VYPR

CWE-425

Direct Request ('Forced Browsing')

BaseIncomplete

Description

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-127 · CAPEC-143 · CAPEC-144 · CAPEC-668 · CAPEC-87

CVEs mapped to this weakness (77)

page 3 of 4
  • CVE-2024-9945MedDec 13, 2024
    risk 0.34cvss 5.3epss 0.00

    An information-disclosure vulnerability exists in Fortra's GoAnywhere MFT application prior to version 7.7.0 that allows external access to the resources in certain admin root folders.

  • CVE-2024-7153MedJul 27, 2024
    risk 0.34cvss 5.3epss 0.00

    A vulnerability classified as problematic has been found in Netgear WN604 up to 20240719. Affected is an unknown function of the file siteSurvey.php. The manipulation leads to direct request. It is possible to launch the attack remotely. The exploit has been disclosed to the…

  • CVE-2024-6414MedJun 30, 2024
    risk 0.34cvss 5.3epss 0.01

    A vulnerability classified as problematic has been found in Parsec Automation TrakSYS 11.x.x. Affected is an unknown function of the file TS/export/contentpage of the component Export Page. The manipulation of the argument ID leads to direct request. It is possible to launch the…

  • CVE-2024-2730MedApr 10, 2024
    risk 0.34cvss 5.3epss 0.01

    Mautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data. At the time of publication of the CVE no patch is available

  • CVE-2025-31971MedAug 28, 2025
    risk 0.33cvss 5.1epss 0.00

    AIML Solutions for HCL SX is vulnerable to a URL validation vulnerability.  The issue may allow attackers to launch a server-side request forgery (SSRF) attack enabling unauthorized network calls from the system, potentially exposing internal services or sensitive information.

  • CVE-2026-11986MedJun 11, 2026
    risk 0.32cvss 4.9epss 0.00

    A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs because certain bulk role-removal endpoints fail to perform granular permission checks when deleting role mappings. This allows a…

  • CVE-2026-7500MedApr 30, 2026
    risk 0.28cvss 5.4epss 0.00

    When Keycloak is started with `--features-disabled=account,account-api`, the Account REST API is only partially disabled. Five endpoints under the versioned path `/account/v1alpha1` remain fully functional — including both read and write operations — because they lack the…

  • CVE-2024-58343MedApr 16, 2026
    risk 0.28cvss 4.3epss 0.00

    Vision Helpdesk before 5.7.0 (patched in 5.6.10) allows attackers to read user profiles via modified serialized cookie data to vis_client_id.

  • CVE-2025-27581MedApr 24, 2025
    risk 0.28cvss 4.3epss 0.00

    NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 allows users who lack the InET role to access the InET module via direct requests to known endpoints.

  • CVE-2018-11346MedMay 22, 2018
    risk 0.28cvss 4.3epss 0.01

    An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "download_sys_settings" action and then specify files arbitrarily throughout the system via the act parameter.

  • CVE-2018-0266MedApr 19, 2018
    risk 0.28cvss 4.3epss 0.02

    A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this…

  • CVE-2026-8205MedMay 21, 2026
    risk 0.27cvss 5.3epss 0.00

    Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in the Calendar Block since action_get_events does not check canView on the calendar which results in restricted event details being disclosed. The Concrete CMS security team gave this vulnerability a CVSS…

  • CVE-2025-53073MedJun 24, 2025
    risk 0.27cvss 4.2epss 0.00

    In Sentry 25.1.0 through 25.5.1, an authenticated attacker can access a project's issue endpoint and perform unauthorized actions (such as adding a comment) without being a member of the project's team. A seven-digit issue ID must be known (it is not treated as a secret and…

  • CVE-2025-48202MedMay 21, 2025
    risk 0.27cvss 5.3epss 0.00

    The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference.

  • CVE-2025-15153LowDec 28, 2025
    risk 0.24cvss 3.7epss 0.00

    A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db of the component SQLite Database. Executing a manipulation can lead to files or directories accessible. It is possible to launch the attack remotely. Attacks of…

  • CVE-2025-14697LowDec 15, 2025
    risk 0.24cvss 3.7epss 0.00

    A security flaw has been discovered in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this issue is some unknown functionality of the file /ExportFiles/. The manipulation results in files or directories accessible. The attack may…

  • CVE-2025-11280LowOct 5, 2025
    risk 0.24cvss 3.7epss 0.00

    A flaw has been found in Frappe LMS 2.35.0. Impacted is an unknown function of the file /files/ of the component Assignment Picture Handler. This manipulation causes direct request. The attack may be initiated remotely. The attack's complexity is rated as high. The…

  • CVE-2017-2161LowMay 22, 2017
    risk 0.23cvss 3.5epss 0.00

    FlashAirTM SDHC Memory Card (SD-WE Series ) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series ) V2.00.04 and earlier allows authenticated attackers to bypass access restrictions to obtain unauthorized image data via unspecified vectors.

  • CVE-2025-10287LowSep 12, 2025
    risk 0.20cvss 3.1epss 0.00

    A vulnerability has been found in roncoo roncoo-pay up to 9428382af21cd5568319eae7429b7e1d0332ff40. The affected element is an unknown function of the file /auth/orderQuery. Such manipulation of the argument orderNo leads to direct request. The attack may be performed from…

  • CVE-2005-1827May 26, 2005
    risk 0.05cvss epss 0.20

    D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg.