Vulnerabilities > Direct Request ('Forced Browsing')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-31 | CVE-2022-47700 | Forced Browsing vulnerability in Comfast Project Cf-Wr623N Firmware COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Incorrect Access Control. | 7.5 |
| 2023-01-02 | CVE-2022-4057 | Forced Browsing vulnerability in Optimizingmatters Autooptimize The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's exported settings and logs. | 5.3 |
| 2022-12-25 | CVE-2022-42953 | Forced Browsing vulnerability in Zkteco products Certain ZKTeco products (ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM) allow access to sensitive information via direct requests for the form/DataApp?style=1 and form/DataApp?style=0 URLs. | 7.5 |
| 2022-11-23 | CVE-2022-45276 | Forced Browsing vulnerability in Eyunjing Yjcms 1.0.9 An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated attackers to obtain the Administrator account password. | 9.8 |
| 2022-11-15 | CVE-2022-40845 | Forced Browsing vulnerability in Tenda W15E Firmware 15.11.0.10(1576) The Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576) is affected by a password exposure vulnerability. | 6.5 |
| 2022-10-20 | CVE-2022-42197 | Forced Browsing vulnerability in Simple Exam Reviewer Management System Project Simple Exam Reviewer Management System 1.0 In Simple Exam Reviewer Management System v1.0 the User List function has improper access control that allows low privileged users to modify user permissions to higher privileges. | 6.5 |
| 2022-10-11 | CVE-2022-42238 | Forced Browsing vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard. | 8.8 |
| 2022-10-10 | CVE-2022-41746 | Forced Browsing vulnerability in Trendmicro Apex ONE 2019 A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. | 9.1 |
| 2022-09-26 | CVE-2022-36158 | Forced Browsing vulnerability in Contec products Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious actors to execute Linux commands with root privilege via a hidden web page (/usr/www/ja/mnt_cmd.cgi). | 8.0 |
| 2022-07-25 | CVE-2022-34570 | Forced Browsing vulnerability in Wavlink Wl-Wn579X3 Firmware M79X3.V5030.191012 WAVLINK WN579 X3 M79X3.V5030.191012/M79X3.V5030.191012 contains an information leak which allows attackers to obtain the key information via accessing the messages.txt page. | 7.5 |