CWE-425: CWE-425

This vulnerability allows remote attackers to escalate privileges to Admin role in Sourcecodester Money Transfer Management System 1.0 by accessing an...

This vulnerability in TikTok for Android allows attackers to take over user accounts through a malicious deeplink. Attackers can craft a URL that forc...

The reint_downloadmanager extension for TYPO3 contains an Insecure Direct Object Reference vulnerability that allows attackers to access unauthorized ...

The sr_feuser_register extension for TYPO3 contains an Insecure Direct Object Reference vulnerability that allows attackers to access or modify user r...

The Oz Forensics face recognition application before version 4.0.8 (late 2023) contains an Insecure Direct Object Reference (IDOR) vulnerability in th...

This vulnerability in Bender/ebee Charge Controllers allows attackers to access unprotected data exports after device reboot. The backup export featur...

An authentication bypass vulnerability in SINEMA Remote Connect Server allows unauthenticated attackers to access and modify VxLAN network configurati...

This vulnerability allows remote attackers to access sensitive information on ALGO 8180 IP Audio Alerter devices without authentication by directly na...

This CVE describes a Direct Request (Forced Browsing) vulnerability in Apache OFBiz that allows attackers to access restricted resources by directly r...

This vulnerability allows authenticated users without administrative privileges to access admin functions in IBM Cloud Pak for Multicloud Management M...

This vulnerability in WAVLINK WN579 X3 routers allows attackers to access sensitive key information by visiting the messages.txt page without authenti...

This vulnerability allows unauthenticated attackers to remotely download configuration files from D-Link DIR850 routers. Attackers can access sensitiv...

CVE-2021-42671 is an incorrect access control vulnerability in Sourcecodester Engineers Online Portal that allows unauthenticated attackers to access ...

CVE-2021-40875 is an improper access control vulnerability in Gurock TestRail that allows unauthenticated attackers to access the /files.md5 file, rev...

This vulnerability allows unauthenticated attackers to access sensitive database backup files in TCExam installations. It affects all TCExam installat...

In flaskBlog versions 2.8.0 and earlier, any authenticated user can escalate their privileges to admin by exploiting a vulnerability in the admin pane...

Innoshop versions through 0.4.1 contain multiple Insecure Direct Object Reference (IDOR) vulnerabilities in the frontend shop. Attackers with customer...

A direct request vulnerability in kalyan02 NanoCMS up to version 0.4 allows attackers to remotely manipulate the /data/pagesdata.txt file through the ...

Frappe Learning versions 2.39.1 and earlier contain a direct object reference vulnerability where students can access quiz forms by knowing the URL, b...

The femanager extension for TYPO3 contains an Insecure Direct Object Reference vulnerability that allows authenticated users to access or modify data ...

This vulnerability in SourceCodester Clinics Patient Management System 1.0 allows attackers to directly access files in the /user_images/ directory wi...

This vulnerability in Netgear WN604 access points allows attackers to directly access the siteSurvey.php file without proper authentication. This coul...

This vulnerability in Parsec Automation TrakSYS allows attackers to directly access export pages by manipulating the ID parameter, potentially exposin...

This vulnerability in Parsec Automation TrackSYS allows attackers to directly access sensitive files by manipulating the ID parameter in the /TS/expor...

This vulnerability in Mintlify Platform's GitHub Integration API allows attackers to access sensitive repository metadata by exploiting improper valid...

CVE-2025-47226 is an authorization bypass vulnerability in Snipe-IT that allows unauthorized access to asset information. Attackers can exploit incorr...

Ververica Platform 2.14.0 contains an improper authorization vulnerability that allows low-privileged users to access SQL connectors they shouldn't ha...

This vulnerability allows authenticated GitLab users to view sensitive security report information under specific configuration conditions. It affects...

This CVE describes a forced browsing vulnerability in iroha Board that allows authenticated attackers to access non-public content by directly request...

This vulnerability in Grocy allows remote attackers to access sensitive information by directly requesting pages not visible in the user interface, su...

This vulnerability in PbootCMS allows attackers to access sensitive files or directories through manipulation of the SQLite database file. It affects ...

This vulnerability in Shenzhen Sixun Software Sixun Shanghui Group Business Management System allows unauthorized access to files or directories via t...

A forced browsing vulnerability in Fortinet FortiAuthenticator allows authenticated attackers with sponsor permissions to access and download device l...

This vulnerability allows unauthorized users to access router configuration files by directly referencing them via URL. It affects WODESYS WD-R608U ro...

This vulnerability (CWE-425: Direct Request) allows attackers to bypass intended access controls and retrieve sensitive information by directly access...