CWE-552 · Files or Directories Accessible to External Parties

478 CVEs classified under CWE-552 (Files or Directories Accessible to External Parties). Browse by severity and year.

Top CVEs for CWE-552
CVESeverityScorePublishedSummary
CVE-2025-41240Critical10.02025-07-24Three Bitnami Helm charts mount Kubernetes Secrets under a predictable path (/opt/bitnami/*/secrets) that is located within the web server document root. In af…
CVE-2024-56731Critical10.02025-06-24Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it's still possible to delete files under the .git directory and achieve remote comman…
CVE-2024-6209Critical10.02024-07-05Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to access file…
CVE-2025-14771Critical9.92026-06-03Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.
CVE-2024-39931Critical9.92024-07-04Gogs through 0.13.0 allows deletion of internal files.
CVE-2023-5199Critical9.92023-10-30The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' sh…
CVE-2021-32008Critical9.92022-03-04This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Improper Limitation of a Pathname to restricted directory, allows logged…
CVE-2021-43821Critical9.92021-12-14Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast before version 9.10 or 10.6 allows references to local file URLs in inges…
CVE-2026-40624Critical9.82026-06-19Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras may allow a remote, unauthenticated attacker to achieve arbitrary code execut…
CVE-2019-25709Critical9.82026-04-12CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/dat…
CVE-2026-33698Critical9.82026-04-10Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code from the main/install/ directory and allo…
CVE-2026-2331Critical9.82026-03-06An attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileaccess over HTTP due to improper access r…
CVE-2020-37082Critical9.82026-02-03webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to download database backup files without authentication. Atta…
CVE-2024-53676Critical9.82024-11-27A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may allow remote code execution.
CVE-2024-0949Critical9.82024-06-27Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows…
CVE-2024-4098Critical9.82024-06-20The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uu_fetch_sharecounts fu…
CVE-2024-5262Critical9.82024-06-05Files or Directories Accessible to External Parties vulnerability in smb server in ProjectDiscovery Interactsh allows remote attackers to read/write any files…
CVE-2023-48710Critical9.82024-04-15iTop is an IT service management platform. Files from the `env-production` folder can be retrieved even though they should have restricted access. Hopefully…
CVE-2024-2056Critical9.82024-03-05Services that are running and bound to the loopback interface on the Artica Proxy are accessible through the proxy service. In particular, the "tailon" service…
CVE-2024-2055Critical9.82024-03-05The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not requir…