CWE-425— Direct Request ('Forced Browsing')
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.— MITRE CWE catalog
223 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-425page 5 of 5
- CVE-2025-57823LOWCVSS 2.7EG 2.72025-12-09
A direct request ('forced browsing') vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated…
- CVE-2025-59797MEDIUMCVSS 5.8EG 5.82025-09-22
Profession Fit 5.0.99 Build 44910 allows authorization bypass via a direct request for /api/challenges/{id} and also URLs for eversports, the user-management page, and the plane page.
- CVE-2025-6195MEDIUMCVSS 4.3EG 4.32025-11-26
GitLab has remediated an issue in GitLab EE affecting all versions from 13.7 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user to view information from security reports under certain co…
- CVE-2025-62778MEDIUMCVSS 5.3EG 5.32025-10-27
Frappe Learning is a learning management system. A security issue was identified in Frappe Learning 2.39.1 and earlier, where students were able to access the Quiz Form if they had the URL.
- CVE-2025-6352CRITICALCVSS 9.1EG 5.32025-06-20
A vulnerability classified as problematic has been found in code-projects Automated Voting System 1.0. Affected is an unknown function of the file /vote.php of the component Backend. The manipulation leads to direct request. It is possible…
- CVE-2025-65011HIGHCVSS 7.1EG 7.12025-12-18
In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) an unauthorised user can view configuration files by directly referencing the resource in question. The vendor was notified early about this vulnerability, but didn't respo…
- CVE-2025-67844MEDIUMCVSS 5.0EG 5.02025-12-19
The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields prov…
- CVE-2026-0650CRITICALCVSS 9.3EG 9.32026-01-07
OpenFlagr versions prior to and including 1.1.18 contain an authentication bypass vulnerability in the HTTP middleware. Due to improper handling of path normalization in the whitelist logic, crafted requests can bypass authentication and a…
- CVE-2026-0790HIGHCVSS 7.5EG 5.32026-01-23
ALGO 8180 IP Audio Alerter Web UI Direct Request Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ALGO 8180 IP Audio Alerter devices. Authentica…
- CVE-2026-10521HIGHCVSS 7.2EG 7.22026-06-23
An high privileged remote attacker can access a hidden configuration method, that should not be accessible by any user, to modify critical program parameters. This can result in a total loss of confidentiality, integrity and availability.
- CVE-2026-11986MEDIUMCVSS 4.9EG 4.92026-06-11
A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs because certain bulk role-removal endpoints fail to perform granular permission checks when de…
- CVE-2026-13533MEDIUMCVSS 5.3EG 5.32026-06-29
A security vulnerability has been detected in agentejo Cockpit CMS up to 0.12.2. Affected by this issue is the function Spyc::YAMLLoad of the file /config/config.yaml of the component htaccess Handler. Such manipulation leads to files or d…
- CVE-2026-1978MEDIUMCVSS 5.3EG 5.32026-02-06
A vulnerability was detected in kalyan02 NanoCMS up to 0.4. Affected by this issue is some unknown functionality of the file /data/pagesdata.txt of the component User Information Handler. Performing a manipulation results in direct request…
- CVE-2026-25679HIGHCVSS 7.5EG 7.52026-03-06
url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
- CVE-2026-33217MEDIUMCVSS 6.5EG 6.52026-03-25
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using ACLs on message subjects, these ACLs were not applied in the `$MQTT.>` namespace, allowing MQT…
- CVE-2026-34028MEDIUMCVSS 6.9EG 6.92026-06-15
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, exposes web-accessible file paths that are not protected by an authorization scheme. An unauthenticated attacker can directly access HTTP endpoints to download files fr…
- CVE-2026-35029HIGHCVSS 8.8EG 8.82026-04-06
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, the /config/update endpoint does not enforce admin role authorization. A user who is already authenticated into the platform can then us…
- CVE-2026-42297HIGHCVSS 8.3EG 8.32026-05-09
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the Sync Service's ConfigMap-backed provider (server/sync/sync_cm.go) performs zer…
- CVE-2026-4532MEDIUMCVSS 5.3EG 5.32026-03-22
A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /food/sql/food.sql of the component Database Backup Handler. The mani…
- CVE-2026-4900MEDIUMCVSS 5.3EG 5.32026-03-26
A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file /dbfood/localhost.sql. This manipulation causes files or directories accessible. The attack can be initiated remotely…
- CVE-2026-7500MEDIUMCVSS 5.4EG 5.42026-04-30
When Keycloak is started with `--features-disabled=account,account-api`, the Account REST API is only partially disabled. Five endpoints under the versioned path `/account/v1alpha1` remain fully functional — including both read and write…
- CVE-2026-8205MEDIUMCVSS 5.3EG 5.32026-05-21
Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in the Calendar Block since action_get_events does not check canView on the calendar which results in restricted event details being disclosed. The Concrete CMS security …
- CVE-2026-9610MEDIUMCVSS 5.3EG 2.32026-06-22
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 exposes resources or functionality that isn't linked in the UI but is accessible by directly requesting the URL, bypassing intended access controls.
Map vulnerabilities like CWE-425 to your infrastructure
EchelonGraph correlates every CVE — across CWE-425 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →