Vulnerabilities > Direct Request ('Forced Browsing')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-03 | CVE-2021-24831 | Forced Browsing vulnerability in Rich-Web TAB All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary tabs. | 7.5 |
| 2021-11-05 | CVE-2021-42671 | Forced Browsing vulnerability in Engineers Online Portal Project Engineers Online Portal An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. | 7.5 |
| 2021-11-02 | CVE-2021-36560 | Forced Browsing vulnerability in Phone Shop Sales Management System Project Phone Shop Sales Management System 1.0 Phone Shop Sales Managements System using PHP with Source Code 1.0 is vulnerable to authentication bypass which leads to account takeover of the admin. | 9.8 |
| 2021-10-15 | CVE-2018-16060 | Forced Browsing vulnerability in Mitsubishielectric Smartrtu Firmware Mitsubishi Electric Europe B.V. | 7.5 |
| 2021-09-29 | CVE-2021-36745 | Forced Browsing vulnerability in Trendmicro Serverprotect 5.8/6.0 A vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerProtect for EMC Celerra 5.8, ServerProtect for Network Appliance Filers 5.8, and ServerProtect for Microsoft Windows / Novell Netware 5.8 could allow a remote attacker to bypass authentication on affected installations. | 9.8 |
| 2021-09-22 | CVE-2021-40875 | Forced Browsing vulnerability in Gurock Testrail Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. | 7.5 |
| 2021-08-03 | CVE-2021-26085 | Forced Browsing vulnerability in Atlassian Confluence Server Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. | 5.3 |
| 2021-07-30 | CVE-2021-20114 | Forced Browsing vulnerability in Tecnick Tcexam When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files. | 7.5 |
| 2021-05-06 | CVE-2021-28150 | Forced Browsing vulnerability in Hongdian H8922 Firmware 3.0.5 Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and other sensitive data) via /backup2.cgi. | 5.5 |
| 2021-04-22 | CVE-2021-24238 | Forced Browsing vulnerability in Purethemes Findeo and Realteo The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not ensure that the requested property to be deleted belong to the user making the request, allowing any authenticated users to delete arbitrary properties by tampering with the property_id parameter. | 6.5 |