Lucene search
K

199 matches found

CNNVD
CNNVD
added 2025/08/15 12:0 a.m.7 views

Drupal Config Pages 安全漏洞

Drupal Config Pages is a configuration page plugin for the Drupal community. A security vulnerability exists in Drupal Config Pages versions prior to 2.18.0, which stems from a lack of authorization and could lead to forced browsing...

7.6CVSS6.7AI score0.00253EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/21 12:0 a.m.6 views

Drupal File Download 安全漏洞

Drupal File Download is a file download plugin for the Drupal community. A security vulnerability exists in Drupal File Download versions prior to 1.9.0 and prior to 2.0.1, which stems from a lack of authorization and could lead to a forced browsing attack...

7.5CVSS6.6AI score0.0035EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/06/28 6:19 a.m.12 views

CVE-2025-41404

Direct request 'Forced Browsing' issue exists in iroha Board versions v0.10.12 and earlier. If this vulnerability is exploited, non-public contents may be viewed by an attacker who can log in to the affected product...

5.3CVSS4.4AI score0.00206EPSS
Exploits0References1
OSV
OSV
added 2025/06/26 6:15 a.m.7 views

CVE-2025-41404

Direct request 'Forced Browsing' issue exists in iroha Board versions v0.10.12 and earlier. If this vulnerability is exploited, non-public contents may be viewed by an attacker who can log in to the affected product...

5.3CVSS5.7AI score0.00206EPSS
Exploits0References2
NVD
NVD
added 2025/06/26 6:15 a.m.6 views

CVE-2025-41404

Direct request 'Forced Browsing' issue exists in iroha Board versions v0.10.12 and earlier. If this vulnerability is exploited, non-public contents may be viewed by an attacker who can log in to the affected product...

5.3CVSS0.00206EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/06/26 6:13 a.m.6 views

Multiple vulnerabilities in iroha Board

Overview iroha Board provided by iroha Soft Co., Ltd. contains multiple vulnerabilities listed below. Forced browsing CWE-425 - CVE-2025-41404 Cross-site request forgery CWE-352 - CVE-2025-48497 Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA. JPCERT/CC...

5.3CVSS7AI score0.00206EPSS
Exploits0References6
CVE
CVE
added 2025/06/26 6:4 a.m.38 views

CVE-2025-41404

CVE-2025-41404 affects iroha Board up to v0.10.12. The vulnerability is a direct request/forced browsing issue that could allow an attacker who is logged in to view non‑public contents. The issue is confirmed across multiple sources (e.g., Red Hat, JVN, NVD). A fix is available in iroha Board v0....

5.3CVSS7AI score0.00206EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/26 6:4 a.m.4 views

CVE-2025-41404

Direct request 'Forced Browsing' issue exists in iroha Board versions v0.10.12 and earlier. If this vulnerability is exploited, non-public contents may be viewed by an attacker who can log in to the affected product...

5.3CVSS7AI score0.00206EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/26 6:4 a.m.23 views

CVE-2025-41404

Direct request 'Forced Browsing' issue exists in iroha Board versions v0.10.12 and earlier. If this vulnerability is exploited, non-public contents may be viewed by an attacker who can log in to the affected product...

5.3CVSS0.00206EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/06/26 12:0 a.m.8 views

PT-2025-26940 · Unknown · Iroha Board

Name of the Vulnerable Software and Affected Versions: iroha Board versions 0.10.12 and earlier Description: The issue is related to a direct request problem, also known as forced browsing or navegación forzada, which could allow an attacker who has logged in to the affected product to access...

5.3CVSS6.8AI score0.00206EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/06/26 12:0 a.m.9 views

JVN#92520966: Multiple vulnerabilities in iroha Board

iroha Board provided by iroha Soft Co., Ltd. contains multiple vulnerabilities listed below. Forced browsing CWE-425 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 5.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Base Score 4.3 CVE-2025-41404 Cross-site request forgery...

5.3CVSS5.1AI score0.00206EPSS
Exploits0
CNNVD
CNNVD
added 2025/06/13 12:0 a.m.4 views

Drupal Bookable Calendar 安全漏洞

Drupal Bookable Calendar is a calendar plugin for the Drupal community. A security vulnerability exists in Drupal Bookable Calendar versions prior to 2.2.13, which stems from a lack of authorization and may result in forced browsing...

6.5CVSS6.6AI score0.00195EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/11 12:0 a.m.6 views

Drupal Quick Node Block 安全漏洞

Drupal Quick Node Block is a Drupal plugin for the Drupal community. A security vulnerability exists in Drupal Quick Node Block versions prior to 2.0.0, which stems from a lack of authorization and could lead to forced browsing...

5.3CVSS6.4AI score0.00229EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/11 12:0 a.m.5 views

Drupal Quick Node Block 安全漏洞

Drupal Quick Node Block is a Drupal plugin for the Drupal community. A security vulnerability exists in Drupal Quick Node Block versions prior to 2.0.0, which stems from a lack of authorization and could lead to forced browsing...

5.3CVSS6.4AI score0.00229EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 2:21 a.m.7 views

CVE-2023-45596

A CWE-425 “Direct Request 'Forced Browsing'” vulnerability in the “fileconfiguration” functionality of the web application allows a remote unauthenticated attacker to access confidential configuration files. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...

5.3CVSS7.1AI score0.00487EPSS
Exploits0References1
Snyk
Snyk
added 2025/05/21 7:51 p.m.2 views

Direct Request ('Forced Browsing')

Overview nitsan/ns-backup is an extension for TYPO3 that lets you save your code, files, and database with just a few clicks. Install Backup Plus and connect it to your cloud storage like Google Drive, Dropbox, Amazon S3, SFTP, Rsync, etc.. Affected versions of this package are vulnerable to Dire...

8.6CVSS6.9AI score0.00301EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/05/14 12:0 a.m.5 views

Drupal Enterprise MFA - TFA for Drupal 安全漏洞

Drupal Enterprise MFA - TFA for Drupal is a module plugin in the Drupal content management system for the Drupal community. A security vulnerability exists in Drupal Enterprise MFA - TFA for Drupal versions prior to 5.2.0, which stems from a lack of authorization and may result in forced browsing...

6.5CVSS6.6AI score0.00207EPSS
Exploits0References2
Snyk
Snyk
added 2025/05/02 9:30 p.m.3 views

Direct Request ('Forced Browsing')

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Direct Request 'Forced Browsing' due to improper authorization checks. An attacker can access sensitive asset information without the required permissions by exploiting the...

5.3CVSS6.7AI score0.01189EPSS
Exploits4References2
RedhatCVE
RedhatCVE
added 2025/04/25 11:44 p.m.5 views

CVE-2025-2595

An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing...

5.3CVSS7.2AI score0.0041EPSS
Exploits0References1
NVD
NVD
added 2025/04/23 8:15 a.m.15 views

CVE-2025-2595

An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing...

5.3CVSS0.0041EPSS
Exploits0References1
Rows per page
Query Builder