Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-552

CWE-552

Files or Directories Accessible to External Parties

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product makes files or directories accessible to unauthorized actors, even though they should not be.

474 vulnerabilities with CWE-552

CVE-2026-45543 MEDIUM

Nextcloud Forms 4.3.0-5.2.6 - Unauthorized Read Access to Uploaded Respondent Files

CVE-2026-40425 MEDIUM

MacGregor Voyage Data Recorder (VDR) G4e Files or Directories Accessible to External Parties

CVE-2026-45088 HIGH

Dalfox: Unauthenticated Arbitrary File Read with Out-of-Band Exfiltration via `custom-payload-file` in Dalfox Server Mode

CVE-2026-45721 CRITICAL

Algernon: handler.lua discovery walks parent directories above the server root

CVE-2026-40564 MEDIUM

Apache Flink Kubernetes Operator: Server-Side Request Forgery and local file access in Kubernetes Operator

CVE-2026-8704 MEDIUM

Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified

CVE-2026-33380 MEDIUM

Grafana OSS Arbitrary File Read via SQL Expressions

CVE-2026-42063 MEDIUM

F5 BIG-IP 16.1.0-21.1.0 - Authenticated Sensitive File Download via iControl SOAP

CVE-2026-40631 HIGH

F5 BIG-IP 21.1.0-21.0.0.2 Authenticated Privilege Escalation via iControl SOAP

CVE-2026-35440 MEDIUM

Microsoft Word Information Disclosure Vulnerability

CVE-2026-32185 MEDIUM

Microsoft Teams Spoofing Vulnerability

CVE-2026-31216 CRITICAL

nexent v1.7.5.2 - Unauthenticated File Deletion

CVE-2026-31215 CRITICAL

nexent v1.7.5.2 - Arbitrary File Deletion

CVE-2026-39871 HIGH

macOS - Information Disclosure

CVE-2026-7817 MEDIUM

pgAdmin 4: Local file inclusion and server-side request forgery in LLM API configuration endpoints

CVE-2026-6418 MEDIUM

PaperCut NG/MF: Path Traversal in Shared Account Synchronization

CVE-2026-5335 MEDIUM

Magic Export & Import < 1.2.0 - Unauthenticated PII Disclosure

CVE-2026-40484 CRITICAL

ChurchCRM: Authenticated Remote Code Execution via Unrestricted PHP File Write in Database Restore Function

CVE-2026-33698 CRITICAL

Chamilo LMS affected by unauthenticated RCE in main/install folder

CVE-2026-35446 HIGH

LORIS FilesDownloadHandler - Path Traversal

CVE-2026-35169 HIGH

LORIS has potential cross-site scripting in help_editor module

CVE-2026-34392 HIGH

LORIS Static File Router - Path Traversal

CVE-2026-34361 CRITICAL

HAPI FHIR: Unauthenticated SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft

CVE-2026-4900 MEDIUM

code-projects Online Food Ordering System localhost.sql privilege escalation

CVE-2026-4760 HIGH

Potential unauthorized access to files on the Web HMI server host

Page 1 of 19 Next

Details

Vulnerabilities 474

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy