Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-425

CWE-425

Direct Request ('Forced Browsing')

Parent: CWE-862 - Missing Authorization

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

226 vulnerabilities with CWE-425

CVE-2023-3426 MEDIUM

Liferay Portal 7.4.3.81-7.4.3.85 and DXP 7.4 update 81-85 - Authenticated Missing Authorization in Organization Selector

CVE-2023-3792 MEDIUM

Beijing Netcon NS-ASG 6.3 - Direct Request

CVE-2023-22834 LOW

Contour < 9.642.0 - Missing Authorization for Analysis Creation

CVE-2023-28160 MEDIUM

Firefox < 111.0 - Information Disclosure via Web Extension File Redirect

CVE-2023-2524 MEDIUM

Control iD RHiD 23.3.19.0 - Open Redirect

CVE-2023-1699 MEDIUM

Rapid7 Nexpose <6.6.187 - Forced Browsing

CVE-2023-1663 MEDIUM

Coverity <2023.3.2 - Info Disclosure

CVE-2023-1682 MEDIUM

Xunrui CMS 4.61 - Direct Request Exposure via Install.txt

CVE-2022-43110 CRITICAL

Voltronic Power ViewPower <1.04-21353 & PowerShield Netguard <1.04-...

CVE-2022-42438 HIGH

IBM Cloud Pak for Multicloud Management Monitoring <2.4 - Info Disc...

CVE-2022-47700 HIGH

COMFAST CF-WR623N <V2.3.0.1 - Auth Bypass

CVE-2022-4057 MEDIUM

Autoptimize <3.1.0 - Info Disclosure

CVE-2022-42953 HIGH

ZKTeco ZEM and ZMM Firmware - Unauthenticated Sensitive Information Exposure via Direct Request

CVE-2022-25626 MEDIUM

Symantec Identity Governance and Administration - Unauthenticated Forced Browsing

CVE-2022-45276 CRITICAL

YJCMS 1.0.9 - Unauthenticated Administrator Password Exposure via User Edit Endpoint

CVE-2022-40845 MEDIUM

Tenda AC1200 Router W15Ev2 V15.11.0.10(1576) - Info Disclosure

CVE-2022-42197 MEDIUM

Simple Exam Reviewer Management System <1.0 - Privilege Escalation

CVE-2022-42238 HIGH

Merchandise Online Store 1.0 - Vertical Privilege Escalation via Direct Request

CVE-2022-41746 CRITICAL

Trend Micro Apex One - Privilege Escalation

CVE-2022-36158 HIGH

Contec FXA3200 <1.13.00 - Command Injection

CVE-2022-2551 HIGH

Duplicator <1.4.7 - Info Disclosure

CVE-2022-2544 HIGH

Ninja Job Board <1.3.3 - Path Traversal

CVE-2022-34574 MEDIUM

Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 - Info Disclo...

CVE-2022-34573 MEDIUM

Wavlink WiFi-Repeater - Info Disclosure

CVE-2022-34572 MEDIUM

Wavlink WiFi-Repeater - Info Disclosure

Previous Page 4 of 10 Next

Details

Vulnerabilities 226

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy