CWE-425 · Direct Request (Forced Browsing)

233 CVEs classified under CWE-425 (Direct Request (Forced Browsing)). Browse by severity and year.

Top CVEs for CWE-425
CVESeverityScorePublishedSummary
CVE-2018-3774Critical10.02018-08-12Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protoco…
CVE-2022-43110Critical9.82025-08-22Voltronic Power ViewPower through 1.04-21353 and PowerShield Netguard before 1.04-23292 allows a remote attacker to configure the system via an unspecified web…
CVE-2025-26689Critical9.82025-03-31Direct request ('Forced Browsing') issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If a remote attacker sends a specially crafted HTTP request…
CVE-2024-24592Critical9.82024-02-06Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote attacker to arbitrarily access, create, mod…
CVE-2024-0204Critical9.82024-01-22Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.
CVE-2022-45276Critical9.82022-11-23An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated attackers to obtain the Administrator account password.
CVE-2022-26279Critical9.82022-03-24EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata.
CVE-2021-36560Critical9.82021-11-02Phone Shop Sales Managements System using PHP with Source Code 1.0 is vulnerable to authentication bypass which leads to account takeover of the admin.
CVE-2021-36745Critical9.82021-09-29A vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerProtect for EMC Celerra 5.8, ServerProtect for Network Appliance Filers 5.8, and ServerProt…
CVE-2021-24215Critical9.82021-04-12An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress plugin before 1.5.2. Uncontrolled access to the website custom…
CVE-2019-12768Critical9.82020-12-30An issue was discovered on D-Link DAP-1650 devices through v1.03b07 before 1.04B02_J65H Hot Fix. Attackers can bypass authentication via forceful browsing.
CVE-2020-24660Critical9.82020-09-14An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submi…
CVE-2020-24203Critical9.82020-08-27Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows…
CVE-2019-16340Critical9.82019-11-21Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfo_json.cgi URI.
CVE-2019-9584Critical9.82019-08-14eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile details, shutting down the…
CVE-2019-9884Critical9.82019-07-25eClass platform < ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page.
CVE-2019-9552Critical9.82019-03-04Eloan V3.0 through 2018-09-20 allows remote attackers to list files via a direct request to the p2p/api/ or p2p/lib/ or p2p/images/ URI.
CVE-2019-7736Critical9.82019-02-11D-Link DIR-600M C1 3.04 devices allow authentication bypass via a direct request to the wan.htm page. NOTE: this may overlap CVE-2019-13101.
CVE-2018-18922Critical9.82018-12-13add_user in AbiSoft Ticketly 1.0 allows remote attackers to create administrator accounts via an action/add_user.php POST request.
CVE-2018-19207Critical9.82018-11-12The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code because $wpdb->prep…