Login Sign Up

CWE-552: CWE-552

103
Total CVEs
19
Critical
55
High
7.6
Avg CVSS
1
In CISA KEV

Yearly Trend

2026
5
2025
37
2024
28
2023
16
2022
7

Top Affected Vendors

1 Apache 4
2 Redhat 3
3 Abb 2
4 Dell 2
5 Ibm 2
6 Openstack 2
7 Siemens 2
8 Arubanetworks 2
9 Huawei 1
10 Iteachyou 1

All CWE-552 CVEs (103)

CVE-2025-41240
10.0

This critical vulnerability allows unauthenticated remote attackers to access Kubernetes secrets via predictable web paths in Bitnami Helm charts. Any...

Jul 24, 2025
CVE-2024-56731
10.0

This vulnerability allows unprivileged users in Gogs to delete files in the .git directory, leading to remote command execution. Attackers can execute...

Jun 24, 2025
CVE-2024-6209
10.0

This vulnerability allows attackers to access files without authorization in ABB ASPECT-Enterprise, NEXUS Series, and MATRIX Series web servers. It af...

Jul 5, 2024
CVE-2023-5199
9.9

The PHP to Page WordPress plugin has a Local File Inclusion vulnerability that can lead to Remote Code Execution. Authenticated attackers with subscri...

Oct 30, 2023
CVE-2021-43821
9.9

Opencast versions before 9.10 and 10.6 allow attackers with media ingestion privileges to include local file URLs in media packages, exposing sensitiv...

Dec 14, 2021
CVE-2026-2331
9.8

This critical vulnerability allows unauthenticated attackers to read and write sensitive files via AppEngine's HTTP-based file access feature. Attacke...

Mar 6, 2026
CVE-2020-37082
9.8

CVE-2020-37082 is an unauthenticated file access vulnerability in webERP 4.15.1 that allows remote attackers to download database backup files without...

Feb 3, 2026
CVE-2024-53676
9.8

A directory traversal vulnerability in HPE Insight Remote Support allows attackers to access files outside intended directories, potentially leading t...

Nov 27, 2024
CVE-2024-4098
9.8

The Shariff Wrapper WordPress plugin has a Local File Inclusion vulnerability that allows unauthenticated attackers to include and execute arbitrary P...

Jun 20, 2024
CVE-2024-5262
9.8

This vulnerability in ProjectDiscovery Interactsh allows remote attackers to anonymously access and modify any files in the directory where the intera...

Jun 5, 2024
CVE-2023-48710
9.8

CVE-2023-48710 is a critical directory traversal vulnerability in iTop IT service management platform that allows unauthenticated attackers to access ...

Apr 15, 2024
CVE-2023-50164
9.8

This vulnerability in Apache Struts allows attackers to manipulate file upload parameters to perform path traversal attacks, potentially leading to re...

Dec 7, 2023
CVE-2023-29931
9.8

CVE-2023-29931 is a Local File Inclusion vulnerability in laravel-s that allows attackers to read arbitrary files on the server. This affects all syst...

Jun 22, 2023
CVE-2022-25299
9.8

CVE-2022-25299 is a path traversal vulnerability in the cesanta/mongoose library's mg_http_upload() function that allows attackers to write files outs...

Feb 18, 2022
CVE-2021-1361
9.8

This critical vulnerability allows unauthenticated remote attackers to create, delete, or overwrite arbitrary files with root privileges on affected C...

Feb 24, 2021
CVE-2025-40908
9.1

This vulnerability in YAML-LibYAML for Perl allows attackers to modify existing files on the system due to insecure use of 2-argument open() calls. It...

Jun 1, 2025
CVE-2024-48864
9.1

This vulnerability in QNAP File Station 5 allows remote attackers to read or write files and directories without proper authorization. It affects all ...

Mar 7, 2025
CVE-2018-10867
9.1

This vulnerability in the redhat-certification 7 package allows unrestricted file access via the /update/results page, enabling attackers to delete an...

May 26, 2021
CVE-2024-21403
9.0

This vulnerability in Microsoft Azure Kubernetes Service (AKS) Confidential Containers allows attackers to escalate privileges within container enviro...

Feb 13, 2024
CVE-2025-32819
8.8

This vulnerability allows authenticated SSLVPN users on SMA100 devices to bypass path traversal protections and delete arbitrary files. Attackers coul...

May 7, 2025
CVE-2024-50627
8.8

A privilege escalation vulnerability in Digi ConnectPort LTS devices allows authenticated local network attackers to upload and execute malicious file...

Dec 9, 2024
CVE-2024-36442
8.8

This vulnerability in Swissphone DiCal-RED 4009 devices allows authenticated attackers to read arbitrary files from the device's file system through t...

Aug 22, 2024
CVE-2024-3564
8.8

The Content Blocks (Custom Post Widget) WordPress plugin has a Local File Inclusion vulnerability that allows authenticated attackers with contributor...

Jun 1, 2024
CVE-2023-39479
8.8

This vulnerability in Softing Secure Integration Server OPC UA Gateway allows authenticated attackers to bypass authentication and create directories ...

May 3, 2024
CVE-2023-5099
8.8

This vulnerability in the HTML filter and csv-file search WordPress plugin allows authenticated attackers with contributor-level permissions or higher...

Oct 31, 2023
CVE-2023-45160
8.8

This vulnerability allows ordinary users to replace downloaded instruction resource files with malicious scripts in the 1E Client. Attackers could exe...

Oct 5, 2023
CVE-2021-32833
8.6

Emby Server on Windows contains arbitrary file read vulnerabilities in specific API routes, allowing attackers to read sensitive files from the server...

Sep 9, 2021
CVE-2024-12917
8.3

This vulnerability in Agito Computer Health4All allows unauthorized external parties to access files or directories due to misconfigured access contro...

Feb 24, 2025
CVE-2025-37168
8.2

An arbitrary file deletion vulnerability in Aruba mobility conductors running AOS-8 allows unauthenticated remote attackers to delete files on affecte...

Jan 13, 2026
CVE-2024-51542
8.2

This CVE allows attackers to download configuration files containing dependency information from ABB industrial control systems. This affects ABB ASPE...

Dec 5, 2024
CVE-2023-41566
8.1

CVE-2023-41566 is an arbitrary file download vulnerability in OA EKP v16 that allows attackers to download sensitive files including administrator pas...

Jul 17, 2025
CVE-2025-53536
8.1

This vulnerability in Roo Code allows attackers with prompt submission access to write malicious configurations to VS Code settings files, leading to ...

Jul 7, 2025
CVE-2024-8535
8.1

This vulnerability allows authenticated users on NetScaler ADC and NetScaler Gateway appliances to access unintended user capabilities when Kerberos S...

Nov 12, 2024
CVE-2025-49797
7.8

Brother printer driver installers for Windows contain a privilege escalation vulnerability that allows local attackers to execute arbitrary programs w...

Jun 25, 2025
CVE-2025-2222
7.8

This CVE describes a vulnerability where files or directories are accessible over HTTPS to external parties, potentially leaking sensitive information...

Apr 9, 2025
CVE-2024-38876
7.8

This vulnerability allows local authenticated attackers to execute arbitrary code with elevated privileges on Siemens Omnivise T3000 systems. The affe...

Aug 2, 2024
CVE-2023-31017
7.8

This vulnerability in NVIDIA GPU Display Driver for Windows allows attackers to write arbitrary data to privileged locations using reparse points. Suc...

Nov 2, 2023
CVE-2023-36664
7.8

CVE-2023-36664 is a security bypass vulnerability in Artifex Ghostscript that allows arbitrary command execution through improper permission validatio...

Jun 25, 2023
CVE-2022-24138
7.8

This vulnerability allows low-privileged users to replace legitimate IOBit software components with malicious executables during the download process,...

Jul 6, 2022
CVE-2021-3717
7.8

CVE-2021-3717 is a security flaw in Wildfly's elytron configuration that incorrectly handles JBOSS_LOCAL_USER challenges. This allows any local user o...

May 24, 2022
CVE-2024-4981
7.6

This vulnerability in Pagure server allows authenticated malicious users to create symbolic links in git repositories that expose files outside the re...

May 12, 2025
CVE-2025-14896
7.5

CVE-2025-14896 is a server-side request forgery (SSRF) vulnerability in Vega's convert() function when safeMode is enabled and the spec parameter is a...

Dec 18, 2025
CVE-2025-11371
KEV EPSS 68.2% 7.5

An unauthenticated Local File Inclusion vulnerability in Gladinet CentreStack and TrioFox allows attackers to read sensitive system files without cred...

Oct 9, 2025
CVE-2025-61734
7.5

This vulnerability in Apache Kylin allows unauthorized external parties to access sensitive files or directories if administrative access controls are...

Oct 2, 2025
CVE-2025-58753
7.5

Copyparty versions before 1.19.8 have an authorization bypass vulnerability in the shares feature. When a share is created for a single file within a ...

Sep 9, 2025
CVE-2024-49359
7.5

This vulnerability allows authenticated users to perform directory traversal attacks via the /v2_1/file API endpoint in ZimaOS, enabling them to list ...

Oct 24, 2024
CVE-2024-7107
7.5

This vulnerability allows unauthorized external parties to access files or directories in National Keep Cyber Security Services CyberMath, potentially...

Sep 26, 2024
CVE-2024-6421
7.5

CVE-2024-6421 allows unauthenticated remote attackers to read sensitive device information through an incorrectly configured FTP service. This affects...

Jul 10, 2024
CVE-2024-2759
7.5

An improper access control vulnerability in the Apaczka plugin for PrestaShop allows unauthenticated attackers to gather information from saved templa...

Apr 4, 2024
CVE-2024-24161
7.5

MRCMS 3.0 contains an arbitrary file read vulnerability in the /admin/file/edit.do endpoint where the path parameter is not properly filtered. This al...

Feb 2, 2024

About CWE-552 (CWE-552)

Our database tracks 103 CVEs classified as CWE-552, with 19 rated critical and 55 rated high severity. The average CVSS score for CWE-552 vulnerabilities is 7.6.

External reference: View CWE-552 on MITRE CWE →

Monitor CWE-552 Vulnerabilities

Get alerted when new CWE-552 CVEs affect your infrastructure.

Start Monitoring Free