Fallos del tipo CWE-552

327 resultados
CVE-2020-11642HIGHSiteManager Denial of Service via Local File Inclusion VulnerabilityEPSS 1.3%CVE-2023-39479MEDIUMSofting Secure Integration Server OPC UA Gateway Directory Creation VulnerabilityEPSS 1.3%CVE-2023-31064HIGHApache InLong: Insecurity direct object references cancelling applicationsEPSS 1.2%CVE-2025-61734HIGHApache Kylin: improper restriction of file readEPSS 1.2%CVE-2021-32833HIGHUnauthenticated file read in Emby ServerEPSS 1.2%CVE-2020-11641HIGHSiteManager Local File Inclusion VulnerabilityEPSS 1.2%CVE-2020-4075MEDIUMArbitrary file read via window-open IPC in ElectronEPSS 1.2%CVE-2022-2357WSM Downloader <= 1.4.0 - Unauthenticated Arbitrary File DownloadEPSS 1.2%CVE-2021-20182A privilege escalation flaw was found in openshift4/ose-docker-builder. The build container runs with high privileges using a chrooted envirEPSS 1.1%CVE-2021-25004SEUR Oficial < 1.7.2 - Admin+ Arbitrary File DownloadEPSS 1.1%CVE-2024-31141MEDIUMApache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProviderEPSS 1.1%CVE-2022-32143HIGHCODESYS runtime system prone to directory accesEPSS 1.1%CVE-2018-1079HIGHpcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of tEPSS 1.1%CVE-2023-1124HIGHShopping Cart & eCommerce Store < 5.4.3 - Admin+ LFIEPSS 1.1%CVE-2021-32752HIGHFiles or Directories Accessible to External Parties in ether/logsEPSS 1.1%CVE-2018-10867Files are accessible without restrictions from the /update/results page of redhat-certification 7 package, allowing an attacker to remove anEPSS 1.1%CVE-2021-24154Theme Editor < 2.6 - Authenticated Arbitrary File DownloadEPSS 1.1%CVE-2018-10863It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the /var/www/rhcert/storeEPSS 1.1%CVE-2024-52047HIGHA widget local file inclusion vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected instEPSS 1.1%CVE-2023-27180HIGHGDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /_admin/baEPSS 1.1%