Vulnerabilities > Direct Request ('Forced Browsing')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-12 | CVE-2022-27480 | Forced Browsing vulnerability in Siemens products A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80). | 7.5 |
2022-04-09 | CVE-2022-28365 | Forced Browsing vulnerability in Reprisesoftware Reprise License Manager 14.2 Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. | 5.3 |
2022-03-29 | CVE-2022-1077 | Forced Browsing vulnerability in TEM Flex-1080 Firmware and Flex-1085 Firmware A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. | 7.5 |
2022-03-24 | CVE-2022-26279 | Forced Browsing vulnerability in Eyoucms 1.5.5 EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata. | 9.8 |
2022-03-14 | CVE-2022-24385 | Forced Browsing vulnerability in Smartertools Smartertrack A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. | 4.0 |
2022-02-28 | CVE-2022-26159 | Forced Browsing vulnerability in Ametys 4.0.3 The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/<domain>/en.xml (and similar pathnames for other languages), which contain all characters typed by all users, including the content of private pages. | 5.3 |
2022-02-01 | CVE-2022-23607 | Forced Browsing vulnerability in multiple products treq is an HTTP library inspired by requests but written on top of Twisted's Agents. | 6.5 |
2022-01-14 | CVE-2021-24046 | Forced Browsing vulnerability in Ray-Ban products A logic flaw in Ray-Ban® Stories device software allowed some parameters like video capture duration limit to be modified through the Facebook View application. | 5.0 |
2022-01-10 | CVE-2021-42748 | Forced Browsing vulnerability in Fastlinemedia Beaver Builder In Beaver Builder through 2.5.0.3, attackers can bypass the visibility controls protection mechanism via the REST API. | 5.3 |
2022-01-03 | CVE-2021-24831 | Forced Browsing vulnerability in Rich-Web TAB All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary tabs. | 7.5 |