Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-552

CWE-552

Files or Directories Accessible to External Parties

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product makes files or directories accessible to unauthorized actors, even though they should not be.

474 vulnerabilities with CWE-552

CVE-2026-4532 MEDIUM

code-projects Simple Food Ordering System Database Backup food.sql file access

CVE-2026-33071 MEDIUM

FileRise: WebDAV upload path bypasses filename validation enforced by regular uploads

CVE-2026-32750 MEDIUM

SiYuan importStdMd: unvalidated localPath imports arbitrary host directories as persistent notes

CVE-2026-29066 MEDIUM

ssw/tinacms/cli < 2.1.8 - Unauthenticated Arbitrary File Read via Vite Dev Server Misconfiguration

CVE-2026-2331 CRITICAL

AppEngine Fileaccess - Info Disclosure

CVE-2026-2330 CRITICAL

CROWN REST Interface - Path Traversal

CVE-2026-24732 MEDIUM

BlueSpice 5.1-5.1.3/5.2-5.2.0 - Auth Bypass

CVE-2026-25231 HIGH

filerise < 3.3.0 - Unauthenticated File Read via /uploads Directory

CVE-2026-25137 CRITICAL

NixOs Odoo <25.11-26.05 - Info Disclosure

CVE-2025-14771 CRITICAL

File Disclosure in ABB T-MAC Plus web application and in ABB T-MAC plus Server - Default IIS Web Site

CVE-2025-69428 HIGH

Pro-Bit < 1.77.4 - Unauthenticated Sensitive Directory Access

CVE-2025-7389 HIGH

Unauthorized Arbitrary File Read via RMI in AdminServer Interface

CVE-2025-66955 MEDIUM

Asseco SEE Live 2.0 - Path Traversal

CVE-2025-69875 HIGH

Quick Heal Total Security 23.0.0 - Privilege Escalation via Quarantine Restore Path Manipulation

CVE-2025-37177 MEDIUM

ArubaOS 6.5.4.0-8.10.0.21 - Authenticated Arbitrary File Deletion via Command-Line Interface

CVE-2025-37168 HIGH

Mobility Conductors <AOS-8 - Privilege Escalation

CVE-2025-69990 CRITICAL

phpgurukul News Portal Project V4.1 - Info Disclosure

CVE-2025-66689 MEDIUM

Zen MCP Server <9.8.2 - Path Traversal

CVE-2025-68719 HIGH

KAYSUS KS-WR3600 <1.0.5.9.1 - Info Disclosure

CVE-2025-12648 MEDIUM

WP-Members Membership Plugin <3.5.4.4 - Info Disclosure

CVE-2025-15065 MEDIUM

Kings Information & Network Co. KESS Enterprise <*.25.9.19.exe - Pr...

CVE-2025-15153 LOW

pbootcms < 3.2.12 - Direct Request Access to SQLite Database File

CVE-2025-14896 HIGH

kroki - Server-Side Request Forgery via Vega Diagram Specification

CVE-2025-68109 CRITICAL

ChurchCRM < 6.5.3 - Remote Code Execution via Database Restore File Upload

CVE-2025-14697 LOW

Shenzhen Sixun Software Sixun Shanghui Group Business Management Sy...

Previous Page 2 of 19 Next

Details

Vulnerabilities 474

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy