Falhas do tipo CWE-425
109 resultadosCVE-2022-31484HIGHUser Account Deletion UnauthenticatedEPSS 1.0%CVE-2022-31480HIGHUnauthenticated Firmware Upload and Arbitrary RebootEPSS 0.9%CVE-2024-7753MEDIUMSourceCodester Clinics Patient Management System user_images direct requestEPSS 0.9%CVE-2020-7541—A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and ModiEPSS 0.9%CVE-2021-34588HIGHBender Charge Controller: Unprotected data exportEPSS 0.8%CVE-2023-5786MEDIUMGeoServer GeoWebCache rest.html direct requestEPSS 0.8%CVE-2022-24385MEDIUMInformation disclosure via direct object access on SmarterTrack v100.0.8019.14010EPSS 0.8%CVE-2022-45276CRITICALAn issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated attackers to obtain the Administrator account paEPSS 0.8%CVE-2022-42238HIGHA Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard.EPSS 0.8%CVE-2022-31485MEDIUMUnauthenticated homepage note modificationEPSS 0.8%CVE-2022-2192HIGHForced Browsing vulnerability in HYPR Server version 6.10 to 6.15.1 allows remote attackers with a valid one-time recovery token to elevate EPSS 0.8%CVE-2022-25626MEDIUMAn unauthenticated user can access Identity Manager’s management console specific page URLs. However, the system doesn’t allow the user to cEPSS 0.7%CVE-2023-1682MEDIUMXunrui CMS Install.txt direct requestEPSS 0.7%CVE-2024-42001MEDIUMVonets WiFi Bridges Forced BrowsingEPSS 0.7%CVE-2024-33897CRITICALA compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in EPSS 0.7%CVE-2026-0790MEDIUMALGO 8180 IP Audio Alerter Web UI Direct Request Information Disclosure VulnerabilityEPSS 0.7%CVE-2022-40845MEDIUMThe Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576) is affected by a password exposure vulnerability. When combined with the improper autEPSS 0.7%CVE-2023-3792MEDIUMBeijing Netcon NS-ASG test_status.php direct requestEPSS 0.6%CVE-2023-44320MEDIUMA vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAEPSS 0.6%CVE-2022-43110CRITICALVoltronic Power ViewPower through 1.04-21353 and PowerShield Netguard before 1.04-23292 allows a remote attacker to configure the system viaEPSS 0.6%