | 8.8 |
| 2023-01-31 | CVE-2022-47700 | Forced Browsing vulnerability in Comfast Project Cf-Wr623N Firmware COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Incorrect Access Control. | 7.5 |
| 2023-01-02 | CVE-2022-4057 | Forced Browsing vulnerability in Optimizingmatters Autooptimize The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's exported settings and logs. | 5.3 |
| 2022-12-25 | CVE-2022-42953 | Forced Browsing vulnerability in Zkteco products Certain ZKTeco products (ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM) allow access to sensitive information via direct requests for the form/DataApp?style=1 and form/DataApp?style=0 URLs. | 7.5 |
| 2022-11-23 | CVE-2022-45276 | Forced Browsing vulnerability in Eyunjing Yjcms 1.0.9 An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated attackers to obtain the Administrator account password. | 9.8 |
| 2022-11-15 | CVE-2022-40845 | Forced Browsing vulnerability in Tenda W15E Firmware 15.11.0.10(1576) The Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576) is affected by a password exposure vulnerability. | 6.5 |