Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-425

CWE-425

Direct Request ('Forced Browsing')

Parent: CWE-862 - Missing Authorization

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

223 vulnerabilities with CWE-425

CVE-2024-33897 CRITICAL

HMS Networks Cosy+ - DoS

CVE-2024-7153 MEDIUM

Netgear WN604 <20240719 - Direct Request

CVE-2024-7080 MEDIUM

Munyweki Insurance Management System - Path Traversal

CVE-2024-39868 HIGH

SINEMA Remote Connect Server <V3.2 SP1 - Auth Bypass

CVE-2024-39867 HIGH

SINEMA Remote Connect Server <V3.2 SP1 - Info Disclosure

CVE-2024-6414 MEDIUM

Parsec Automation TrakSYS 11.x.x - Info Disclosure

CVE-2024-6188 MEDIUM

Parsec Automation TrackSYS 11.x.x - Info Disclosure

CVE-2024-2730 MEDIUM

Mautic - Info Disclosure

CVE-2024-0861 MEDIUM

GitLab EE <16.7.6-16.9.1 - Privilege Escalation

CVE-2024-24592 CRITICAL

Allegro AI's ClearML - Info Disclosure

CVE-2024-0456 MEDIUM

GitLab <14.0-16.8.1 - Auth Bypass

CVE-2024-0204 CRITICAL

Fortra GoAnywhere MFT Unauthenticated Remote Code Execution

CVE-2023-45598 MEDIUM

AiLux imx6 <imx6_1.0.7-2 - Info Disclosure

CVE-2023-45596 MEDIUM

AiLux imx6 <imx6_1.0.7-2 - Info Disclosure

CVE-2023-46186 MEDIUM

IBM Jazz for Service Management <1.1.3.20 - Info Disclosure

CVE-2023-50935 MEDIUM

IBM PowerSC - Privilege Escalation

CVE-2023-44320 MEDIUM

RUGGEDCOM RM1224 LTE(4G) EU, RUGGEDCOM RM1224 LTE(4G) NAM, SCALANCE...

CVE-2023-5786 MEDIUM

GeoServer GeoWebCache <1.15.1 - Direct Request

CVE-2023-5702 MEDIUM

Viessmann Vitogate 300 <2.1.3.0 - Direct Request

CVE-2023-45809 LOW

Torchbox Wagtail < 4.1.9 - Information Disclosure

CVE-2023-4018 MEDIUM

GitLab <16.2.5-16.3.1 - Info Disclosure

CVE-2023-4544 MEDIUM

Byzoro Smart S85F Management Platform <20230809 - Direct Request

CVE-2023-3426 MEDIUM

Liferay Digital Experience Platform < 7.4.3.85 - Missing Authorization

CVE-2023-3792 MEDIUM

Beijing Netcon NS-ASG 6.3 - Direct Request

CVE-2023-22834 LOW

Palantir Contour < 9.642.0 - Missing Authorization

Previous Page 3 of 9 Next

Details

Vulnerabilities 223

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy