CVE & Exploit Intelligence Database

Updated 4h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

337,847 CVEs tracked 53,242 with exploits 4,725 exploited in wild 1,540 CISA KEV 3,918 Nuclei templates 37,802 vendors 42,493 researchers

53 results Clear all

CVE-2025-2038 7.3 HIGH 1 Writeup EPSS 0.00

Blood Bank Management System 1.0 - Info Disclosure

A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /upload/. The manipulation leads to exposure of information through directory listing. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CWE-552 Mar 06, 2025

CVE-2024-28766 2.4 LOW EPSS 0.00

IBM Security Directory Integrator <7.2.0, IBM Security Verify Direc...

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could disclose sensitive information about directory contents that could aid in further attacks against the system.

CWE-548 Jan 27, 2025

CVE-2024-35113 4.3 MEDIUM EPSS 0.00

IBM Control Center <6.3.1 - Info Disclosure

IBM Control Center 6.2.1 and 6.3.1 could allow an authenticated user to obtain sensitive information exposed through a directory listing.

CWE-548 Jan 25, 2025

CVE-2024-8711 5.3 MEDIUM 1 Writeup EPSS 0.00

SourceCodester Food Ordering Management System 1.0 - Info Disclosure

A vulnerability, which was classified as problematic, has been found in SourceCodester Food Ordering Management System 1.0. Affected by this issue is some unknown functionality of the file /includes/. The manipulation leads to exposure of information through directory listing. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CWE-548 Sep 12, 2024

CVE-2024-45096 6.5 MEDIUM EPSS 0.00

IBM Aspera Faspex <5.0.10 - Info Disclosure

IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a directory listing.

CWE-548 Sep 05, 2024

CVE-2024-7912 5.3 MEDIUM 1 Writeup EPSS 0.00

CodeAstro Online Railway Reservation System 1.0 - Info Disclosure

A vulnerability was found in CodeAstro Online Railway Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/assets/. The manipulation leads to exposure of information through directory listing. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CWE-548 Aug 18, 2024

CVE-2024-7809 5.3 MEDIUM 1 Writeup EPSS 0.00

SourceCodester Online Graduate Tracer System 1.0 - Info Disclosure

A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /tracking/nbproject/. The manipulation leads to exposure of information through directory listing. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CWE-548 Aug 15, 2024

CVE-2024-42007 5.8 MEDIUM 1 PoC Analysis EPSS 0.01

SPX <0.4.15 - Path Traversal

SPX (aka php-spx) through 0.4.15 allows SPX_UI_URI Directory Traversal to read arbitrary files.

CWE-22 Jul 26, 2024

CVE-2024-3707 5.3 MEDIUM EPSS 0.00

OpenGnsys 1.1.1d - Info Disclosure

Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file.

CWE-548 Apr 12, 2024

CVE-2023-49979 7.5 HIGH 1 PoC Analysis EPSS 0.01

Customer Support System <v1 - Info Disclosure

A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization.

CWE-862 Mar 21, 2024

CVE-2024-22082 7.5 HIGH EPSS 0.00

Elspec G5 <1.1.4.15 - Info Disclosure

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated directory listing can occur: the web interface cay be abused be an attacker get a better understanding of the operating system.

CWE-548 Mar 20, 2024

CVE-2023-51948 7.5 HIGH 1 Writeup EPSS 0.00

actiNAS SL 2U-8 RDX 3.2.03-SP1 - Info Disclosure

A Site-wide directory listing vulnerability in /fm in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to list the files hosted by the web application.

CWE-548 Jan 19, 2024

CVE-2022-36243 5.3 MEDIUM EPSS 0.00

Shop Beat Media Player <3.2.57 - Path Traversal

Shop Beat Solutions (pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Directory Traversal via server.shopbeat.co.za. Information Exposure Through Directory Listing vulnerability in "studio" software of Shop Beat. This issue affects: Shop Beat studio studio versions prior to 3.2.57 on arm.

CWE-22 May 30, 2023

CVE-2016-15019 4.3 MEDIUM EPSS 0.00

tombh jekbox - Info Disclosure

A vulnerability was found in tombh jekbox. It has been rated as problematic. This issue affects some unknown processing of the file lib/server.rb. The manipulation leads to exposure of information through directory listing. The attack may be initiated remotely. The patch is named 64eb2677671018fc08b96718b81e3dbc83693190. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218375.

CWE-22 Jan 15, 2023

CVE-2014-125069 4.3 MEDIUM EPSS 0.00

saxman maps-js-icoads - Info Disclosure

A vulnerability was found in saxman maps-js-icoads. It has been classified as problematic. Affected is an unknown function. The manipulation leads to exposure of information through directory listing. It is possible to launch the attack remotely. The name of the patch is 34b8b0cce2807b119f4cffda2ac48fc8f427d69a. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217644.

CWE-22 Jan 08, 2023

CVE-2021-45446 5.0 MEDIUM EPSS 0.00

Hitachi Vantara Pentaho Business Analytics Server <9.2.0.2-8.3.0.25...

A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located inside the directory.

CWE-548 Nov 02, 2022

CVE-2022-30625 5.7 MEDIUM EPSS 0.00

Chcnav P5e Gnss Firmware - Information Disclosure

Directory listing is a web server function that displays the directory contents when there is no index file in a specific website directory. A directory listing provides an attacker with the complete index of all the resources located inside of the directory. The specific risks and consequences vary depending on which files are listed and accessible.

CWE-548 Jul 18, 2022

CVE-2021-27505 7.5 HIGH EPSS 0.00

mySCADA myPRO <8.20.0 - Info Disclosure

mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive directory listing information.

CWE-548 May 13, 2022

CVE-2021-23195 5.3 MEDIUM EPSS 0.00

Fresenius Kabi Vigilant Software Suite - Info Disclosure

Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 has the option for automated indexing (directory listing) activated. When accessing a directory, a web server delivers its entire content in HTML form. If an index file does not exist and directory listing is enabled, all content of the directory will be displayed, allowing an attacker to identify and access files on the server.

CWE-548 Jan 21, 2022

CVE-2021-21528 7.5 HIGH EPSS 0.00

Dell EMC PowerScale OneFS <9.2.1 - Info Disclosure

Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an Exposure of Information through Directory Listing vulnerability. This vulnerability is triggered when upgrading from a previous versions.

CWE-548 Nov 12, 2021