Falhas do tipo CWE-425

109 resultados

CVE-2024-45195CRITICALApache OFBiz: Confused controller-view authorization logic (forced browsing)EPSS 100.0%KEV CVE-2021-26085MEDIUMAffected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File EPSS 99.9%KEV CVE-2024-0204CRITICALAuthentication Bypass in GoAnywhere MFTEPSS 95.1%CVE-2023-5702MEDIUMViessmann Vitogate 300 direct requestEPSS 14.5%CVE-2022-2551—Duplicator < 1.4.7 - Unauthenticated Backup DownloadEPSS 12.5%CVE-2022-42953HIGHCertain ZKTeco products (ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM) allow access to sensitive information via direct requests for the formEPSS 4.8%CVE-2018-3774—Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass AutEPSS 3.8%CVE-2022-2544—Ninja Job Board < 1.3.3 - Resume Disclosure via Directory ListingEPSS 3.2%CVE-2004-2257MEDIUMphpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request.EPSS 2.3%CVE-2024-6188MEDIUMParsec Automation TrackSYS pagedefinition direct requestEPSS 2.1%CVE-2005-1688MEDIUMWordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (EPSS 1.9%CVE-2021-24695—Simple Download Monitor < 3.9.6 - Unauthenticated Log AccessEPSS 1.6%CVE-2022-36158HIGHContec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious actoEPSS 1.4%CVE-2025-47226MEDIUMGrokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information.EPSS 1.1%CVE-2025-26689CRITICALDirect request ('Forced Browsing') issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If a remote attacker sends a specially cEPSS 1.1%CVE-2023-4544MEDIUMByzoro Smart S85F Management Platform php.ini direct requestEPSS 1.0%CVE-2024-7080MEDIUMSourceCodester Insurance Management System direct requestEPSS 1.0%CVE-2022-29238MEDIUMForced Browsing in Jupyter NotebookEPSS 1.0%CVE-2019-2388MEDIUMPotential exposure of log information in Ops ManagerEPSS 1.0%CVE-2024-24592CRITICALLack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote attacker to arbitrarily EPSS 1.0%

← anteriorpágina 1 / 6próxima →