Vulnerabilities > Direct Request ('Forced Browsing')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-09 | CVE-2020-10248 | Forced Browsing vulnerability in Meinbwa Direx-Pro Firmware 1.2181 BWA DiREX-Pro 1.2181 devices allow remote attackers to discover passwords via a direct request to val_users.php3. | 7.5 |
| 2020-03-07 | CVE-2020-8439 | Forced Browsing vulnerability in Monstra Monstra CMS through 3.0.4 allows remote authenticated users to take over arbitrary user accounts via a modified login parameter to an edit URI, as demonstrated by login=victim to the users/21/edit URI. | 6.5 |
| 2020-03-05 | CVE-2019-17646 | Forced Browsing vulnerability in Centreon An issue was discovered in Centreon before 18.10.8, 19.04.5, and 19.10.2. | 7.5 |
| 2020-03-05 | CVE-2019-17645 | Forced Browsing vulnerability in Centreon An issue was discovered in Centreon before 2.8.31, 18.10.9, 19.04.6, and 19.10.3. | 7.5 |
| 2020-03-04 | CVE-2019-17644 | Forced Browsing vulnerability in Centreon An issue was discovered in Centreon before 2.8-30, 18.10-8, 19.04-5, and 19.10-2.. | 7.5 |
| 2020-03-04 | CVE-2019-17643 | Forced Browsing vulnerability in Centreon An issue was discovered in Centreon before 2.8-30,18.10-8, 19.04-5, and 19.10-2. | 7.5 |
| 2019-11-26 | CVE-2019-16388 | Forced Browsing vulnerability in Pega Platform 8.3 PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyStream=MyAlerts request to get Audit Log information while using a low-privilege account. | 4.3 |
| 2019-11-26 | CVE-2019-16386 | Forced Browsing vulnerability in Pega Platform PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=random_harness_id request to get database schema information while using a low-privilege account. | 4.3 |
| 2019-11-21 | CVE-2019-16340 | Forced Browsing vulnerability in Linksys products Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfo_json.cgi URI. | 9.8 |
| 2019-10-28 | CVE-2019-14927 | Forced Browsing vulnerability in multiple products An issue was discovered on Mitsubishi Electric Europe B.V. | 7.5 |