Vulnerabilities > Files or Directories Accessible to External Parties
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-27 | CVE-2022-45426 | Files or Directories Accessible to External Parties vulnerability in Dahuasecurity products Some Dahua software products have a vulnerability of unrestricted download of file. | 6.5 |
| 2022-12-19 | CVE-2022-4106 | Files or Directories Accessible to External Parties vulnerability in Cedcommerce Wholesale Market for Woocommerce The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server. | 7.5 |
| 2022-12-12 | CVE-2022-45227 | Files or Directories Accessible to External Parties vulnerability in Dragino Lg01 Lora Firmware 4.3.4 The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the directory listing at the URL https://10.10.20.74/lib/. | 7.5 |
| 2022-11-29 | CVE-2022-44356 | Files or Directories Accessible to External Parties vulnerability in Wavlink Wl-Wn531G3 Firmware M31G3.V5030.200325/M31G3.V5030.201204 WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files. | 7.5 |
| 2022-11-21 | CVE-2022-3691 | Files or Directories Accessible to External Parties vulnerability in Fluenx Deepl PRO API Translation The DeepL Pro API translation plugin WordPress plugin before 1.7.5 discloses sensitive information (including the DeepL API key) in files that are publicly accessible to an external, unauthenticated visitor. | 7.5 |
| 2022-11-18 | CVE-2022-44583 | Files or Directories Accessible to External Parties vulnerability in Watchtowerhq Watchtower Unauth. | 7.5 |
| 2022-11-10 | CVE-2022-45129 | Files or Directories Accessible to External Parties vulnerability in Payara Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. | 7.5 |
| 2022-11-03 | CVE-2022-41710 | Files or Directories Accessible to External Parties vulnerability in Markdownify Project Markdownify 1.4.1 Markdownify version 1.4.1 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Markdownify. | 5.5 |
| 2022-11-03 | CVE-2022-43449 | Files or Directories Accessible to External Parties vulnerability in Openharmony 3.1/3.1.1/3.1.2 OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. | 5.5 |
| 2022-11-01 | CVE-2022-23738 | Files or Directories Accessible to External Parties vulnerability in Github Enterprise Server An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to access private repository files through a public repository. | 5.7 |