Lucene search
+L

204 matches found

NVD
NVD
added yesterday8 views

CVE-2026-21760

HCL DevOps Loop is affected by an Unauthorized Access to Admin Functionality Forced Browsing vulnerability. Improper authorization checks may allow unauthorized users to access restricted administrative functionality by directly accessing protected application endpoints...

4.6CVSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-21760

CVE-2026-21760 affects HCL DevOps Loop with an unauthorized access via forced browsing. The root cause is improper authorization checks that permit direct access to protected admin endpoints. CVSSv3.1 metrics indicate Network attack vector, Low privileges required, User interaction required, with...

4.6CVSS5.3AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-21760

HCL DevOps Loop is affected by an Unauthorized Access to Admin Functionality Forced Browsing vulnerability. Improper authorization checks may allow unauthorized users to access restricted administrative functionality by directly accessing protected application endpoints...

4.6CVSS5.3AI score
Exploits0References2Affected Software1
EUVD
EUVD
added yesterday6 views

EUVD-2026-45230

HCL DevOps Loop is affected by an Unauthorized Access to Admin Functionality Forced Browsing vulnerability. Improper authorization checks may allow unauthorized users to access restricted administrative functionality by directly accessing protected application endpoints...

4.6CVSS5.3AI score
Exploits0References1
Cvelist
Cvelist
added yesterday21 views

CVE-2026-21760 Unauthorized Access to Admin Functionality via Forced Browsing

HCL DevOps Loop is affected by an Unauthorized Access to Admin Functionality Forced Browsing vulnerability. Improper authorization checks may allow unauthorized users to access restricted administrative functionality by directly accessing protected application endpoints...

4.6CVSS
Exploits0References1
Snyk
Snyk
added 2026/06/11 2:17 p.m.7 views

Direct Request ('Forced Browsing')

Overview Affected versions of this package are vulnerable to Direct Request 'Forced Browsing' due to missing granular authorization checks in the bulk role-mapping-delete endpoints POST /admin/realms/realm/ui-ext/role-mapping-delete/users/id and POST...

6.9CVSS6.1AI score0.00201EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 12:0 a.m.10 views

Direct Request ('Forced Browsing')

Overview org.springframework:spring-webmvc is a package that provides Model-View-Controller MVC architecture and ready components that can be used to develop flexible and loosely coupled web applications. Affected versions of this package are vulnerable to Direct Request 'Forced Browsing' via...

8.2CVSS5.4AI score0.00313EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 12:0 a.m.7 views

Direct Request ('Forced Browsing')

Overview org.springframework:spring-webflux is a Spring Framework module that contains support for reactive HTTP and WebSocket clients as well as for reactive server web applications including REST, HTML browser, and WebSocket style interactions. Affected versions of this package are vulnerable t...

8.2CVSS5.4AI score0.00313EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/02 2:50 a.m.8 views

Direct Request ('Forced Browsing')

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Direct Request 'Forced Browsing' in the Gateway API endpoints due ...

7.1CVSS6.6AI score0.00244EPSS
Exploits1References2
Hacker One
Hacker One
added 2026/05/26 5:19 a.m.22 views

curl: Mentioned unites are at the same time .Then we have to increase the bounty.

Summary: Once you done with the coding then we have to increase the bounty and then write the reviwe on the same Once we find the error then we have to submit the margin and find the events Affected version Use a language that is not susceptible to these issues. However, be careful of null byte...

5.7AI score
Exploits0
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.13 views

Drupal Node View Permissions 代码问题漏洞

Drupal Node View Permissions is a Drupal content access control module developed by the Drupal company. There is a code vulnerability in Drupal Node View Permissions, which stems from improper checks for exceptional or special cases, potentially leading to forced browsing. The following versions...

3.7CVSS5.9AI score0.00214EPSS
Exploits0References1
OSV
OSV
added 2026/04/30 3:30 p.m.22 views

GHSA-HM32-HFMW-RHVG Keycloak has a Forced Browsing issue

When Keycloak is started with --features-disabled=account,account-api, the Account REST API is only partially disabled. Five endpoints under the versioned path /account/v1alpha1 remain fully functional — including both read and write operations — because they lack the checkAccountApiEnabled gate...

5.4CVSS5.8AI score0.00232EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2026/04/30 3:30 p.m.13 views

Keycloak has a Forced Browsing issue

When Keycloak is started with --features-disabled=account,account-api, the Account REST API is only partially disabled. Five endpoints under the versioned path /account/v1alpha1 remain fully functional — including both read and write operations — because they lack the checkAccountApiEnabled gate...

5.4CVSS5.8AI score0.00232EPSS
Exploits0References10Affected Software1
Snyk
Snyk
added 2026/04/30 12:0 a.m.7 views

Forced Browsing

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Forced Browsing via the account and account-api features when the server is started with...

5.4CVSS5.4AI score0.00232EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/26 8:2 p.m.3 views

CVE-2026-3526 File Access Fix (deprecated) - Moderately critical - Access bypass - SA-CONTRIB-2026-021

Incorrect Authorization vulnerability in Drupal File Access Fix deprecated allows Forceful Browsing.This issue affects File Access Fix deprecated: from 0.0.0 before 1.2.0...

5.9AI score0.00256EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:18 p.m.5 views

CVE-2026-30702

The WiFi Extender WDR201A HW V2.1, FW LFMZX28040922V1.02 implements a broken authentication mechanism in its web management interface. The login page does not properly enforce session validation, allowing attackers to bypass authentication by directly accessing restricted web application endpoint...

9.8CVSS5.8AI score0.00369EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.9 views

Drupal File Access Fix 安全漏洞

Drupal File Access Fix is a file access repair tool provided by the Drupal company. Versions of Drupal File Access Fix prior to 1.2.0 contained security vulnerabilities; these vulnerabilities were due to improper authorization, which could lead to forced browsing...

5.3CVSS5.8AI score0.00187EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.9 views

Drupal File Access Fix 安全漏洞

Drupal File Access Fix is a file access repair tool provided by the Drupal company. Versions of Drupal File Access Fix prior to 1.2.0 contained security vulnerabilities; these vulnerabilities were due to improper authorization, which could lead to forced browsing...

5.3CVSS5.8AI score0.00256EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.8 views

Drupal Unpublished Node Permissions 安全漏洞

Drupal Unpublished Node Permissions is an extension developed by Drupal Corporation that allows for controlling access to unpublished content. Versions of Drupal Unpublished Node Permissions prior to 1.7.0 contained security vulnerabilities; these vulnerabilities were due to improper authorizatio...

7.5CVSS5.8AI score0.00232EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.8 views

Drupal Material Icons 安全漏洞

Drupal Material Icons is a module provided by the Drupal company that offers interface icon display and management functions. Versions of Drupal Material Icons prior to 2.0.4 contained security vulnerabilities, which were caused by improper authorization and could lead to forced browsing...

5.3CVSS5.8AI score0.00223EPSS
Exploits0References1
Rows per page
Query Builder