Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-425

CWE-425

Direct Request ('Forced Browsing')

Parent: CWE-862 - Missing Authorization

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

226 vulnerabilities with CWE-425

CVE-2026-34028 MEDIUM

Unauthenticated direct access to web data in Wertheim SafeController Software exposes files

CVE-2026-11986 MEDIUM

Red Hat Keycloak admin-ui-ext - Authorization Bypass in Bulk Role Mapping Deletion

CVE-2026-8205 MEDIUM

Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in Calendar Block since action_get_events does not check canView on the calendar

CVE-2026-7500 MEDIUM

Org.keycloak.keycloak-services: improper access control on keycloak server when the account account api feature is disabled

CVE-2026-29909 MEDIUM

MRCMS 3.1.2 - Unauthenticated Directory Enumeration via File Management Module

CVE-2026-4900 MEDIUM

code-projects Online Food Ordering System localhost.sql privilege escalation

CVE-2026-34056 HIGH

OpenEMR <=8.0.0.3 Ensora eRx Logs - Privilege Escalation

CVE-2026-34051 MEDIUM

OpenEMR has Improper ACL On Import/Export Popup

CVE-2026-4532 MEDIUM

code-projects Simple Food Ordering System Database Backup food.sql file access

CVE-2026-22732 CRITICAL

Under Some Conditions Spring Security HTTP Headers Are not Written

CVE-2026-32867 MEDIUM

OPEXUS eComplaint unauthenticated file upload

CVE-2026-25679 HIGH

Go standard library net/url < 1.25.8 and 1.26.0 - Direct Request via Invalid URL Host Parsing

CVE-2026-1978 MEDIUM

kalyan02 NanoCMS <0.4 - Info Disclosure

CVE-2026-0790 HIGH

ALGO 8180 IP Audio Alerter Firmware - Unauthenticated Information Disclosure via Direct Request

CVE-2026-0650 CRITICAL

OpenFlagr <= 1.1.18 - Unauthenticated Authentication Bypass via Path Normalization

CVE-2025-15587 HIGH

Credentials exposure in tinycontrol devices

CVE-2025-52024 CRITICAL

Aptsys POS Platform Web Services < 2025-05-28 - Unauthenticated API Exposure via Internal Testing Tools

CVE-2025-15153 LOW

pbootcms < 3.2.12 - Direct Request Access to SQLite Database File

CVE-2025-67844 MEDIUM

Mintlify Platform <2025-11-15 - Info Disclosure

CVE-2025-65011 HIGH

WODESYS WD- R608U - Info Disclosure

CVE-2025-26381 MEDIUM

Johnson Controls OpenBlue Workplace < 2025.1.2 - Unauthorized Information Access via Forced Browsing

CVE-2025-14697 LOW

Shenzhen Sixun Software Sixun Shanghui Group Business Management Sy...

CVE-2025-57823 LOW

Fortinet FortiAuthenticator <6.6.7 - Info Disclosure

CVE-2025-6195 MEDIUM

GitLab EE <18.4.5-18.6.1 - Info Disclosure

CVE-2025-62778 MEDIUM

Frappe Learning <2.39.1 - Info Disclosure

Page 1 of 10 Next

Details

Vulnerabilities 226

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy