Weaknesses of type CWE-552
327 resultsCVE-2025-69428HIGHAn issue in Pro-Bit before v1.77.4 allows unauthenticated attackers to directly access sensitive directory and its subdirectories.EPSS 0.3%CVE-2026-8704MEDIUMCrypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modifiedEPSS 0.3%CVE-2024-45627MEDIUMApache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerabilityEPSS 0.3%CVE-2024-50627HIGHAn issue was discovered in Digi ConnectPort LTS before 1.4.12. A Privilege Escalation vulnerability exists in the file upload feature. It alEPSS 0.3%CVE-2026-39871HIGHA path handling issue was addressed with improved logic. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5.EPSS 0.3%CVE-2025-37177MEDIUMAuthenticated Arbitrary File Deletion Vulnerability in AOS-10 or AOS-8 Command Line Interface (CLI)EPSS 0.3%CVE-2025-52460MEDIUMFiles or directories accessible to external parties issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If exEPSS 0.3%CVE-2025-66955MEDIUMLocal File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access fileEPSS 0.3%CVE-2025-45529HIGHAn arbitrary file read vulnerability in the ReadTextAsynchronous function of SSCMS v7.3.1 allows attackers to read arbitrary files via sendiEPSS 0.3%CVE-2022-1117—A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker, a build time reEPSS 0.3%CVE-2024-9945MEDIUMLimited Information Disclosure in GoAnywhere MFT Prior to 7.7.0EPSS 0.3%CVE-2025-66625MEDIUMUmbraco Vulnerable to Improper File Access and Credential Exposure through Dictionary Import FunctionalityEPSS 0.3%CVE-2026-34361CRITICALHAPI FHIR: Unauthenticated SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token TheftEPSS 0.3%CVE-2021-3717—A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_UEPSS 0.3%CVE-2025-43758MEDIUMLiferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.EPSS 0.3%CVE-2025-37130MEDIUMUnrestricted Binary allows File Enumeration in Underlying Operating SystemEPSS 0.3%CVE-2021-21429MEDIUMCreation of Temporary File in Directory with Insecure Permissions in the OpenAPI Generator Maven pluginEPSS 0.3%CVE-2020-25636MEDIUMA flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are EPSS 0.3%CVE-2026-42063MEDIUMiControl SOAP vulnerabilityEPSS 0.3%CVE-2023-4588MEDIUMFile accessibility vulnerability in Delinea Secret ServerEPSS 0.3%