Vulnerabilities > Direct Request ('Forced Browsing')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-22 | CVE-2021-24238 | Forced Browsing vulnerability in Purethemes Findeo and Realteo The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not ensure that the requested property to be deleted belong to the user making the request, allowing any authenticated users to delete arbitrary properties by tampering with the property_id parameter. | 6.5 |
| 2021-04-12 | CVE-2021-24215 | Forced Browsing vulnerability in Wpruby Controlled Admin Access An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress plugin before 1.5.2. | 9.8 |
| 2021-04-06 | CVE-2021-30144 | Forced Browsing vulnerability in Glpi-Project Dashboard The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileged users to bypass access control on viewing information about the last ten events, the connected users, and the users in the tech category. | 4.3 |
| 2021-03-26 | CVE-2021-22180 | Forced Browsing vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 13.4. | 4.3 |
| 2021-02-16 | CVE-2020-35570 | Forced Browsing vulnerability in multiple products An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. | 5.3 |
| 2021-01-17 | CVE-2021-3113 | Forced Browsing vulnerability in Netsia Seba+ 0.16.1 Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. | 7.5 |
| 2021-01-05 | CVE-2019-20484 | Forced Browsing vulnerability in Vikisolutions Vera 4.9.1.26180 An issue was discovered in Viki Vera 4.9.1.26180. | 8.1 |
| 2021-01-01 | CVE-2020-35391 | Forced Browsing vulnerability in Tenda F3 Firmware 12.01.01.48 Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. | 6.5 |
| 2021-01-01 | CVE-2019-25012 | Forced Browsing vulnerability in Webform Report Project Webform Report 7.X1.Xdev The Webform Report project 7.x-1.x-dev for Drupal allows remote attackers to view submissions by visiting the /rss.xml page. | 7.5 |
| 2020-12-30 | CVE-2019-12768 | Forced Browsing vulnerability in Dlink Dap-1650 Firmware An issue was discovered on D-Link DAP-1650 devices through v1.03b07 before 1.04B02_J65H Hot Fix. | 9.8 |