Vulnerabilities > Direct Request ('Forced Browsing')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-04 | CVE-2021-46378 | Forced Browsing vulnerability in Dlink Dir-850L Firmware 1.08Trb03 DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download. | 7.5 |
| 2022-02-28 | CVE-2022-26159 | Forced Browsing vulnerability in Ametys 4.0.3 The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/<domain>/en.xml (and similar pathnames for other languages), which contain all characters typed by all users, including the content of private pages. | 5.3 |
| 2022-02-01 | CVE-2022-23607 | Forced Browsing vulnerability in multiple products treq is an HTTP library inspired by requests but written on top of Twisted's Agents. | 6.5 |
| 2022-01-14 | CVE-2021-24046 | Forced Browsing vulnerability in Ray-Ban products A logic flaw in Ray-Ban® Stories device software allowed some parameters like video capture duration limit to be modified through the Facebook View application. | 5.3 |
| 2022-01-10 | CVE-2021-42748 | Forced Browsing vulnerability in Fastlinemedia Beaver Builder In Beaver Builder through 2.5.0.3, attackers can bypass the visibility controls protection mechanism via the REST API. | 5.3 |
| 2022-01-03 | CVE-2021-24831 | Forced Browsing vulnerability in Rich-Web TAB All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary tabs. | 7.5 |
| 2021-11-05 | CVE-2021-42671 | Forced Browsing vulnerability in Engineers Online Portal Project Engineers Online Portal An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. | 7.5 |
| 2021-11-02 | CVE-2021-36560 | Forced Browsing vulnerability in Phone Shop Sales Management System Project Phone Shop Sales Management System 1.0 Phone Shop Sales Managements System using PHP with Source Code 1.0 is vulnerable to authentication bypass which leads to account takeover of the admin. | 9.8 |
| 2021-10-15 | CVE-2018-16060 | Forced Browsing vulnerability in Mitsubishielectric Smartrtu Firmware Mitsubishi Electric Europe B.V. | 7.5 |
| 2021-09-29 | CVE-2021-36745 | Forced Browsing vulnerability in Trendmicro Serverprotect 5.8/6.0 A vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerProtect for EMC Celerra 5.8, ServerProtect for Network Appliance Filers 5.8, and ServerProtect for Microsoft Windows / Novell Netware 5.8 could allow a remote attacker to bypass authentication on affected installations. | 9.8 |