Lucene search
K

199 matches found

CNNVD
CNNVD
added 2026/02/04 12:0 a.m.8 views

Drupal Group invite 安全漏洞

Drupal Group invite is a membership invitation module provided by the Drupal company. Versions prior to 2.3.9, 3.0.4, and 4.0.4 of Drupal Group invite contained security vulnerabilities. These vulnerabilities were due to improper exception condition checks, which could lead to forced browsing...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.8 views

Drupal Canvas 安全漏洞

Drupal Canvas is a page builder developed by the Drupal company. Versions of Drupal Canvas prior to 1.0.4 contained security vulnerabilities, which were due to improper authorization and could lead to forced browsing...

4.8CVSS5.8AI score0.00138EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.8 views

Drupal Entity Share security vulnerability

Drupal Entity Share is a content sharing plugin for the Drupal community. Versions of Drupal Entity Share prior to 3.13.0 contained a security vulnerability, which was caused by improper authorization and could lead to forced browsing...

5.3CVSS5.8AI score0.00187EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.7 views

Drupal HTTP Client Manager security vulnerability

The Drupal HTTP Client Manager is an HTTP client management plugin for the Drupal community. Versions prior to 9.3.13, 10.0.2, and 11.0.1 of the Drupal HTTP Client Manager contained security vulnerabilities. These vulnerabilities were due to improper exception condition checks, which could lead t...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:0 a.m.6 views

CVE-2020-7541

A CWE-425: Direct Request 'Forced Browsing' vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions, that could cause disclosure of sensitive data when sending a...

5.3CVSS6.8AI score0.00898EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:27 a.m.6 views

CVE-2023-45598

A CWE-425 “Direct Request 'Forced Browsing'” vulnerability in the “measure” functionality of the web application allows a remote unauthenticated attacker to access confidential measure information. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...

5.3CVSS7.1AI score0.00487EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/12/19 11:47 a.m.3 views

CVE-2025-1885

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Restajet Information Technologies Inc. Online Food Delivery System allows Phishing, Forceful Browsing. This issue affects Online Food Delivery System: through 19122025. NOTE: The vendor was contacted early about this disclosure bu...

5.4CVSS5.4AI score0.00147EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/19 12:0 a.m.6 views

PT-2025-52441

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Restajet Information Technologies Inc. Online Food Delivery System allows Phishing, Forceful Browsing.This issue affects Online Food Delivery System: through 19122025...

5.4CVSS6.8AI score0.00147EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/10 6:14 p.m.11 views

CVE-2025-57823

A direct request 'forced browsing' vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least sponsor permissions to read and...

2.7CVSS6.7AI score0.00202EPSS
Exploits0References1
OSV
OSV
added 2025/12/09 6:15 p.m.5 views

CVE-2025-57823

A direct request 'forced browsing' vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least sponsor permissions to read and...

2.7CVSS5.8AI score0.00202EPSS
Exploits0References1
NVD
NVD
added 2025/12/09 6:15 p.m.6 views

CVE-2025-57823

A direct request 'forced browsing' vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least sponsor permissions to read and...

2.7CVSS0.00202EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/09 5:18 p.m.24 views

CVE-2025-57823

A direct request 'forced browsing' vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least sponsor permissions to read and...

2.7CVSS0.00202EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/09 5:18 p.m.3 views

CVE-2025-57823

A direct request 'forced browsing' vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least sponsor permissions to read and...

2.7CVSS6.2AI score0.00202EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/09 5:18 p.m.8 views

EUVD-2025-202275

A direct request 'forced browsing' vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least sponsor permissions to read and...

2.7CVSS6.1AI score0.00202EPSS
Exploits0References2
CVE
CVE
added 2025/12/09 5:18 p.m.18 views

CVE-2025-57823

CVE-2025-57823 affects Fortinet FortiAuthenticator 6.3–6.6.x (including 6.3, 6.4, 6.5, 6.6.0–6.6.6). It is a direct request (forced browsing) vulnerability that an authenticated user with sponsor permissions can use to read and download device logs by accessing specific endpoints. Impact is limit...

2.7CVSS6.2AI score0.00202EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.8 views

PT-2025-49245

Name of the Vulnerable Software and Affected Versions Johnson Controls OpenBlue Mobile Web Application for OpenBlue Workplace versions 2025.1.2 and prior Description Johnson Controls OpenBlue Mobile Web Application for OpenBlue Workplace versions 2025.1.2 and prior are susceptible to a Direct...

9CVSS6.8AI score0.00281EPSS
Exploits0References5
OSV
OSV
added 2025/12/02 12:5 p.m.6 views

BIT-GITLAB-2025-6195 Direct Request ('Forced Browsing') in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 13.7 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user to view information from security reports under certain configuration conditions...

4.3CVSS6.4AI score0.00278EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/26 7:46 p.m.2 views

CVE-2025-6195 Direct Request ('Forced Browsing') in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 13.7 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user to view information from security reports under certain configuration conditions...

4.3CVSS6.1AI score0.00278EPSS
Exploits0References3
CVE
CVE
added 2025/11/26 7:46 p.m.26 views

CVE-2025-6195

CVE-2025-6195 : GitLab EE had a fix for an issue that could allow an authenticated user to view information from security reports under certain configuration conditions. The vulnerability affected all GitLab CE/EE versions up to: 13.7 before 18.4.5; 18.5 before 18.5.3; 18.6 before 18.6.1. The rem...

4.3CVSS6.1AI score0.00278EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/11/26 7:46 p.m.14 views

CVE-2025-6195 Direct Request ('Forced Browsing') in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 13.7 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user to view information from security reports under certain configuration conditions...

4.3CVSS0.00278EPSS
Exploits0References3
Rows per page
Query Builder