Falhas do tipo CWE-552

327 resultados
CVE-2019-3897It has been discovered in redhat-certification that any unauthorized user may download any file under /var/www/rhcert, provided they know itEPSS 0.9%CVE-2022-35235MEDIUMWordPress WPide plugin <= 2.6 - Authenticated Arbitrary File Read vulnerabilityEPSS 0.9%CVE-2021-3856ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending reEPSS 0.9%CVE-2023-29931laravel-s 3.7.35 is vulnerable to Local File Inclusion via /src/Illuminate/Laravel.php.EPSS 0.9%CVE-2026-2331CRITICALCVE-2026-2331EPSS 0.9%CVE-2022-1585Project Source Code Download <= 1.0.0 - Unauthenticated Backup DownloadEPSS 0.9%CVE-2021-34765MEDIUMCisco Nexus Insights Authenticated Information Disclosure VulnerabilityEPSS 0.9%CVE-2026-40484CRITICALChurchCRM: Authenticated Remote Code Execution via Unrestricted PHP File Write in Database Restore FunctionEPSS 0.9%CVE-2022-2981Download Monitor < 4.5.98 - Admin+ Arbitrary File DownloadEPSS 0.9%CVE-2025-0509HIGHSigning Checks BypassEPSS 0.8%CVE-2022-24075Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP fiEPSS 0.8%CVE-2024-32498MEDIUMAn issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur viEPSS 0.8%CVE-2024-51058MEDIUMLocal File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from EPSS 0.8%CVE-2022-42234HIGHThere is a file inclusion vulnerability in the template management module in UCMS 1.6EPSS 0.8%CVE-2021-33843MEDIUMFresenius Kabi Agilia Connect Infusion System files or directories accessible to external partiesEPSS 0.8%CVE-2023-23330HIGHamano Xparc parking solutions 7.1.3879 was discovered to be vulnerable to local file inclusion.EPSS 0.8%CVE-2022-48161HIGHEasy Images v2.0 was discovered to contain an arbitrary file download vulnerability via the component /application/down.php. This vulnerabilEPSS 0.8%CVE-2024-48647HIGHA file disclosure vulnerability exists in Sage 1000 v7.0.0. This vulnerability allows remote attackers to retrieve arbitrary files from the EPSS 0.8%CVE-2023-39545CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleEPSS 0.7%CVE-2024-36442HIGHcgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices allows an authenticated attacker to gain access to arbitrary files on the devicEPSS 0.7%