Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-425

CWE-425

Direct Request ('Forced Browsing')

Parent: CWE-862 - Missing Authorization

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

226 vulnerabilities with CWE-425

CVE-2020-13850 HIGH

Artica Pandora FMS 7.44 - Info Disclosure

CVE-2020-11561 HIGH

NCH Express Invoice 7.25 - Privilege Escalation

CVE-2020-10248 HIGH

BWA DiREX-Pro <1.2181 - Info Disclosure

CVE-2020-8439 MEDIUM

Monstra CMS <3.0.4 - Privilege Escalation

CVE-2019-20484 HIGH

Viki Vera <4.9.1.26180 - Info Disclosure

CVE-2019-25012 HIGH

Webform Report <7.x-1.x-dev - Info Disclosure

CVE-2019-12768 CRITICAL

D-Link DAP-1650 <1.04B02_J65H - Auth Bypass

CVE-2019-2388 MEDIUM

MongoDB Ops Manager <4.0.9-4.1.5 - Info Disclosure

CVE-2019-17646 HIGH

Centreon <19.10.2 - Info Disclosure

CVE-2019-17645 HIGH

Centreon <2.8.31, 18.10.9, 19.04.6, 19.10.3 - Info Disclosure

CVE-2019-17644 HIGH

Centreon <2.8-30, 18.10-8, 19.04-5, 19.10-2 - Info Disclosure

CVE-2019-17643 HIGH

Centreon <2.8-30,18.10-8,19.04-5,19.10-2 - Info Disclosure

CVE-2019-16388 MEDIUM

PEGA Platform 8.3.0 - Info Disclosure

CVE-2019-16386 MEDIUM

PEGA Platform 7.x-8.x - Info Disclosure

CVE-2019-16340 CRITICAL

Belkin Linksys Velop <1.1.8.192419 - Info Disclosure

CVE-2019-14927 HIGH

Mitsubishi Electric and INEA ME-RTU Firmware < 2.02 and < 3.0 - Unauthenticated Sensitive Configuration Download

CVE-2019-17503 MEDIUM

Kirona DRS 5.5.3.5 - Info Disclosure

CVE-2019-11326 HIGH

Topcon Positioning Net-G5 GNSS Receiver <5.2.2 - Info Disclosure

CVE-2019-1220 MEDIUM

Internet Explorer - Security Feature Bypass via URL Security Zone Validation

CVE-2019-9584 CRITICAL

eQ-3 Homematic AddOn 'CloudMatic' - Privilege Escalation

CVE-2019-13030 HIGH

eQ-3 Homematic CCU3 - Info Disclosure

CVE-2019-14347 HIGH

Schben Adive < 2.0.7 - Privilege Escalation via User Addition

CVE-2019-9884 CRITICAL

eClass platform < ip.2.5.10.2.1 - Auth Bypass

CVE-2019-13981 MEDIUM

Directus 7 API <2.3.0 - Info Disclosure

CVE-2019-12583 CRITICAL

Zyxel UAG/USG/ZyWall Firmware - Unauthenticated Guest Account Generation via Free Time Component

Previous Page 7 of 10 Next

Details

Vulnerabilities 226

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy