CWE-425

Direct Request ('Forced Browsing')

Parent: CWE-862 - Missing Authorization

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

226 vulnerabilities with CWE-425
CVE-2024-45195 HIGH KEV
Apache OFBiz <18.12.16 - Info Disclosure
CVSS 7.5
CVE-2024-7753 MEDIUM
SourceCodester Clinics Patient Management System 1.0 - Info Disclosure
CVSS 5.3
CVE-2024-42001 HIGH
Vonets Industrial WiFi Bridge Firmware < 3.3.23.6.9 - Unauthenticated Authentication Bypass via Direct Request
CVSS 8.6
CVE-2024-33897 CRITICAL
HMS Networks ewon Cosy+ Firmware >=21.0s0 <21.2s10 - Availability Issue via Certificate Signing Request
CVSS 9.1
CVE-2024-7153 MEDIUM
Netgear WN604 <20240719 - Direct Request
CVSS 5.3
CVE-2024-7080 MEDIUM
Insurance Management System 1.0 - Path Traversal in /E-Insurance/
CVSS 5.3
CVE-2024-39868 HIGH
SINEMA Remote Connect Server <V3.2 SP1 - Auth Bypass
CVSS 7.6
CVE-2024-39867 HIGH
SINEMA Remote Connect Server <V3.2 SP1 - Info Disclosure
CVSS 7.6
CVE-2024-6414 MEDIUM
Parsec Automation TrakSYS 11.x.x - Info Disclosure
CVSS 5.3
CVE-2024-6188 MEDIUM
Parsec Automation TrackSYS 11.x.x - Info Disclosure
CVSS 5.3
CVE-2024-2730 MEDIUM
Mautic < 4.4.9 - Unauthenticated Sensitive Data Exposure via Predictable Landing Page Indices
CVSS 5.3
CVE-2024-0861 MEDIUM
GitLab EE <16.7.6-16.9.1 - Privilege Escalation
CVSS 4.3
CVE-2024-24592 CRITICAL
Allegro AI's ClearML - Info Disclosure
CVSS 9.8
CVE-2024-0456 MEDIUM
GitLab 14.0-16.6.5, 16.7.0-16.7.3, 16.8.0 - Unauthenticated Authorization Bypass via Merge Request Assignment
CVSS 4.3
CVE-2024-0204 CRITICAL
Fortra GoAnywhere MFT Unauthenticated Remote Code Execution
CVSS 9.8
CVE-2023-45598 MEDIUM
AiLux imx6 <imx6_1.0.7-2 - Info Disclosure
CVSS 5.3
CVE-2023-45596 MEDIUM
AiLux imx6 <imx6_1.0.7-2 - Info Disclosure
CVSS 5.3
CVE-2023-46186 MEDIUM
IBM Jazz for Service Management <1.1.3.20 - Info Disclosure
CVSS 5.3
CVE-2023-50935 MEDIUM
IBM PowerSC 1.3, 2.0, and 2.1 - Unauthenticated Direct Request Access
CVSS 6.5
CVE-2023-44320 MEDIUM
RUGGEDCOM RM1224 LTE(4G) EU, RUGGEDCOM RM1224 LTE(4G) NAM, SCALANCE...
CVSS 4.3
CVE-2023-5786 MEDIUM
GeoServer GeoWebCache <1.15.1 - Direct Request
CVSS 5.3
CVE-2023-5702 MEDIUM
Viessmann Vitogate 300 <2.1.3.0 - Direct Request
CVSS 4.3
CVE-2023-45809 LOW
Wagtail < 4.1.9 - Authenticated Information Disclosure via User Account Bulk Action URL
CVSS 2.7
CVE-2023-4018 MEDIUM
GitLab <16.2.5-16.3.1 - Info Disclosure
CVSS 4.3
CVE-2023-4544 MEDIUM
Byzoro Smart S85F Management Platform <20230809 - Direct Request
CVSS 4.3
Details
Vulnerabilities 226
Links
MITRE CWE Entry Search this CWE With Exploits