CVEs classified under CWE-425, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2025-26689 — CVSS 9.8 (critical): Direct request ('Forced Browsing') issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If a remote attacker sends a specially…
CVE-2024-0204 — CVSS 9.8 (critical): Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration…
CVE-2022-45276 — CVSS 9.8 (critical): An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated attackers to obtain the Administrator account…
CVE-2021-36560 — CVSS 9.8 (critical): Phone Shop Sales Managements System using PHP with Source Code 1.0 is vulnerable to authentication bypass which leads to account takeover…
CVE-2021-36745 — CVSS 9.8 (critical): A vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerProtect for EMC Celerra 5.8, ServerProtect for Network Appliance Filers…
CVE-2021-24215 — CVSS 9.8 (critical): An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress plugin before 1.5.2. Uncontrolled access…
CVE-2019-12768 — CVSS 9.8 (critical): An issue was discovered on D-Link DAP-1650 devices through v1.03b07 before 1.04B02_J65H Hot Fix. Attackers can bypass authentication via…
CVE-2020-24660 — CVSS 9.8 (critical): An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected…
CVE-2020-24203 — CVSS 9.8 (critical): Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management…
CVE-2019-16340 — CVSS 9.8 (critical): Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the…
CVE-2019-9584 — CVSS 9.8 (critical): eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile…
CVE-2019-9884 — CVSS 9.8 (critical): eClass platform < ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access…
CVE-2019-9552 — CVSS 9.8 (critical): Eloan V3.0 through 2018-09-20 allows remote attackers to list files via a direct request to the p2p/api/ or p2p/lib/ or p2p/images/ URI.
CVE-2019-7736 — CVSS 9.8 (critical): D-Link DIR-600M C1 3.04 devices allow authentication bypass via a direct request to the wan.htm page. NOTE: this may overlap CVE-2019-13101.
CVE-2018-18922 — CVSS 9.8 (critical): add_user in AbiSoft Ticketly 1.0 allows remote attackers to create administrator accounts via an action/add_user.php POST request.
CVE-2018-19207 — CVSS 9.8 (critical): The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code…
CVE-2017-17736 — CVSS 9.8 (critical): Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global Administrator access by visiting…
CVE-2018-6624 — CVSS 9.8 (critical): OMRON NS devices 1.1 through 1.3 allow remote attackers to bypass authentication via a direct request to the .html file for a specific…
CVE-2017-14244 — CVSS 9.8 (critical): An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to…
CVE-2020-35391 — CVSS 9.6 (critical): Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a…
CVE-2025-1542: Improper permission control vulnerability in the OXARI ServiceDesk application could allow an attacker using a guest access or an…
CVE-2026-22732 — CVSS 9.1 (critical): When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP…
CVE-2024-33897 — CVSS 9.1 (critical): A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in…
CVE-2022-41746 — CVSS 9.1 (critical): A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected…
CVE-2019-12583 — CVSS 9.1 (critical): Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate…
CVE-2017-10833 — CVSS 9.1 (critical): "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to bypass access restriction to view information or…
CVE-2002-1798 — CVSS 9.1 (critical): MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files via a direct request to admin/upload.php or…
CVE-2022-42238 — CVSS 8.8 (high): A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard.
CVE-2021-44582 — CVSS 8.8 (high): A Privilege Escalation vulnerability exists in Sourcecodester Money Transfer Management System 1.0, which allows a remote malicious user to…
CVE-2022-28799 — CVSS 8.8 (high): The TikTok application before 23.7.3 for Android allows account takeover. A crafted URL (unvalidated deeplink) can force the…
CVE-2020-11561 — CVSS 8.8 (high): In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such…
CVE-2019-11326 — CVSS 8.8 (high): An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product is…
CVE-2019-14347 — CVSS 8.8 (high): Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an administrator account…
CVE-2018-18862 — CVSS 8.8 (high): BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has Incorrect Access Control in ITAM forms, as demonstrated by…
CVE-2018-19109 — CVSS 8.8 (high): tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/cms/column/list…
CVE-2025-15587: Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged user to read an administrator's password…
CVE-2025-48207 — CVSS 8.6 (high): The reint_downloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference.
CVE-2025-48205 — CVSS 8.6 (high): The sr_feuser_register extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference.
CVE-2025-32367 — CVSS 8.6 (high): The Oz Forensics face recognition application before 4.0.8 late 2023 allows PII retrieval via /statistic/list Insecure Direct Object…
CVE-2021-34588 — CVSS 8.6 (high): In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key…
CVE-2019-13030 — CVSS 8.2 (high): eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3' prior to 2.4.5 allows uncontrolled admin access to start or stop the…
CVE-2019-20484 — CVSS 8.1 (high): An issue was discovered in Viki Vera 4.9.1.26180. A user without access to a project could download or upload project files by opening the…
CVE-2022-36158 — CVSS 8.0 (high): Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious…
CVE-2022-34571 — CVSS 8.0 (high): An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the system key information and…
CVE-2024-39868 — CVSS 7.6 (high): A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected devices do not properly validate…
CVE-2024-39867 — CVSS 7.6 (high): A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected devices do not properly validate…
CVE-2026-25679 — CVSS 7.5 (high): url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.