Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-552

CWE-552

Files or Directories Accessible to External Parties

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product makes files or directories accessible to unauthorized actors, even though they should not be.

453 vulnerabilities with CWE-552

CVE-2026-40484 CRITICAL

ChurchCRM: Authenticated Remote Code Execution via Unrestricted PHP File Write in Database Restore Function

CVE-2026-33698 CRITICAL

Chamilo LMS affected by unauthenticated RCE in main/install folder

CVE-2026-35446 HIGH

LORIS has a path traversal in FilesDownloadHandler

CVE-2026-35169 HIGH

LORIS has potential cross-site scripting in help_editor module

CVE-2026-34392 HIGH

LORIS has a path traversal in static router

CVE-2026-34361 CRITICAL

HAPI FHIR: Unauthenticated SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft

CVE-2026-4900 MEDIUM

code-projects Online Food Ordering System localhost.sql privilege escalation

CVE-2026-4760 HIGH

Potential unauthorized access to files on the Web HMI server host

CVE-2026-4532 MEDIUM

code-projects Simple Food Ordering System Database Backup food.sql file access

CVE-2026-33071 MEDIUM

FileRise: WebDAV upload path bypasses filename validation enforced by regular uploads

CVE-2026-32750 MEDIUM

SiYuan importStdMd: unvalidated localPath imports arbitrary host directories as persistent notes

CVE-2026-29066 MEDIUM

Tina CMS <2.1.8 - Info Disclosure

CVE-2026-2331 CRITICAL

AppEngine Fileaccess - Info Disclosure

CVE-2026-2330 CRITICAL

CROWN REST Interface - Path Traversal

CVE-2026-24732 MEDIUM

BlueSpice 5.1-5.1.3/5.2-5.2.0 - Auth Bypass

CVE-2026-25231 HIGH

FileRise <3.3.0 - Info Disclosure

CVE-2026-25137 CRITICAL

NixOs Odoo <25.11-26.05 - Info Disclosure

CVE-2025-69428 HIGH

Pro-Bit <1.77.4 - Path Traversal

CVE-2025-7389 HIGH

Unauthorized Arbitrary File Read via RMI in AdminServer Interface

CVE-2025-69875 HIGH

Quickheal Total Security - Privilege Escalation

CVE-2025-37177 MEDIUM

Mobility Conductor - File Deletion

CVE-2025-37168 HIGH

Mobility Conductors <AOS-8 - Privilege Escalation

CVE-2025-69990 CRITICAL

phpgurukul News Portal Project V4.1 - Info Disclosure

CVE-2025-66689 MEDIUM

Zen MCP Server <9.8.2 - Path Traversal

CVE-2025-68719 HIGH

KAYSUS KS-WR3600 <1.0.5.9.1 - Info Disclosure

Page 1 of 19 Next

Details

Vulnerabilities 453

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy