Vulnerabilities > Direct Request ('Forced Browsing')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-05 | CVE-2023-45598 | Forced Browsing vulnerability in Ailux Imx6 A CWE-425 “Direct Request ('Forced Browsing')” vulnerability in the “measure” functionality of the web application allows a remote unauthenticated attacker to access confidential measure information. | 5.3 |
| 2024-01-22 | CVE-2024-0204 | Forced Browsing vulnerability in Fortra Goanywhere Managed File Transfer Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal. | 9.8 |
| 2023-10-26 | CVE-2023-5786 | Forced Browsing vulnerability in Geoserver Geowebcache A vulnerability was found in GeoServer GeoWebCache up to 1.15.1. | 8.8 |
| 2023-10-23 | CVE-2023-5702 | Forced Browsing vulnerability in Viessmann Vitogate 300 Firmware 2.1.3.0 A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and classified as problematic. | 6.5 |
| 2023-06-29 | CVE-2015-1313 | Forced Browsing vulnerability in Jetbrains Teamcity JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request. | 6.5 |
| 2023-03-30 | CVE-2023-1699 | Forced Browsing vulnerability in Rapid7 Nexpose Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. | 9.8 |
| 2023-03-29 | CVE-2023-1663 | Forced Browsing vulnerability in Synopsys Coverity Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. | 5.3 |
| 2023-03-29 | CVE-2023-1682 | Forced Browsing vulnerability in Xunruicms 4.6.1 A vulnerability has been found in Xunrui CMS 4.61 and classified as problematic. | 7.5 |
| 2023-02-08 | CVE-2022-42438 | Forced Browsing vulnerability in IBM Cloud PAK for Multicloud Management Monitoring IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths. | 8.8 |
| 2023-01-31 | CVE-2022-47700 | Forced Browsing vulnerability in Comfast Project Cf-Wr623N Firmware COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Incorrect Access Control. | 7.5 |