Vulnerabilities > Direct Request ('Forced Browsing')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-25 | CVE-2022-1551 | Forced Browsing vulnerability in Smartypantsplugins SP Project & Document Manager The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files. | 6.5 |
| 2022-07-19 | CVE-2022-2192 | Forced Browsing vulnerability in Hypr Server 6.10/6.14.1/6.15.1 Forced Browsing vulnerability in HYPR Server version 6.10 to 6.15.1 allows remote attackers with a valid one-time recovery token to elevate privileges via path tampering in the Magic Link page. | 8.8 |
| 2022-06-14 | CVE-2022-31847 | Forced Browsing vulnerability in Wavlink Wn579X3 Firmware M79X3.V5030.180719 A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M79X3.V5030.180719 allows attackers to obtain sensitive router information via a crafted POST request. | 7.5 |
| 2022-06-14 | CVE-2021-40616 | Forced Browsing vulnerability in Thinkcmf 5.1.7 thinkcmf v5.1.7 has an unauthorized vulnerability. | 6.5 |
| 2022-06-10 | CVE-2021-44582 | Forced Browsing vulnerability in Money Transfer Management System Project Money Transfer Management System 1.0 A Privilege Escalation vulnerability exists in Sourcecodester Money Transfer Management System 1.0, which allows a remote malicious user to gain elevated privileges to the Admin role via any URL. | 8.8 |
| 2022-06-06 | CVE-2022-31480 | Forced Browsing vulnerability in multiple products An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). | 7.5 |
| 2022-06-06 | CVE-2022-31484 | Forced Browsing vulnerability in multiple products An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. | 7.5 |
| 2022-06-06 | CVE-2022-31485 | Forced Browsing vulnerability in multiple products An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. | 5.3 |
| 2022-06-02 | CVE-2022-28799 | Forced Browsing vulnerability in Tiktok The TikTok application before 23.7.3 for Android allows account takeover. | 8.8 |
| 2022-05-20 | CVE-2022-28991 | Forced Browsing vulnerability in Bdtask Multi Store Inventory Management System 1.0 Multi Store Inventory Management System v1.0 was discovered to contain an information disclosure vulnerability which allows attackers to access sensitive files. | 7.5 |