Vulnerabilities > Direct Request ('Forced Browsing')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-16 | CVE-2022-26653 | Forced Browsing vulnerability in Zohocorp Manageengine Remote Access Plus Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (such as the username and GUID of an administrator). | 5.3 |
| 2022-04-16 | CVE-2022-26777 | Forced Browsing vulnerability in Zohocorp Manageengine Remote Access Plus Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details. | 5.3 |
| 2022-04-12 | CVE-2022-27480 | Forced Browsing vulnerability in Siemens products A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80). | 7.5 |
| 2022-04-09 | CVE-2022-28365 | Forced Browsing vulnerability in Reprisesoftware Reprise License Manager 14.2 Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. | 5.3 |
| 2022-03-29 | CVE-2022-1077 | Forced Browsing vulnerability in TEM Flex-1080 Firmware and Flex-1085 Firmware A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. | 7.5 |
| 2022-03-24 | CVE-2022-26279 | Forced Browsing vulnerability in Eyoucms 1.5.5 EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata. | 9.8 |
| 2022-03-14 | CVE-2022-24385 | Forced Browsing vulnerability in Smartertools Smartertrack A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. | 6.5 |
| 2022-03-04 | CVE-2021-46378 | Forced Browsing vulnerability in Dlink Dir-850L Firmware 1.08Trb03 DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download. | 7.5 |
| 2022-02-28 | CVE-2022-26159 | Forced Browsing vulnerability in Ametys 4.0.3 The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/<domain>/en.xml (and similar pathnames for other languages), which contain all characters typed by all users, including the content of private pages. | 5.3 |
| 2022-02-01 | CVE-2022-23607 | Forced Browsing vulnerability in multiple products treq is an HTTP library inspired by requests but written on top of Twisted's Agents. | 6.5 |