Vulnerabilities > Direct Request ('Forced Browsing')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-30 | CVE-2023-1699 | Forced Browsing vulnerability in Rapid7 Nexpose Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. | 9.8 |
| 2023-03-29 | CVE-2023-1663 | Forced Browsing vulnerability in Synopsys Coverity Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. | 5.3 |
| 2023-03-29 | CVE-2023-1682 | Forced Browsing vulnerability in Xunruicms 4.6.1 A vulnerability has been found in Xunrui CMS 4.61 and classified as problematic. | 7.5 |
| 2023-02-08 | CVE-2022-42438 | Forced Browsing vulnerability in IBM Cloud PAK for Multicloud Management Monitoring IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths. | 8.8 |
| 2023-01-31 | CVE-2022-47700 | Forced Browsing vulnerability in Comfast Project Cf-Wr623N Firmware COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Incorrect Access Control. | 7.5 |
| 2023-01-02 | CVE-2022-4057 | Forced Browsing vulnerability in Optimizingmatters Autooptimize The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's exported settings and logs. | 5.3 |
| 2022-12-25 | CVE-2022-42953 | Forced Browsing vulnerability in Zkteco products Certain ZKTeco products (ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM) allow access to sensitive information via direct requests for the form/DataApp?style=1 and form/DataApp?style=0 URLs. | 7.5 |
| 2022-11-23 | CVE-2022-45276 | Forced Browsing vulnerability in Eyunjing Yjcms 1.0.9 An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated attackers to obtain the Administrator account password. | 9.8 |
| 2022-11-15 | CVE-2022-40845 | Forced Browsing vulnerability in Tenda W15E Firmware 15.11.0.10(1576) The Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576) is affected by a password exposure vulnerability. | 6.5 |
| 2022-10-20 | CVE-2022-42197 | Forced Browsing vulnerability in Simple Exam Reviewer Management System Project Simple Exam Reviewer Management System 1.0 In Simple Exam Reviewer Management System v1.0 the User List function has improper access control that allows low privileged users to modify user permissions to higher privileges. | 6.5 |