Weaknesses of type CWE-425
109 resultsCVE-2026-4900MEDIUMcode-projects Online Food Ordering System localhost.sql privilege escalationEPSS 0.4%CVE-2023-1663MEDIUMAuthenticated Resources Accessible via Forced BrowsingEPSS 0.4%CVE-2023-3426MEDIUMThe organization selector in Liferay Portal 7.4.3.81 through 7.4.3.85, and Liferay DXP 7.4 update 81 through 85 does not check user permissiEPSS 0.4%CVE-2025-15153MEDIUMPbootCMS SQLite Database pbootcms.db file accessEPSS 0.4%CVE-2024-11049MEDIUMZKTeco ZKBio Time Image File photo direct requestEPSS 0.4%CVE-2025-52024CRITICALA vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthentEPSS 0.4%CVE-2026-29909MEDIUMMRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpointEPSS 0.4%CVE-2023-50935MEDIUMIBM PowerSC forced browsingEPSS 0.4%CVE-2024-0861MEDIUMDirect Request ('Forced Browsing') in GitLabEPSS 0.4%CVE-2026-34028MEDIUMUnauthenticated direct access to web data in Wertheim SafeController Software exposes filesEPSS 0.4%CVE-2023-4018MEDIUMDirect Request ('Forced Browsing') in GitLabEPSS 0.4%CVE-2025-2595MEDIUMForced Browsing Vulnerability in CODESYS VisualizationEPSS 0.4%CVE-2025-67844MEDIUMThe GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the reEPSS 0.4%CVE-2024-39868HIGHA vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected devices do not properly validate theEPSS 0.4%CVE-2024-39867HIGHA vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected devices do not properly validate theEPSS 0.4%CVE-2026-1978MEDIUMkalyan02 NanoCMS User Information pagesdata.txt direct requestEPSS 0.4%CVE-2025-32367HIGHThe Oz Forensics face recognition application before 4.0.8 late 2023 allows PII retrieval via /statistic/list Insecure Direct Object ReferenEPSS 0.4%CVE-2025-1542CRITICALImproper permission control in OXARI ServiceDeskEPSS 0.4%CVE-2025-27581MEDIUMNIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 allows users who lack the InET role to access the InET moEPSS 0.3%CVE-2025-46690MEDIUMVerverica Platform 2.14.0 allows low-privileged users to access SQL connectors via a direct namespaces/default/formats request.EPSS 0.3%