Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-425

CWE-425

Direct Request ('Forced Browsing')

Parent: CWE-862 - Missing Authorization

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

223 vulnerabilities with CWE-425

CVE-2026-7500 MEDIUM

Org.keycloak.keycloak-services: improper access control on keycloak server when the account account api feature is disabled

CVE-2026-29909 MEDIUM

MRCMS 3.1.2 - Path Traversal

CVE-2026-4900 MEDIUM

code-projects Online Food Ordering System localhost.sql privilege escalation

CVE-2026-34056 HIGH

OpenEMR has a Privilege Escalation that Allows a Low-Level User to View Admin-Only Data

CVE-2026-34051 MEDIUM

OpenEMR has Improper ACL On Import/Export Popup

CVE-2026-4532 MEDIUM

code-projects Simple Food Ordering System Database Backup food.sql file access

CVE-2026-22732 CRITICAL

Under Some Conditions Spring Security HTTP Headers Are not Written

CVE-2026-32867 MEDIUM

OPEXUS eComplaint unauthenticated file upload

CVE-2026-25679 HIGH

url.Parse - Auth Bypass

CVE-2026-1978 MEDIUM

kalyan02 NanoCMS <0.4 - Info Disclosure

CVE-2026-0790 HIGH

Algosolutions 8180 IP Audio Alerter Firmware - Information Disclosure

CVE-2026-0650 CRITICAL

Flagr - Missing Authentication

CVE-2025-15587 HIGH

Credentials exposure in tinycontrol devices

CVE-2025-52024 CRITICAL

Aptsys Gemscms Backend < 2025-05-28 - Missing Authorization

CVE-2025-15153 LOW

PbootCMS <3.2.12 - Info Disclosure

CVE-2025-67844 MEDIUM

Mintlify Platform <2025-11-15 - Info Disclosure

CVE-2025-65011 HIGH

WODESYS WD- R608U - Info Disclosure

CVE-2025-26381 MEDIUM

Unknown - Info Disclosure

CVE-2025-14697 LOW

Shenzhen Sixun Software Sixun Shanghui Group Business Management Sy...

CVE-2025-57823 LOW

Fortinet FortiAuthenticator <6.6.7 - Info Disclosure

CVE-2025-6195 MEDIUM

GitLab EE <18.4.5-18.6.1 - Info Disclosure

CVE-2025-62778 MEDIUM

Frappe Learning <2.39.1 - Info Disclosure

CVE-2025-11280 LOW

Frappe LMS 2.35.0 - Direct Request in Assignment Picture Handler

CVE-2025-59797 MEDIUM

Profession Fit 5.0.99 Build 44910 - Auth Bypass

CVE-2025-10287 LOW

roncoo-pay <9428382af21cd5568319eae7429b7e1d0332ff40 - Unknown Vuln

Page 1 of 9 Next

Details

Vulnerabilities 223

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy