Vulnerabilities > Files or Directories Accessible to External Parties

DATE CVE VULNERABILITY TITLE RISK
2022-11-03 CVE-2022-41710 Files or Directories Accessible to External Parties vulnerability in Markdownify Project Markdownify 1.4.1
Markdownify version 1.4.1 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Markdownify.
local
low complexity
markdownify-project CWE-552
5.5
2022-11-03 CVE-2022-43449 Files or Directories Accessible to External Parties vulnerability in Openharmony 3.1/3.1.1/3.1.2
OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server.
local
low complexity
openharmony CWE-552
5.5
2022-11-01 CVE-2022-23738 Files or Directories Accessible to External Parties vulnerability in Github Enterprise Server
An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to access private repository files through a public repository.
network
low complexity
github CWE-552
5.7
2022-10-28 CVE-2022-37424 Files or Directories Accessible to External Parties vulnerability in Opennebula
Files or Directories Accessible to External Parties vulnerability in OpenNebula on Linux allows File Discovery.
network
low complexity
opennebula CWE-552
6.5
2022-10-17 CVE-2022-2834 Files or Directories Accessible to External Parties vulnerability in Helpful Project Helpful
The Helpful WordPress plugin before 4.5.26 puts the exported logs and feedbacks in a publicly accessible location and guessable names, which could allow attackers to download them and retrieve sensitive information such as IP, Names and Email Address depending on the plugin's settings
network
low complexity
helpful-project CWE-552
5.3
2022-10-14 CVE-2022-42234 Files or Directories Accessible to External Parties vulnerability in Ucms Project Ucms 1.6
There is a file inclusion vulnerability in the template management module in UCMS 1.6
network
low complexity
ucms-project CWE-552
8.8
2022-09-29 CVE-2022-40126 Files or Directories Accessible to External Parties vulnerability in Clash Project Clash 0.19.9
A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated.
local
low complexity
clash-project CWE-552
7.8
2022-09-28 CVE-2022-3287 Files or Directories Accessible to External Parties vulnerability in Fwupd
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
network
low complexity
fwupd CWE-552
6.5
2022-09-25 CVE-2022-41343 Files or Directories Accessible to External Parties vulnerability in Dompdf Project Dompdf
registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule.
network
low complexity
dompdf-project CWE-552
7.5
2022-08-30 CVE-2022-36552 Files or Directories Accessible to External Parties vulnerability in Tendacn AC6 Firmware
Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an issue in the component /cgi-bin/DownloadFlash which allows attackers to steal all data such as source code and system files via a crafted GET request.
network
low complexity
tendacn CWE-552
7.5