CWE-552 · Files or Directories Accessible to External Parties
478 CVEs classified under CWE-552 (Files or Directories Accessible to External Parties). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-41240 | Critical | 10.0 | 2025-07-24 | Three Bitnami Helm charts mount Kubernetes Secrets under a predictable path (/opt/bitnami/*/secrets) that is located within the web server document root. In af… |
CVE-2024-56731 | Critical | 10.0 | 2025-06-24 | Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it's still possible to delete files under the .git directory and achieve remote comman… |
CVE-2024-6209 | Critical | 10.0 | 2024-07-05 | Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to access file… |
CVE-2025-14771 | Critical | 9.9 | 2026-06-03 | Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. |
CVE-2024-39931 | Critical | 9.9 | 2024-07-04 | Gogs through 0.13.0 allows deletion of internal files. |
CVE-2023-5199 | Critical | 9.9 | 2023-10-30 | The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' sh… |
CVE-2021-32008 | Critical | 9.9 | 2022-03-04 | This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Improper Limitation of a Pathname to restricted directory, allows logged… |
CVE-2021-43821 | Critical | 9.9 | 2021-12-14 | Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast before version 9.10 or 10.6 allows references to local file URLs in inges… |
CVE-2026-40624 | Critical | 9.8 | 2026-06-19 | Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras may allow a remote, unauthenticated attacker to achieve arbitrary code execut… |
CVE-2019-25709 | Critical | 9.8 | 2026-04-12 | CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/dat… |
CVE-2026-33698 | Critical | 9.8 | 2026-04-10 | Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code from the main/install/ directory and allo… |
CVE-2026-2331 | Critical | 9.8 | 2026-03-06 | An attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileaccess over HTTP due to improper access r… |
CVE-2020-37082 | Critical | 9.8 | 2026-02-03 | webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to download database backup files without authentication. Atta… |
CVE-2024-53676 | Critical | 9.8 | 2024-11-27 | A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may allow remote code execution. |
CVE-2024-0949 | Critical | 9.8 | 2024-06-27 | Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows… |
CVE-2024-4098 | Critical | 9.8 | 2024-06-20 | The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uu_fetch_sharecounts fu… |
CVE-2024-5262 | Critical | 9.8 | 2024-06-05 | Files or Directories Accessible to External Parties vulnerability in smb server in ProjectDiscovery Interactsh allows remote attackers to read/write any files… |
CVE-2023-48710 | Critical | 9.8 | 2024-04-15 | iTop is an IT service management platform. Files from the `env-production` folder can be retrieved even though they should have restricted access. Hopefully… |
CVE-2024-2056 | Critical | 9.8 | 2024-03-05 | Services that are running and bound to the loopback interface on the Artica Proxy are accessible through the proxy service. In particular, the "tailon" service… |
CVE-2024-2055 | Critical | 9.8 | 2024-03-05 | The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not requir… |