CWE-552
Files or Directories Accessible to External Parties
Description
The product makes files or directories accessible to unauthorized actors, even though they should not be.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-150 · CAPEC-639
CVEs mapped to this weakness (182)
page 4 of 10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-3025 | Hig | 0.47 | 7.3 | 0.00 | Sep 15, 2025 | Elevation of Privileges in the cleaning feature of Gen Digital CCleaner version 6.33.11465 on Windows allows a local user to gain SYSTEM privileges via exploiting insecure file delete operations. Reported in CCleaner v. 6.33.11465. This issue affects CCleaner: before <… | ||
| CVE-2025-4134 | Hig | 0.47 | 7.3 | 0.00 | May 28, 2025 | Lack of file validation in do_update_vps in Avast Business Antivirus for Linux 4.5 on Linux allows local user to spoof or tamper with the update file via an unverified file write. | ||
| CVE-2025-1982 | — | Hig | 0.46 | — | 0.00 | Apr 16, 2025 | Local File Inclusion vulnerability in Ready's attachment upload panel allows low privileged user to provide link to a local file using the file:// protocol thus allowing the attacker to read content of the file. This vulnerability can be use to read content of system files. | |
| CVE-2025-27147 | Hig | 0.46 | 8.2 | 0.00 | Mar 25, 2025 | The GLPI Inventory Plugin handles various types of tasks for GLPI agents, including network discovery and inventory (SNMP), software deployment, VMWare ESX host remote inventory, and data collection (files, Windows registry, WMI). Versions prior to 1.5.0 have an improper access… | ||
| CVE-2025-22369 | Hig | 0.46 | — | 0.00 | Mar 11, 2025 | The ReadFile endpoint of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to read arbitrary files from the underlying OS. | ||
| CVE-2025-64185 | Med | 0.45 | — | 0.00 | Nov 20, 2025 | Open OnDemand is an open-source HPC portal. Prior to versions 4.0.8 and 3.1.16, Open OnDemand packages create world writable locations in the GEM_PATH. Open OnDemand versions 4.0.8 and 3.1.16 have been patched for this vulnerability. | ||
| CVE-2024-11399 | Med | 0.44 | 6.8 | 0.00 | May 27, 2026 | Files or directories accessible to external parties vulnerability in redis-server component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to conduct denial-of-service attacks via unspecified vectors. | ||
| CVE-2017-15104 | Hig | 0.44 | 7.8 | 0.00 | Dec 18, 2017 | An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file. | ||
| CVE-2026-35446 | Hig | 0.43 | 7.7 | 0.00 | Apr 8, 2026 | LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From 24.0.0 to before 27.0.3 and 28.0.1, an incorrect order of operations in the FilesDownloadHandler could result in an… | ||
| CVE-2026-24732 | Med | 0.43 | — | 0.00 | Mar 4, 2026 | Files or Directories Accessible to External Parties, Incorrect Permission Assignment for Critical Resource vulnerability in Hallo Welt! GmbH BlueSpice (Extension:NSFileRepo modules) allows Accessing Functionality Not Properly Constrained by ACLs, Bypassing Electronic Locks and… | ||
| CVE-2026-45088 | Hig | 0.42 | 7.5 | 0.00 | May 27, 2026 | Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the custom-payload-file field in model.Options is JSON-tagged and deserialized directly from the attacker's request body, then propagated… | ||
| CVE-2026-8704 | Med | 0.42 | 6.5 | 0.00 | May 15, 2026 | Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified. | ||
| CVE-2021-47960 | Med | 0.42 | 6.5 | 0.00 | Apr 10, 2026 | A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with… | ||
| CVE-2026-34392 | Hig | 0.42 | 7.5 | 0.00 | Apr 8, 2026 | LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, a bug in the static file router can allow an attacker to traverse outside of… | ||
| CVE-2025-66955 | Med | 0.42 | 6.5 | 0.00 | Mar 12, 2026 | Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access files on the host via "path" parameter in the downloadAttachment and downloadAttachmentFromPath API calls. | ||
| CVE-2025-14896 | Hig | 0.42 | 7.5 | 0.00 | Dec 18, 2025 | due to insufficient sanitazation in Vega’s `convert()` function when `safeMode` is enabled and the spec variable is an array. An attacker can craft a malicious Vega diagram specification that will allow them to send requests to any URL, including local file system paths,… | ||
| CVE-2025-37130 | Med | 0.42 | 6.5 | 0.00 | Sep 16, 2025 | A vulnerability in the command-line interface of EdgeConnect SD-WAN could allow an authenticated attacker to read arbitrary files within the system. Successful exploitation could allow an attacker to read sensitive data from the underlying file system. | ||
| CVE-2025-23421 | Med | 0.42 | 6.4 | 0.00 | Feb 13, 2025 | An attacker could obtain firmware files and reverse engineer their intended use leading to loss of confidentiality and integrity of the hardware devices enabled by the Qardio iOS and Android applications. | ||
| CVE-2024-53649 | Med | 0.42 | 6.5 | 0.01 | Jan 14, 2025 | A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.80), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V9.68), SIPROTEC 5 6MU85… | ||
| CVE-2017-1308 | Med | 0.42 | 6.5 | 0.02 | Jul 13, 2017 | IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have access to due to improper access controls. IBM X-Force ID: 125462. |
- risk 0.47cvss 7.3epss 0.00
Elevation of Privileges in the cleaning feature of Gen Digital CCleaner version 6.33.11465 on Windows allows a local user to gain SYSTEM privileges via exploiting insecure file delete operations. Reported in CCleaner v. 6.33.11465. This issue affects CCleaner: before <…
- risk 0.47cvss 7.3epss 0.00
Lack of file validation in do_update_vps in Avast Business Antivirus for Linux 4.5 on Linux allows local user to spoof or tamper with the update file via an unverified file write.
- risk 0.46cvss —epss 0.00
Local File Inclusion vulnerability in Ready's attachment upload panel allows low privileged user to provide link to a local file using the file:// protocol thus allowing the attacker to read content of the file. This vulnerability can be use to read content of system files.
- risk 0.46cvss 8.2epss 0.00
The GLPI Inventory Plugin handles various types of tasks for GLPI agents, including network discovery and inventory (SNMP), software deployment, VMWare ESX host remote inventory, and data collection (files, Windows registry, WMI). Versions prior to 1.5.0 have an improper access…
- risk 0.46cvss —epss 0.00
The ReadFile endpoint of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to read arbitrary files from the underlying OS.
- risk 0.45cvss —epss 0.00
Open OnDemand is an open-source HPC portal. Prior to versions 4.0.8 and 3.1.16, Open OnDemand packages create world writable locations in the GEM_PATH. Open OnDemand versions 4.0.8 and 3.1.16 have been patched for this vulnerability.
- risk 0.44cvss 6.8epss 0.00
Files or directories accessible to external parties vulnerability in redis-server component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to conduct denial-of-service attacks via unspecified vectors.
- risk 0.44cvss 7.8epss 0.00
An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file.
- risk 0.43cvss 7.7epss 0.00
LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From 24.0.0 to before 27.0.3 and 28.0.1, an incorrect order of operations in the FilesDownloadHandler could result in an…
- risk 0.43cvss —epss 0.00
Files or Directories Accessible to External Parties, Incorrect Permission Assignment for Critical Resource vulnerability in Hallo Welt! GmbH BlueSpice (Extension:NSFileRepo modules) allows Accessing Functionality Not Properly Constrained by ACLs, Bypassing Electronic Locks and…
- risk 0.42cvss 7.5epss 0.00
Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the custom-payload-file field in model.Options is JSON-tagged and deserialized directly from the attacker's request body, then propagated…
- risk 0.42cvss 6.5epss 0.00
Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified.
- risk 0.42cvss 6.5epss 0.00
A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with…
- risk 0.42cvss 7.5epss 0.00
LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, a bug in the static file router can allow an attacker to traverse outside of…
- risk 0.42cvss 6.5epss 0.00
Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access files on the host via "path" parameter in the downloadAttachment and downloadAttachmentFromPath API calls.
- risk 0.42cvss 7.5epss 0.00
due to insufficient sanitazation in Vega’s `convert()` function when `safeMode` is enabled and the spec variable is an array. An attacker can craft a malicious Vega diagram specification that will allow them to send requests to any URL, including local file system paths,…
- risk 0.42cvss 6.5epss 0.00
A vulnerability in the command-line interface of EdgeConnect SD-WAN could allow an authenticated attacker to read arbitrary files within the system. Successful exploitation could allow an attacker to read sensitive data from the underlying file system.
- risk 0.42cvss 6.4epss 0.00
An attacker could obtain firmware files and reverse engineer their intended use leading to loss of confidentiality and integrity of the hardware devices enabled by the Qardio iOS and Android applications.
- risk 0.42cvss 6.5epss 0.01
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.80), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V9.68), SIPROTEC 5 6MU85…
- risk 0.42cvss 6.5epss 0.02
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have access to due to improper access controls. IBM X-Force ID: 125462.