Falhas do tipo CWE-552

327 resultados

CVE-2020-17519CRITICALApache Flink directory traversal attack: reading remote files through the REST APIEPSS 97.9%KEV CVE-2025-11371HIGHGladinet CentreStack and TrioFox Local File Inclusion FlawEPSS 92.1%KEV CVE-2023-50164—Apache Struts: File upload component had a directory traversal vulnerabilityEPSS 80.8%CVE-2016-3715MEDIUMThe EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted imEPSS 75.4%KEV CVE-2020-15175HIGHUnauthenticated File Deletion in GLPIEPSS 70.9%CVE-2021-39316HIGHZoomSounds <= 6.45 Unauthenticated Directory Traversal and Sensitive Information DislosureEPSS 66.5%CVE-2023-2766MEDIUMWeaver OA jx2_config.ini file accessEPSS 54.2%CVE-2024-53676CRITICALA directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may allow remote code execution.EPSS 51.3%CVE-2024-39931CRITICALGogs through 0.13.0 allows deletion of internal files.EPSS 50.7%CVE-2017-16651HIGHRoundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's fileEPSS 42.8%KEV CVE-2024-6209CRITICALunauthorized file accessEPSS 17.2%CVE-2024-2056CRITICALArtica Proxy Loopback Services Remotely Accessible UnauthenticatedEPSS 16.7%CVE-2026-25137CRITICALNixOs Odoo database and filestore publicly accessible with default odoo configurationEPSS 10.1%CVE-2022-0656—uDraw < 3.3.3 - Unauthenticated Arbitrary File AccessEPSS 7.7%CVE-2025-32819HIGHA vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete EPSS 6.8%CVE-2024-6911HIGHUnauthenticated Local File InclusionEPSS 4.9%CVE-2022-41343HIGHregisterFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font regiEPSS 4.1%CVE-2023-36664—Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefixEPSS 3.2%CVE-2018-10869HIGHredhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any fiEPSS 2.8%CVE-2022-44356HIGHWAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allowEPSS 2.8%

← anteriorpágina 1 / 17próxima →