Vulnerabilities > Files or Directories Accessible to External Parties
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-01-09 | CVE-2022-23508 | Files or Directories Accessible to External Parties vulnerability in Weave Gitops Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. | 7.8 |
2023-01-04 | CVE-2022-45052 | Files or Directories Accessible to External Parties vulnerability in Axiell Iguana 4.0.0 A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. | 6.5 |
2023-01-02 | CVE-2022-4236 | Files or Directories Accessible to External Parties vulnerability in Collne Welcart E-Commerce The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file via an AJAX action available to any authenticated users, which could allow users with a role as low as subscriber to read arbitrary files on the server. | 6.5 |
2022-12-27 | CVE-2022-45426 | Files or Directories Accessible to External Parties vulnerability in Dahuasecurity products Some Dahua software products have a vulnerability of unrestricted download of file. | 6.5 |
2022-12-19 | CVE-2022-4106 | Files or Directories Accessible to External Parties vulnerability in Cedcommerce Wholesale Market for Woocommerce The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server. | 7.5 |
2022-12-12 | CVE-2022-45227 | Files or Directories Accessible to External Parties vulnerability in Dragino Lg01 Lora Firmware 4.3.4 The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the directory listing at the URL https://10.10.20.74/lib/. | 7.5 |
2022-11-29 | CVE-2022-44356 | Files or Directories Accessible to External Parties vulnerability in Wavlink Wl-Wn531G3 Firmware M31G3.V5030.200325/M31G3.V5030.201204 WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files. | 7.5 |
2022-11-21 | CVE-2022-3691 | Files or Directories Accessible to External Parties vulnerability in Fluenx Deepl PRO API Translation The DeepL Pro API translation plugin WordPress plugin before 1.7.5 discloses sensitive information (including the DeepL API key) in files that are publicly accessible to an external, unauthenticated visitor. | 7.5 |
2022-11-18 | CVE-2022-44583 | Files or Directories Accessible to External Parties vulnerability in Watchtowerhq Watchtower Unauth. | 7.5 |
2022-11-10 | CVE-2022-45129 | Files or Directories Accessible to External Parties vulnerability in Payara Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. | 7.5 |