Lucene search
K

471 matches found

Positive Technologies
Positive Technologies
added 2024/10/30 12:0 a.m.5 views

PT-2025-2105 · Drupal · Ohdear Integration

Name of the Vulnerable Software and Affected Versions: OhDear Integration versions 0.0.0 through 2.0.3 Description: The issue is related to incorrect authorization in the OhDear Integration module for Drupal, allowing forceful browsing. This can enable a remote attacker to access confidential...

5.3CVSS7.2AI score0.00292EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/10/09 12:0 a.m.5 views

PT-2025-2097 · Drupal · Drupal

Name of the Vulnerable Software and Affected Versions: Drupal Block permissions versions 1.0.0 through 1.2.0 Description: The issue is related to an incorrect authorization mechanism in the Block permissions module of the Drupal CMS system. This can allow a remote attacker to impact the...

10CVSS7.3AI score0.00325EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/10/02 12:0 a.m.4 views

PT-2025-2095 · Drupal · Drupal Persistent Login

Name of the Vulnerable Software and Affected Versions: Drupal Persistent Login versions 0.0.0 through 1.8.0 Drupal Persistent Login versions 2.0. through 2.2.2 Description: The issue is related to insufficient session expiration in the Drupal Persistent Login module, allowing for forceful browsin...

9.8CVSS7.2AI score0.00394EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/09/18 12:0 a.m.3 views

PT-2025-2092 · Drupal · Drupal Cms +1

Name of the Vulnerable Software and Affected Versions: Drupal Smart IP Ban versions 7.X-1.0 through 7.X-1.0 Description: The issue is related to insufficient authorization mechanisms in the Smart IP Ban module for the Drupal CMS, allowing a remote attacker to view and modify settings. This can le...

9.4CVSS7.3AI score0.00341EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/09/11 12:0 a.m.6 views

PT-2024-10287 · Unknown · File Entity

Name of the Vulnerable Software and Affected Versions: File Entity versions 7.X- before 7.X-2.39 Description: The issue allows for the insertion of sensitive information into sent data, enabling forceful browsing. This can lead to the disclosure of protected information. The estimated number of...

7.8CVSS6.8AI score0.0036EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/09/04 12:0 a.m.7 views

PT-2025-2089 · Drupal · Content Entity Clone

Name of the Vulnerable Software and Affected Versions: Content Entity Clone versions 0.0.0 through 1.0.4 Description: The issue is related to incorrect authorization in the Content Entity Clone module for Drupal, allowing forceful browsing. This can enable a remote attacker to disclose protected...

4.3CVSS7.2AI score0.00296EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/08/28 12:0 a.m.5 views

PT-2025-2087 · Unknown · Advanced Varnish

Name of the Vulnerable Software and Affected Versions: Advanced Varnish versions 0.0.0 through 4.0.10 Description: The issue is related to the insertion of sensitive information into sent data, which can allow forceful browsing. This can be exploited by a remote attacker to bypass security...

5.3CVSS7.1AI score0.00353EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/08/21 12:0 a.m.5 views

PT-2024-10348 · Drupal · Drupal Responsive/Off-Canvas Menu

Name of the Vulnerable Software and Affected Versions: Drupal Responsive and off-canvas menu versions 0.0.0 through 4.4.3 Description: The issue is related to an Incorrect Authorization vulnerability in the Drupal Responsive and off-canvas menu, which allows for Forceful Browsing. This means that...

5.3CVSS7.4AI score0.00334EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/05/29 12:0 a.m.5 views

PT-2024-10094 · Drupal · Drupal Rest & Json Api Authentication

Name of the Vulnerable Software and Affected Versions: Drupal REST & JSON API Authentication versions 0.0.0 through 2.0.12 Description: The issue is related to an Incorrect Authorization vulnerability in Drupal REST & JSON API Authentication, allowing Forceful Browsing. This can enable a remote...

10CVSS7.5AI score0.00618EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/05/22 12:0 a.m.5 views

PT-2024-10347 · Drupal · Email Contact

Name of the Vulnerable Software and Affected Versions: Email Contact versions 0.0.0 through 2.0.4 Description: The issue is related to insufficient granularity of access control in the Email Contact module for Drupal, allowing forceful browsing. This can be exploited by a remote attacker to bypas...

7.8CVSS7AI score0.0039EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/04/24 12:0 a.m.10 views

PT-2024-10086 · Drupal · Drupal Advanced Pwa Inc Push Notifications

Name of the Vulnerable Software and Affected Versions: Drupal Advanced PWA inc Push Notifications versions 0.0.0 through 1.5.0 Description: The issue is related to an incorrect authorization vulnerability in the Drupal Advanced PWA inc Push Notifications module, which allows for forceful browsing...

9.1CVSS7.2AI score0.00357EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/01/31 12:0 a.m.9 views

PT-2024-10361 · Drupal · Drupal Entity Delete Log

Name of the Vulnerable Software and Affected Versions: Drupal Entity Delete Log versions 0.0.0 through 1.1.1 Description: The issue is related to a lack of authorization in the Drupal Entity Delete Log, which allows for forceful browsing. This can enable a remote attacker to bypass security...

6.8CVSS7.5AI score0.00262EPSS
Exploits0References6
NVD
NVD
added 2023/06/07 7:15 a.m.24 views

CVE-2023-2187

On Triangle MicroWorks' SCADA Data Gateway version = v5.01.03, an unauthenticated attacker can send broadcast events to any user via the WebMonitor.An unauthenticated user can use this vulnerability to forcefully log out of any currently logged-in user by sending a "password change event"...

5.3CVSS5.3AI score0.00593EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2022/04/18 5:8 p.m.418 views

Exploit for Out-of-bounds Write in 7-Zip

7-Zip CVE 2022-29072 - Powershell Detection/Mitigation...

7.8CVSS7.7AI score0.01523EPSS
Exploits8
OSV
OSV
added 2021/02/16 4:15 p.m.6 views

CVE-2020-35570

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files that should have been restricted via forceful browsing...

5.3CVSS6.1AI score0.01249EPSS
Exploits0References3
NVD
NVD
added 2021/02/16 4:15 p.m.25 views

CVE-2020-35570

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files that should have been restricted via forceful browsing...

5.3CVSS0.01249EPSS
Exploits0References3
Prion
Prion
added 2021/02/16 4:15 p.m.21 views

Design/Logic Flaw

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files that should have been restricted via forceful browsing...

5CVSS6.5AI score0.01249EPSS
Exploits0References3Affected Software4
CVE
CVE
added 2021/02/16 3:23 p.m.52 views

CVE-2020-35570

MB connect line products mymbCONNECT24, mbCONNECT24, Helmholz myREX24 and myREX24.virtual (through 2.11.2) are affected by a forceful-browsing vulnerability that allows an unauthenticated attacker to access restricted files. The issue is described under CVE-2020-35570 as an access to restricted f...

5.3CVSS5.9AI score0.01249EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2021/02/16 3:23 p.m.30 views

CVE-2020-35570 Foreced Browsing vulnerability in products of MB connect line and Helmholz

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files that should have been restricted via forceful browsing...

5.3CVSS5.5AI score0.01249EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2021/02/16 12:0 a.m.6 views

PT-2021-11801 · Helmholz +1 · Myrex24.Virtual +2

Name of the Vulnerable Software and Affected Versions: MB connect line mymbCONNECT24 versions through 2.11.2 mbCONNECT24 versions through 2.11.2 Helmholz myREX24 versions through 2.11.2 myREX24.virtual versions through 2.11.2 Description: An issue allows an unauthenticated attacker to access...

5.3CVSS5.2AI score0.01249EPSS
Exploits0References6
Rows per page
Query Builder