CWE-548
51 CVEs classified under CWE-548. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-32750 | High | 7.5 | 2026-05-20 | Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with rem… |
CVE-2026-22860 | High | 7.5 | 2026-02-18 | Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory`’s path check used a string prefix match on the expa… |
CVE-2020-36921 | High | 7.5 | 2026-01-06 | RED-V Super Digital Signage System 5.1.1 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive webserver l… |
CVE-2022-50788 | High | 7.5 | 2025-12-30 | SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive log files. Attac… |
CVE-2021-27505 | High | 7.5 | 2022-05-13 | mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive directory listing information. |
CVE-2021-21528 | High | 7.5 | 2021-11-12 | Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an Exposure of Information through Directory Listing vulnerability. This vulnerability is tr… |
CVE-2017-6045 | High | 7.5 | 2017-06-21 | An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauth… |
CVE-2025-4909 | High | 7.3 | 2025-05-19 | A vulnerability classified as critical was found in SourceCodester Client Database Management System 1.0. This vulnerability affects unknown code. The manipula… |
CVE-2025-2038 | High | 7.3 | 2025-03-06 | A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the f… |
CVE-2020-7858 | Medium | 6.8 | 2021-04-22 | There is a directory traversing vulnerability in the download page url of AquaNPlayer 2.0.0.92. The IP of the download page url is localhost and an attacker ca… |
CVE-2025-61685 | Medium | 6.5 | 2025-10-03 | Mastra is a Typescript framework for building AI agents and assistants. Versions 0.13.8 through 0.13.20-alpha.0 are vulnerable to a Directory Traversal attack… |
CVE-2024-45096 | Medium | 6.5 | 2024-09-05 | IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a directory listing. |
CVE-2022-30625 | Medium | 5.7 | 2022-07-18 | Directory listing is a web server function that displays the directory contents when there is no index file in a specific website directory. A directory listin… |
CVE-2026-50233 | Medium | 5.3 | 2026-06-05 | Lyrion Music Server 9.2.0 contains an arbitrary directory listing vulnerability in its readdirectory query, exposed through both the CLI service (TCP port 9090… |
CVE-2026-41933 | Medium | 5.3 | 2026-05-14 | Vvveb before 1.0.8.3 contains a directory listing information disclosure vulnerability that allows unauthenticated attackers to enumerate files and directories… |
CVE-2023-38265 | Medium | 5.3 | 2026-02-17 | IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid i… |
CVE-2025-13200 | Medium | 5.3 | 2025-11-15 | A vulnerability was determined in SourceCodester Farm Management System 1.0. Affected by this vulnerability is an unknown functionality. This manipulation caus… |
CVE-2025-62396 | Medium | 5.3 | 2025-10-23 | An error-handling issue in the Moodle router (r.php) could cause the application to display internal directory listings when specific HTTP headers were not pro… |
CVE-2025-27906 | Medium | 5.3 | 2025-10-14 | IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files a… |
CVE-2025-27452 | Medium | 5.3 | 2025-07-03 | The configuration of the Apache httpd webserver which serves the MEAC300-FNADE4 web application, is partly insecure. There are modules activated that are not r… |