Weaknesses of type CWE-552
327 resultsCVE-2024-48864MEDIUMFile Station 5EPSS 0.5%CVE-2026-35440MEDIUMMicrosoft Word Information Disclosure VulnerabilityEPSS 0.4%CVE-2023-32226HIGH Sysaid - CWE-552: Files or Directories Accessible to External PartiesEPSS 0.4%CVE-2016-20025HIGHZKTeco ZKAccess Professional 3.5.3 Privilege Escalation via Insecure PermissionsEPSS 0.4%CVE-2026-45721CRITICALAlgernon: handler.lua discovery walks parent directories above the server rootEPSS 0.4%CVE-2026-4900MEDIUMcode-projects Online Food Ordering System localhost.sql privilege escalationEPSS 0.4%CVE-2026-32750MEDIUMSiYuan importStdMd: unvalidated localPath imports arbitrary host directories as persistent notesEPSS 0.4%CVE-2025-15153MEDIUMPbootCMS SQLite Database pbootcms.db file accessEPSS 0.4%CVE-2017-15104—An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the HeEPSS 0.4%CVE-2023-22858MEDIUMStored cross-site scripting in BlogEngine.NET version 3.3.8.0EPSS 0.4%CVE-2024-8535MEDIUMAuthenticated user can access unintended user capabilitiesEPSS 0.4%CVE-2025-4909MEDIUMSourceCodester Client Database Management System exposure of information through directory listingEPSS 0.4%CVE-2026-31215CRITICALThe nexent v1.7.5.2 backend service contains an unauthorized arbitrary file deletion vulnerability in its ElasticSearch service interface. TEPSS 0.4%CVE-2017-2621MEDIUMAn access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory wEPSS 0.4%CVE-2023-37551MEDIUMCODESYS Files or Directories Accessible to External Parties in CmpAppEPSS 0.4%CVE-2024-47518MEDIUMSpecially constructed queries targeting ETM could discover active remote access sessionsEPSS 0.4%CVE-2021-20253—A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an attacker to elevate the privilEPSS 0.4%CVE-2025-26525HIGHArbitrary file read risk through pdfTeXEPSS 0.4%CVE-2025-27147HIGHGLPI Inventory plugin has Improper Access Control VulnerabilityEPSS 0.4%CVE-2025-1042MEDIUMFiles or Directories Accessible to External Parties in GitLabEPSS 0.4%