Vulnerabilities > Files or Directories Accessible to External Parties

DATE CVE VULNERABILITY TITLE RISK
2023-01-09 CVE-2022-23508 Files or Directories Accessible to External Parties vulnerability in Weave Gitops
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise.
local
low complexity
weave CWE-552
7.8
2023-01-04 CVE-2022-45052 Files or Directories Accessible to External Parties vulnerability in Axiell Iguana 4.0.0
A Local File Inclusion vulnerability has been found in Axiell Iguana CMS.
network
low complexity
axiell CWE-552
6.5
2023-01-02 CVE-2022-4236 Files or Directories Accessible to External Parties vulnerability in Collne Welcart E-Commerce
The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file via an AJAX action available to any authenticated users, which could allow users with a role as low as subscriber to read arbitrary files on the server.
network
low complexity
collne CWE-552
6.5
2022-12-27 CVE-2022-45426 Files or Directories Accessible to External Parties vulnerability in Dahuasecurity products
Some Dahua software products have a vulnerability of unrestricted download of file.
network
low complexity
dahuasecurity CWE-552
6.5
2022-12-19 CVE-2022-4106 Files or Directories Accessible to External Parties vulnerability in Cedcommerce Wholesale Market for Woocommerce
The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server.
network
low complexity
cedcommerce CWE-552
7.5
2022-12-12 CVE-2022-45227 Files or Directories Accessible to External Parties vulnerability in Dragino Lg01 Lora Firmware 4.3.4
The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the directory listing at the URL https://10.10.20.74/lib/.
network
low complexity
dragino CWE-552
7.5
2022-11-29 CVE-2022-44356 Files or Directories Accessible to External Parties vulnerability in Wavlink Wl-Wn531G3 Firmware M31G3.V5030.200325/M31G3.V5030.201204
WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files.
network
low complexity
wavlink CWE-552
7.5
2022-11-21 CVE-2022-3691 Files or Directories Accessible to External Parties vulnerability in Fluenx Deepl PRO API Translation
The DeepL Pro API translation plugin WordPress plugin before 1.7.5 discloses sensitive information (including the DeepL API key) in files that are publicly accessible to an external, unauthenticated visitor.
network
low complexity
fluenx CWE-552
7.5
2022-11-18 CVE-2022-44583 Files or Directories Accessible to External Parties vulnerability in Watchtowerhq Watchtower
Unauth.
network
low complexity
watchtowerhq CWE-552
7.5
2022-11-10 CVE-2022-45129 Files or Directories Accessible to External Parties vulnerability in Payara
Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422.
network
low complexity
payara CWE-552
7.5