CWE-552: CWE-552

Dreamer CMS v4.1.3 contains an arbitrary file read vulnerability in the TemplateController component that allows attackers to read sensitive files fro...

An arbitrary file movement vulnerability in ASUSTOR Data Master (ADM) allows attackers to exploit the file renaming feature to move files to unintende...

CVE-2023-34645 is an arbitrary file read vulnerability in jfinal CMS 5.1.0 that allows attackers to read sensitive files from the server filesystem. T...

This vulnerability in Dolibarr ERP/CRM software allows unauthenticated attackers to dump the entire database and access sensitive company data includi...

Stimulsoft Designer (Web) 2023.1.3 contains a Local File Inclusion vulnerability that allows attackers to read arbitrary files on the server. This aff...

CVE-2023-23330 is a local file inclusion vulnerability in Amano Xparc parking solutions that allows attackers to read arbitrary files on the server. T...

This vulnerability allows attackers to access sensitive files or directories in Saysis Starcities software, potentially exposing configuration data, c...

CVE-2023-26956 is an arbitrary file read vulnerability in onekeyadmin v1.3.9 that allows attackers to read sensitive files on the server via the /admi...

Easy Images v2.0 contains an arbitrary file download vulnerability in the /application/down.php component that allows attackers to download any file f...

CVE-2022-28462 is an arbitrary file reading vulnerability in novel-plus 3.6.0 that allows attackers to read sensitive files from the server filesystem...

This vulnerability in the uDraw WordPress plugin allows attackers to read arbitrary files on the web server without authentication. By exploiting an u...

CVE-2022-23377 is a local file inclusion vulnerability in Archeevo document management systems that allows attackers to read arbitrary files on the se...

HorizontCMS v1.0.0-beta.2 contains an arbitrary file download vulnerability in the /admin/file-manager/ component that allows authenticated attackers ...

CVE-2021-38711 is an information disclosure vulnerability in gitit's Export feature that allows attackers to read arbitrary files from the server file...

CVE-2021-37348 is a local file inclusion vulnerability in Nagios XI that allows attackers to read arbitrary files on the server through improper pathn...

CVE-2021-36763 is a directory traversal vulnerability in CODESYS V3 web server that allows external attackers to access files or directories they shou...

This vulnerability in gowitness versions before 2.3.6 allows unauthenticated attackers to read arbitrary files on the server by using the file:// sche...

CVE-2021-29024 is a directory traversal vulnerability in InvoicePlane that allows unauthenticated attackers to list directories and download files tha...

A local user can spoof or tamper with Avast Business Antivirus update files due to insufficient file validation in the do_update_vps function. This vu...

This vulnerability allows attackers to bypass Sparkle's (Ed)DSA signature verification and replace legitimate software updates with malicious payloads...

CVE-2024-39581 is a directory traversal vulnerability in Dell PowerScale InsightIQ versions 5.0 through 5.1 that allows unauthenticated remote attacke...

CVE-2021-32752 is an arbitrary file read vulnerability in Ether Logs plugin for Craft CMS. Authenticated admin users can read any file on the server, ...

This vulnerability allows unauthenticated attackers to read arbitrary files on SSCMS servers by sending specially crafted GET requests to the /cms/tem...

This vulnerability in Progress Telerik Document Processing Libraries allows attackers to export the contents of arbitrary files to RTF format, potenti...

This vulnerability in Tecnomatix Plant Simulation allows unauthorized attackers to delete files even when system access should be prohibited. It affec...

This CVE describes a file replacement vulnerability affecting certain Huawei devices. Attackers can replace critical files to compromise system integr...

An arbitrary file deletion vulnerability in the command-line interface of Aruba mobility conductors running AOS-10 or AOS-8 allows authenticated remot...

This vulnerability in EdgeConnect SD-WAN's command-line interface allows authenticated attackers to read arbitrary files from the underlying filesyste...

The mcp-markdownify-server package is vulnerable to arbitrary file read attacks through its get-markdown-file tool. Attackers can craft malicious prom...

This vulnerability in Siemens SIPROTEC 5 protection devices allows authenticated remote attackers to read arbitrary files from the filesystem via impr...

This vulnerability allows authenticated users to trick OpenStack Nova into reading arbitrary files from the server by uploading specially crafted disk...

Apache Linkis versions up to 1.4.0 have a vulnerability where attackers with authorized accounts can configure malicious MySQL JDBC parameters to trig...

This vulnerability allows authenticated users to access arbitrary files on OpenStack servers by uploading a crafted QCOW2 image with external data ref...

This CVE describes a CWE-552 vulnerability where specific files or directories are accessible to external parties in Schneider Electric devices. If ex...

A Local File Inclusion (LFI) vulnerability in TCPDF 6.7.5 allows attackers to read arbitrary files from the server's file system through malicious <im...

SeaCMS 13.3 contains an arbitrary file read vulnerability in the admin_safe.php file that allows attackers to read sensitive files on the server. This...

This vulnerability in Apache Linkis allows authenticated attackers to read arbitrary files from the server by injecting malicious MySQL JDBC parameter...

CVE-2025-13225 is an arbitrary file deletion vulnerability in TanOS that allows authenticated attackers to delete files they shouldn't have access to....

Dell SmartFabric OS10 Software versions before 10.6.0.5 have a file permission vulnerability that allows low-privileged local users to access files or...

The WP-Members WordPress plugin stores user-uploaded files in predictable directories without proper access controls, allowing unauthenticated attacke...

The Secure Copy Content Protection and Content Locking WordPress plugin stores exported CSV files in a publicly accessible directory with predictable ...

The Tainacan WordPress plugin exposes private uploaded files to unauthenticated users due to inadequate access controls. This vulnerability allows att...

The Import WP plugin for WordPress exposes sensitive data through unprotected directories. Unauthenticated attackers can access exported/imported file...

IBM Cognos Analytics Certified Containers 12.1.0 contains hidden pages that can expose package parameter information to unauthorized users. This infor...

HCL Unica Platform has improper access controls that leave files unprotected, potentially exposing sensitive system or private information. Attackers ...

This vulnerability allows remote unauthenticated attackers to access uploaded files and SS1 configuration files in vulnerable versions. It affects SS1...

This vulnerability allows unauthenticated users (guests) to access files uploaded via forms and stored in Liferay's document library by manipulating U...

IBM Jazz for Service Management versions 1.1.3 through 1.1.3.22 have improper access restrictions that could allow remote attackers to obtain sensitiv...

This vulnerability allows remote attackers to access sensitive files or directories on Mercury MNVR816 devices through improper access controls in the...

This vulnerability in SourceCodester Online Birth Certificate Management System 1.0 allows remote attackers to access sensitive files or directories t...