Weaknesses of type CWE-552
327 resultsCVE-2024-27182MEDIUMApache Linkis Basic management services: Engine material management Arbitrary file deletion vulnerabilityEPSS 0.7%CVE-2023-41916MEDIUMApache Linkis DataSource: DatasourceManager module has a JDBC parameter judgment logic vulnerability that allows for arbitrary file readingEPSS 0.7%CVE-2009-10005HIGHContentKeeper Web Appliance < 125.10 Arbitrary File Access via mimencodeEPSS 0.7%CVE-2023-48710CRITICALiTop limit pages/exec.php script to PHP filesEPSS 0.7%CVE-2022-45052HIGHLocal File Inclusion in Axiell Iguana CMSEPSS 0.7%CVE-2022-45227HIGHThe web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the directory listing at the URL https://10.10.20.74/lib/. This address has a backEPSS 0.7%CVE-2023-45160HIGHElevated Temp Directory Execution in 1E ClientEPSS 0.7%CVE-2022-44583HIGHWordPress WatchTowerHQ plugin <= 3.6.15 - Unauth. Arbitrary File Download vulnerabilityEPSS 0.7%CVE-2023-33517HIGHcarRental 1.0 is vulnerable to Incorrect Access Control (Arbitrary File Read on the Back-end System).EPSS 0.7%CVE-2025-41240CRITICALMounted Kubernetes Secrets under a predictable path located within the web server document rootEPSS 0.7%CVE-2019-3811MEDIUMA vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead oEPSS 0.7%CVE-2022-31475MEDIUMWordPress GiveWP plugin <= 2.20.2 - Authenticated Arbitrary File Read via Export function vulnerabilityEPSS 0.7%CVE-2025-25759HIGHAn issue in the component admin_template.php of SUCMS v1.0 allows attackers to execute a directory traversal and arbitrary file deletion viaEPSS 0.7%CVE-2024-24161HIGHMRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered.EPSS 0.7%CVE-2022-44634MEDIUMWordPress S2W – Import Shopify to WooCommerce plugin <= 1.1.12 - Auth. Arbitrary File Read vulnerabilityEPSS 0.7%CVE-2022-48094MEDIUMlmxcms v1.41 was discovered to contain an arbitrary file read vulnerability via TemplateAction.class.php.EPSS 0.7%CVE-2023-26956HIGHonekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/curd/code.EPSS 0.7%CVE-2026-2330CRITICALCVE-2026-2330EPSS 0.7%CVE-2023-26580HIGHMissing Authentication In IDAttend’s IDWeb ApplicationEPSS 0.7%CVE-2024-52292HIGHCraft Allows Attackers to Read Arbitrary System FilesEPSS 0.7%