Vulnerabilities > Files or Directories Accessible to External Parties
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-11-03 | CVE-2022-41710 | Files or Directories Accessible to External Parties vulnerability in Markdownify Project Markdownify 1.4.1 Markdownify version 1.4.1 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Markdownify. | 5.5 |
2022-11-03 | CVE-2022-43449 | Files or Directories Accessible to External Parties vulnerability in Openharmony 3.1/3.1.1/3.1.2 OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. | 5.5 |
2022-11-01 | CVE-2022-23738 | Files or Directories Accessible to External Parties vulnerability in Github Enterprise Server An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to access private repository files through a public repository. | 5.7 |
2022-10-28 | CVE-2022-37424 | Files or Directories Accessible to External Parties vulnerability in Opennebula Files or Directories Accessible to External Parties vulnerability in OpenNebula on Linux allows File Discovery. | 6.5 |
2022-10-17 | CVE-2022-2834 | Files or Directories Accessible to External Parties vulnerability in Helpful Project Helpful The Helpful WordPress plugin before 4.5.26 puts the exported logs and feedbacks in a publicly accessible location and guessable names, which could allow attackers to download them and retrieve sensitive information such as IP, Names and Email Address depending on the plugin's settings | 5.3 |
2022-10-14 | CVE-2022-42234 | Files or Directories Accessible to External Parties vulnerability in Ucms Project Ucms 1.6 There is a file inclusion vulnerability in the template management module in UCMS 1.6 | 8.8 |
2022-09-29 | CVE-2022-40126 | Files or Directories Accessible to External Parties vulnerability in Clash Project Clash 0.19.9 A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated. | 7.8 |
2022-09-28 | CVE-2022-3287 | Files or Directories Accessible to External Parties vulnerability in Fwupd When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file. | 6.5 |
2022-09-25 | CVE-2022-41343 | Files or Directories Accessible to External Parties vulnerability in Dompdf Project Dompdf registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule. | 7.5 |
2022-08-30 | CVE-2022-36552 | Files or Directories Accessible to External Parties vulnerability in Tendacn AC6 Firmware Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an issue in the component /cgi-bin/DownloadFlash which allows attackers to steal all data such as source code and system files via a crafted GET request. | 7.5 |