199 matches found
Drupal Config Pages 安全漏洞
Drupal Config Pages is a configuration page plugin for the Drupal community. A security vulnerability exists in Drupal Config Pages versions prior to 2.18.0, which stems from a lack of authorization and could lead to forced browsing...
Drupal File Download 安全漏洞
Drupal File Download is a file download plugin for the Drupal community. A security vulnerability exists in Drupal File Download versions prior to 1.9.0 and prior to 2.0.1, which stems from a lack of authorization and could lead to a forced browsing attack...
CVE-2025-41404
Direct request 'Forced Browsing' issue exists in iroha Board versions v0.10.12 and earlier. If this vulnerability is exploited, non-public contents may be viewed by an attacker who can log in to the affected product...
CVE-2025-41404
Direct request 'Forced Browsing' issue exists in iroha Board versions v0.10.12 and earlier. If this vulnerability is exploited, non-public contents may be viewed by an attacker who can log in to the affected product...
CVE-2025-41404
Direct request 'Forced Browsing' issue exists in iroha Board versions v0.10.12 and earlier. If this vulnerability is exploited, non-public contents may be viewed by an attacker who can log in to the affected product...
Multiple vulnerabilities in iroha Board
Overview iroha Board provided by iroha Soft Co., Ltd. contains multiple vulnerabilities listed below. Forced browsing CWE-425 - CVE-2025-41404 Cross-site request forgery CWE-352 - CVE-2025-48497 Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA. JPCERT/CC...
CVE-2025-41404
CVE-2025-41404 affects iroha Board up to v0.10.12. The vulnerability is a direct request/forced browsing issue that could allow an attacker who is logged in to view non‑public contents. The issue is confirmed across multiple sources (e.g., Red Hat, JVN, NVD). A fix is available in iroha Board v0....
CVE-2025-41404
Direct request 'Forced Browsing' issue exists in iroha Board versions v0.10.12 and earlier. If this vulnerability is exploited, non-public contents may be viewed by an attacker who can log in to the affected product...
CVE-2025-41404
Direct request 'Forced Browsing' issue exists in iroha Board versions v0.10.12 and earlier. If this vulnerability is exploited, non-public contents may be viewed by an attacker who can log in to the affected product...
PT-2025-26940 · Unknown · Iroha Board
Name of the Vulnerable Software and Affected Versions: iroha Board versions 0.10.12 and earlier Description: The issue is related to a direct request problem, also known as forced browsing or navegación forzada, which could allow an attacker who has logged in to the affected product to access...
JVN#92520966: Multiple vulnerabilities in iroha Board
iroha Board provided by iroha Soft Co., Ltd. contains multiple vulnerabilities listed below. Forced browsing CWE-425 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 5.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Base Score 4.3 CVE-2025-41404 Cross-site request forgery...
Drupal Bookable Calendar 安全漏洞
Drupal Bookable Calendar is a calendar plugin for the Drupal community. A security vulnerability exists in Drupal Bookable Calendar versions prior to 2.2.13, which stems from a lack of authorization and may result in forced browsing...
Drupal Quick Node Block 安全漏洞
Drupal Quick Node Block is a Drupal plugin for the Drupal community. A security vulnerability exists in Drupal Quick Node Block versions prior to 2.0.0, which stems from a lack of authorization and could lead to forced browsing...
Drupal Quick Node Block 安全漏洞
Drupal Quick Node Block is a Drupal plugin for the Drupal community. A security vulnerability exists in Drupal Quick Node Block versions prior to 2.0.0, which stems from a lack of authorization and could lead to forced browsing...
CVE-2023-45596
A CWE-425 “Direct Request 'Forced Browsing'” vulnerability in the “fileconfiguration” functionality of the web application allows a remote unauthenticated attacker to access confidential configuration files. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...
Direct Request ('Forced Browsing')
Overview nitsan/ns-backup is an extension for TYPO3 that lets you save your code, files, and database with just a few clicks. Install Backup Plus and connect it to your cloud storage like Google Drive, Dropbox, Amazon S3, SFTP, Rsync, etc.. Affected versions of this package are vulnerable to Dire...
Drupal Enterprise MFA - TFA for Drupal 安全漏洞
Drupal Enterprise MFA - TFA for Drupal is a module plugin in the Drupal content management system for the Drupal community. A security vulnerability exists in Drupal Enterprise MFA - TFA for Drupal versions prior to 5.2.0, which stems from a lack of authorization and may result in forced browsing...
Direct Request ('Forced Browsing')
Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Direct Request 'Forced Browsing' due to improper authorization checks. An attacker can access sensitive asset information without the required permissions by exploiting the...
CVE-2025-2595
An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing...
CVE-2025-2595
An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing...