Vulnerabilities > Direct Request ('Forced Browsing')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-12 | CVE-2021-24215 | Forced Browsing vulnerability in Wpruby Controlled Admin Access An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress plugin before 1.5.2. | 9.8 |
| 2021-04-06 | CVE-2021-30144 | Forced Browsing vulnerability in Glpi-Project Dashboard The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileged users to bypass access control on viewing information about the last ten events, the connected users, and the users in the tech category. | 4.3 |
| 2021-03-26 | CVE-2021-22180 | Forced Browsing vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 13.4. | 4.3 |
| 2021-02-16 | CVE-2020-35570 | Forced Browsing vulnerability in multiple products An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. | 5.3 |
| 2021-01-17 | CVE-2021-3113 | Forced Browsing vulnerability in Netsia Seba+ 0.16.1 Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. | 7.5 |
| 2021-01-05 | CVE-2019-20484 | Forced Browsing vulnerability in Vikisolutions Vera 4.9.1.26180 An issue was discovered in Viki Vera 4.9.1.26180. | 8.1 |
| 2021-01-01 | CVE-2020-35391 | Forced Browsing vulnerability in Tenda F3 Firmware 12.01.01.48 Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. | 6.5 |
| 2021-01-01 | CVE-2019-25012 | Forced Browsing vulnerability in Webform Report Project Webform Report 7.X1.Xdev The Webform Report project 7.x-1.x-dev for Drupal allows remote attackers to view submissions by visiting the /rss.xml page. | 7.5 |
| 2020-12-30 | CVE-2019-12768 | Forced Browsing vulnerability in Dlink Dap-1650 Firmware An issue was discovered on D-Link DAP-1650 devices through v1.03b07 before 1.04B02_J65H Hot Fix. | 9.8 |
| 2020-12-28 | CVE-2020-13474 | Forced Browsing vulnerability in Nchsoftware Express Accounts 8.24 In NCH Express Accounts 8.24 and earlier, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as Add/Edit users. | 6.5 |