CWE-425
Direct Request ('Forced Browsing')
Description
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-127 · CAPEC-143 · CAPEC-144 · CAPEC-668 · CAPEC-87
CVEs mapped to this weakness (77)
page 3 of 4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-9945 | Med | 0.34 | 5.3 | 0.00 | Dec 13, 2024 | An information-disclosure vulnerability exists in Fortra's GoAnywhere MFT application prior to version 7.7.0 that allows external access to the resources in certain admin root folders. | ||
| CVE-2024-7153 | Med | 0.34 | 5.3 | 0.00 | Jul 27, 2024 | A vulnerability classified as problematic has been found in Netgear WN604 up to 20240719. Affected is an unknown function of the file siteSurvey.php. The manipulation leads to direct request. It is possible to launch the attack remotely. The exploit has been disclosed to the… | ||
| CVE-2024-6414 | Med | 0.34 | 5.3 | 0.01 | Jun 30, 2024 | A vulnerability classified as problematic has been found in Parsec Automation TrakSYS 11.x.x. Affected is an unknown function of the file TS/export/contentpage of the component Export Page. The manipulation of the argument ID leads to direct request. It is possible to launch the… | ||
| CVE-2024-2730 | Med | 0.34 | 5.3 | 0.01 | Apr 10, 2024 | Mautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data. At the time of publication of the CVE no patch is available | ||
| CVE-2025-31971 | Med | 0.33 | 5.1 | 0.00 | Aug 28, 2025 | AIML Solutions for HCL SX is vulnerable to a URL validation vulnerability. The issue may allow attackers to launch a server-side request forgery (SSRF) attack enabling unauthorized network calls from the system, potentially exposing internal services or sensitive information. | ||
| CVE-2026-11986 | Med | 0.32 | 4.9 | 0.00 | Jun 11, 2026 | A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs because certain bulk role-removal endpoints fail to perform granular permission checks when deleting role mappings. This allows a… | ||
| CVE-2026-7500 | Med | 0.28 | 5.4 | 0.00 | Apr 30, 2026 | When Keycloak is started with `--features-disabled=account,account-api`, the Account REST API is only partially disabled. Five endpoints under the versioned path `/account/v1alpha1` remain fully functional — including both read and write operations — because they lack the… | ||
| CVE-2024-58343 | Med | 0.28 | 4.3 | 0.00 | Apr 16, 2026 | Vision Helpdesk before 5.7.0 (patched in 5.6.10) allows attackers to read user profiles via modified serialized cookie data to vis_client_id. | ||
| CVE-2025-27581 | Med | 0.28 | 4.3 | 0.00 | Apr 24, 2025 | NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 allows users who lack the InET role to access the InET module via direct requests to known endpoints. | ||
| CVE-2018-11346 | Med | 0.28 | 4.3 | 0.01 | May 22, 2018 | An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "download_sys_settings" action and then specify files arbitrarily throughout the system via the act parameter. | ||
| CVE-2018-0266 | Med | 0.28 | 4.3 | 0.02 | Apr 19, 2018 | A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this… | ||
| CVE-2026-8205 | Med | 0.27 | 5.3 | 0.00 | May 21, 2026 | Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in the Calendar Block since action_get_events does not check canView on the calendar which results in restricted event details being disclosed. The Concrete CMS security team gave this vulnerability a CVSS… | ||
| CVE-2025-53073 | Med | 0.27 | 4.2 | 0.00 | Jun 24, 2025 | In Sentry 25.1.0 through 25.5.1, an authenticated attacker can access a project's issue endpoint and perform unauthorized actions (such as adding a comment) without being a member of the project's team. A seven-digit issue ID must be known (it is not treated as a secret and… | ||
| CVE-2025-48202 | Med | 0.27 | 5.3 | 0.00 | May 21, 2025 | The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference. | ||
| CVE-2025-15153 | Low | 0.24 | 3.7 | 0.00 | Dec 28, 2025 | A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db of the component SQLite Database. Executing a manipulation can lead to files or directories accessible. It is possible to launch the attack remotely. Attacks of… | ||
| CVE-2025-14697 | Low | 0.24 | 3.7 | 0.00 | Dec 15, 2025 | A security flaw has been discovered in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this issue is some unknown functionality of the file /ExportFiles/. The manipulation results in files or directories accessible. The attack may… | ||
| CVE-2025-11280 | Low | 0.24 | 3.7 | 0.00 | Oct 5, 2025 | A flaw has been found in Frappe LMS 2.35.0. Impacted is an unknown function of the file /files/ of the component Assignment Picture Handler. This manipulation causes direct request. The attack may be initiated remotely. The attack's complexity is rated as high. The… | ||
| CVE-2017-2161 | Low | 0.23 | 3.5 | 0.00 | May 22, 2017 | FlashAirTM SDHC Memory Card (SD-WE Series ) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series ) V2.00.04 and earlier allows authenticated attackers to bypass access restrictions to obtain unauthorized image data via unspecified vectors. | ||
| CVE-2025-10287 | Low | 0.20 | 3.1 | 0.00 | Sep 12, 2025 | A vulnerability has been found in roncoo roncoo-pay up to 9428382af21cd5568319eae7429b7e1d0332ff40. The affected element is an unknown function of the file /auth/orderQuery. Such manipulation of the argument orderNo leads to direct request. The attack may be performed from… | ||
| CVE-2005-1827 | 0.05 | — | 0.20 | May 26, 2005 | D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg. |
- risk 0.34cvss 5.3epss 0.00
An information-disclosure vulnerability exists in Fortra's GoAnywhere MFT application prior to version 7.7.0 that allows external access to the resources in certain admin root folders.
- risk 0.34cvss 5.3epss 0.00
A vulnerability classified as problematic has been found in Netgear WN604 up to 20240719. Affected is an unknown function of the file siteSurvey.php. The manipulation leads to direct request. It is possible to launch the attack remotely. The exploit has been disclosed to the…
- risk 0.34cvss 5.3epss 0.01
A vulnerability classified as problematic has been found in Parsec Automation TrakSYS 11.x.x. Affected is an unknown function of the file TS/export/contentpage of the component Export Page. The manipulation of the argument ID leads to direct request. It is possible to launch the…
- risk 0.34cvss 5.3epss 0.01
Mautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data. At the time of publication of the CVE no patch is available
- risk 0.33cvss 5.1epss 0.00
AIML Solutions for HCL SX is vulnerable to a URL validation vulnerability. The issue may allow attackers to launch a server-side request forgery (SSRF) attack enabling unauthorized network calls from the system, potentially exposing internal services or sensitive information.
- risk 0.32cvss 4.9epss 0.00
A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs because certain bulk role-removal endpoints fail to perform granular permission checks when deleting role mappings. This allows a…
- risk 0.28cvss 5.4epss 0.00
When Keycloak is started with `--features-disabled=account,account-api`, the Account REST API is only partially disabled. Five endpoints under the versioned path `/account/v1alpha1` remain fully functional — including both read and write operations — because they lack the…
- risk 0.28cvss 4.3epss 0.00
Vision Helpdesk before 5.7.0 (patched in 5.6.10) allows attackers to read user profiles via modified serialized cookie data to vis_client_id.
- risk 0.28cvss 4.3epss 0.00
NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 allows users who lack the InET role to access the InET module via direct requests to known endpoints.
- risk 0.28cvss 4.3epss 0.01
An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "download_sys_settings" action and then specify files arbitrarily throughout the system via the act parameter.
- risk 0.28cvss 4.3epss 0.02
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this…
- risk 0.27cvss 5.3epss 0.00
Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in the Calendar Block since action_get_events does not check canView on the calendar which results in restricted event details being disclosed. The Concrete CMS security team gave this vulnerability a CVSS…
- risk 0.27cvss 4.2epss 0.00
In Sentry 25.1.0 through 25.5.1, an authenticated attacker can access a project's issue endpoint and perform unauthorized actions (such as adding a comment) without being a member of the project's team. A seven-digit issue ID must be known (it is not treated as a secret and…
- risk 0.27cvss 5.3epss 0.00
The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference.
- risk 0.24cvss 3.7epss 0.00
A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db of the component SQLite Database. Executing a manipulation can lead to files or directories accessible. It is possible to launch the attack remotely. Attacks of…
- risk 0.24cvss 3.7epss 0.00
A security flaw has been discovered in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this issue is some unknown functionality of the file /ExportFiles/. The manipulation results in files or directories accessible. The attack may…
- risk 0.24cvss 3.7epss 0.00
A flaw has been found in Frappe LMS 2.35.0. Impacted is an unknown function of the file /files/ of the component Assignment Picture Handler. This manipulation causes direct request. The attack may be initiated remotely. The attack's complexity is rated as high. The…
- risk 0.23cvss 3.5epss 0.00
FlashAirTM SDHC Memory Card (SD-WE Series ) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series ) V2.00.04 and earlier allows authenticated attackers to bypass access restrictions to obtain unauthorized image data via unspecified vectors.
- risk 0.20cvss 3.1epss 0.00
A vulnerability has been found in roncoo roncoo-pay up to 9428382af21cd5568319eae7429b7e1d0332ff40. The affected element is an unknown function of the file /auth/orderQuery. Such manipulation of the argument orderNo leads to direct request. The attack may be performed from…
- CVE-2005-1827May 26, 2005risk 0.05cvss —epss 0.20
D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg.