CWE-425 · Direct Request (Forced Browsing)
233 CVEs classified under CWE-425 (Direct Request (Forced Browsing)). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2018-3774 | Critical | 10.0 | 2018-08-12 | Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protoco… |
CVE-2022-43110 | Critical | 9.8 | 2025-08-22 | Voltronic Power ViewPower through 1.04-21353 and PowerShield Netguard before 1.04-23292 allows a remote attacker to configure the system via an unspecified web… |
CVE-2025-26689 | Critical | 9.8 | 2025-03-31 | Direct request ('Forced Browsing') issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If a remote attacker sends a specially crafted HTTP request… |
CVE-2024-24592 | Critical | 9.8 | 2024-02-06 | Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote attacker to arbitrarily access, create, mod… |
CVE-2024-0204 | Critical | 9.8 | 2024-01-22 | Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal. |
CVE-2022-45276 | Critical | 9.8 | 2022-11-23 | An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated attackers to obtain the Administrator account password. |
CVE-2022-26279 | Critical | 9.8 | 2022-03-24 | EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata. |
CVE-2021-36560 | Critical | 9.8 | 2021-11-02 | Phone Shop Sales Managements System using PHP with Source Code 1.0 is vulnerable to authentication bypass which leads to account takeover of the admin. |
CVE-2021-36745 | Critical | 9.8 | 2021-09-29 | A vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerProtect for EMC Celerra 5.8, ServerProtect for Network Appliance Filers 5.8, and ServerProt… |
CVE-2021-24215 | Critical | 9.8 | 2021-04-12 | An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress plugin before 1.5.2. Uncontrolled access to the website custom… |
CVE-2019-12768 | Critical | 9.8 | 2020-12-30 | An issue was discovered on D-Link DAP-1650 devices through v1.03b07 before 1.04B02_J65H Hot Fix. Attackers can bypass authentication via forceful browsing. |
CVE-2020-24660 | Critical | 9.8 | 2020-09-14 | An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submi… |
CVE-2020-24203 | Critical | 9.8 | 2020-08-27 | Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows… |
CVE-2019-16340 | Critical | 9.8 | 2019-11-21 | Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfo_json.cgi URI. |
CVE-2019-9584 | Critical | 9.8 | 2019-08-14 | eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile details, shutting down the… |
CVE-2019-9884 | Critical | 9.8 | 2019-07-25 | eClass platform < ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page. |
CVE-2019-9552 | Critical | 9.8 | 2019-03-04 | Eloan V3.0 through 2018-09-20 allows remote attackers to list files via a direct request to the p2p/api/ or p2p/lib/ or p2p/images/ URI. |
CVE-2019-7736 | Critical | 9.8 | 2019-02-11 | D-Link DIR-600M C1 3.04 devices allow authentication bypass via a direct request to the wan.htm page. NOTE: this may overlap CVE-2019-13101. |
CVE-2018-18922 | Critical | 9.8 | 2018-12-13 | add_user in AbiSoft Ticketly 1.0 allows remote attackers to create administrator accounts via an action/add_user.php POST request. |
CVE-2018-19207 | Critical | 9.8 | 2018-11-12 | The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code because $wpdb->prep… |