VYPR

CWE-548

Exposure of Information Through Directory Listing

VariantDraft

Description

The product inappropriately exposes a directory listing with an index of all the resources located inside of the directory.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (16)

  • CVE-2025-32750HigMay 20, 2026
    risk 0.49cvss 7.5epss 0.00

    Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

  • CVE-2020-36921HigJan 6, 2026
    risk 0.49cvss 7.5epss 0.00

    RED-V Super Digital Signage System 5.1.1 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive webserver log files. Attackers can visit multiple endpoints to retrieve system resources and debug log information without…

  • CVE-2018-14785HigAug 10, 2018
    risk 0.49cvss 7.5epss 0.02

    NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The directory of the device is listed openly without authentication.

  • CVE-2018-10590HigMay 15, 2018
    risk 0.49cvss 7.5epss 0.02

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory…

  • CVE-2017-6045HigJun 21, 2017
    risk 0.49cvss 7.5epss 0.02

    An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information.

  • CVE-2024-2340MedApr 9, 2024
    risk 0.40cvss 5.3epss 0.28

    The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada…

  • CVE-2024-42007MedJul 26, 2024
    risk 0.38cvss 5.8epss 0.01

    SPX (aka php-spx) through 0.4.15 allows SPX_UI_URI Directory Traversal to read arbitrary files.

  • CVE-2025-61685MedOct 3, 2025
    risk 0.35cvss 6.5epss 0.01

    Mastra is a Typescript framework for building AI agents and assistants. Versions 0.13.8 through 0.13.20-alpha.0 are vulnerable to a Directory Traversal attack that results in the disclosure of directory listings. The code contains a security check to prevent path traversal for…

  • CVE-2026-50233MedJun 5, 2026
    risk 0.34cvss 5.3epss 0.00

    Lyrion Music Server 9.2.0 contains an arbitrary directory listing vulnerability in its readdirectory query, exposed through both the CLI service (TCP port 9090) and the HTTP JSON-RPC endpoint (/jsonrpc.js). The query accepts a folder parameter and lists its contents with no…

  • CVE-2026-41933MedMay 14, 2026
    risk 0.27cvss 5.3epss 0.00

    Vvveb before 1.0.8.3 contains a directory listing information disclosure vulnerability that allows unauthenticated attackers to enumerate files and directories by accessing multiple paths lacking proper index directives in .htaccess files. Attackers can access directories such…

  • CVE-2026-22860Feb 18, 2026
    risk 0.00cvss epss 0.01

    Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory`’s path check used a string prefix match on the expanded path. A request like `/../root_example/` can escape the configured root if the target path starts with the root…

  • CVE-2025-62396Oct 23, 2025
    risk 0.00cvss epss 0.00

    An error-handling issue in the Moodle router (r.php) could cause the application to display internal directory listings when specific HTTP headers were not properly configured.

  • CVE-2020-8161Jul 2, 2020
    risk 0.00cvss epss 0.04

    A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure.

  • CVE-2019-5437May 10, 2019
    risk 0.00cvss epss 0.01

    Information exposure through the directory listing in npm's harp module allows to access files that are supposed to be ignored according to the harp server rules.Vulnerable versions are <= 0.29.0 and no fix was applied to our knowledge.

  • CVE-2019-5415Mar 17, 2019
    risk 0.00cvss epss 0.02

    A bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or list the directory that the victim has not allowed access to.

  • CVE-2018-16493Feb 1, 2019
    risk 0.00cvss epss 0.02

    A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the server by appending slashes in the URL.