CWE-548
54 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-548page 1 of 2
- CVE-2014-125069MEDIUMCVSS 4.3EG 5.32023-01-08
A vulnerability was found in saxman maps-js-icoads. It has been classified as problematic. Affected is an unknown function. The manipulation leads to exposure of information through directory listing. It is possible to launch the attack re…
- CVE-2016-15019MEDIUMCVSS 4.3EG 7.52023-01-15
A vulnerability was found in tombh jekbox. It has been rated as problematic. This issue affects some unknown processing of the file lib/server.rb. The manipulation leads to exposure of information through directory listing. The attack may …
- CVE-2018-10590HIGHCVSS 7.5EG 7.52018-05-15
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information …
- CVE-2018-14785HIGHCVSS 7.5EG 7.52018-08-10
NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The directory of the device is listed openly without authentication.
- CVE-2018-16493HIGHCVSS 7.5EG 7.52019-02-01
A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the server by appending slashes in the URL.
- CVE-2019-5415HIGHCVSS 7.5EG 7.52019-03-21
A bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or list the directory that the victim has not allowed access to.
- CVE-2019-5437MEDIUMCVSS 5.3EG 5.32019-05-10
Information exposure through the directory listing in npm's harp module allows to access files that are supposed to be ignored according to the harp server rules.Vulnerable versions are <= 0.29.0 and no fix was applied to our knowledge.
- CVE-2020-15081MEDIUMCVSS 5.3EG 5.32020-07-02
In PrestaShop from version 1.5.0.0 and before 1.7.6.6, there is information exposure in the upload directory. The problem is fixed in version 1.7.6.6. A possible workaround is to add an empty index.php file in the upload directory.
- CVE-2020-15790MEDIUMCVSS 5.3EG 5.32020-09-09
A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). If configured in an insecure manner, the web server might be susceptible to a directory listing attack.
- CVE-2020-36921HIGHCVSS 7.5EG 7.52026-01-06
RED-V Super Digital Signage System 5.1.1 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive webserver log files. Attackers can visit multiple endpoints to retrieve system resources an…
- CVE-2020-7858MEDIUMCVSS 6.8EG 6.82021-04-22
There is a directory traversing vulnerability in the download page url of AquaNPlayer 2.0.0.92. The IP of the download page url is localhost and an attacker can traverse directories using "dot dot" sequences(../../) to view host file on th…
- CVE-2020-8161HIGHCVSS 8.6EG 8.62020-07-02
A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure.
- CVE-2021-21528HIGHCVSS 7.5EG 7.52021-11-12
Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an Exposure of Information through Directory Listing vulnerability. This vulnerability is triggered when upgrading from a previous versions.
- CVE-2021-23195MEDIUMCVSS 5.3EG 5.32022-01-21
Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 has the option for automated indexing (directory listing) activated. When accessing a directory, a web server delivers its entire content in HTML form. If an inde…
- CVE-2021-27505HIGHCVSS 7.5EG 7.52022-05-13
mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive directory listing information.
- CVE-2021-32510MEDIUMCVSS 4.3EG 4.32021-07-07
QSAN Storage Manager through directory listing vulnerability in antivirus function allows remote authenticated attackers to list arbitrary directories by injecting file path parameter. The referred vulnerability has been solved with the up…
- CVE-2021-32511MEDIUMCVSS 4.3EG 4.32021-07-07
QSAN Storage Manager through directory listing vulnerability in ViewBroserList allows remote authenticated attackers to list arbitrary directories via the file path parameter. The referred vulnerability has been solved with the updated ver…
- CVE-2021-32515MEDIUMCVSS 5.3EG 5.32021-07-07
Directory listing vulnerability in share_link in QSAN Storage Manager allows attackers to list arbitrary directories and further access credential information. The referred vulnerability has been solved with the updated version of QSAN Sto…
- CVE-2021-45446MEDIUMCVSS 5.0EG 7.52022-11-02
A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the co…
- CVE-2021-47718HIGHCVSS 7.5EG 7.52025-12-09
OpenBMCS 2.4 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive files by exploiting directory listing functionality. Attackers can browse directories like /debug/ and /php/ to discove…
- CVE-2022-30625MEDIUMCVSS 5.7EG 5.32022-07-18
Directory listing is a web server function that displays the directory contents when there is no index file in a specific website directory. A directory listing provides an attacker with the complete index of all the resources located insi…
- CVE-2022-36243MEDIUMCVSS 5.3EG 5.32023-05-30
Shop Beat Solutions (pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Directory Traversal via server.shopbeat.co.za. Information Exposure Through Directory Listing vulnerability in "studio" software of Shop Beat. This i…
- CVE-2022-50788HIGHCVSS 7.5EG 7.52025-12-30
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive log files. Attackers can directly browse the /log directory to retrieve system and sensitive inf…
- CVE-2023-38265MEDIUMCVSS 5.3EG 5.32026-02-17
IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system.
- CVE-2023-49979HIGHCVSS 7.5EG 7.52024-03-21
A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization.
- CVE-2023-51948HIGHCVSS 7.5EG 7.52024-01-19
A Site-wide directory listing vulnerability in /fm in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to list the files hosted by the web application.
- CVE-2024-22082HIGHCVSS 7.5EG 7.52024-03-20
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated directory listing can occur: the web interface cay be abused be an attacker get a better understanding of the operating system.
- CVE-2024-2340MEDIUMCVSS 5.3EG 5.32024-04-09
The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extra…
- CVE-2024-28766LOWCVSS 2.4EG 2.42025-01-27
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could disclose sensitive information about directory contents that could aid in further attacks against the system.
- CVE-2024-35113MEDIUMCVSS 4.3EG 4.32025-01-25
IBM Control Center 6.2.1 and 6.3.1 could allow an authenticated user to obtain sensitive information exposed through a directory listing.
- CVE-2024-3707MEDIUMCVSS 5.3EG 5.32024-04-12
Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file.
- CVE-2024-42007MEDIUMCVSS 5.8EG 5.82024-07-26
SPX (aka php-spx) through 0.4.15 allows SPX_UI_URI Directory Traversal to read arbitrary files.
- CVE-2024-45096MEDIUMCVSS 6.5EG 6.52024-09-05
IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a directory listing.
- CVE-2024-56464LOWCVSS 2.7EG 2.72025-12-09
IBM QRadar SIEM 7.5 - 7.5.0 UP14 IF01 is affected by an information disclosure vulnerability involving exposure of directory information. IBM has addressed this vulnerability in the latest update.
- CVE-2024-7809MEDIUMCVSS 5.3EG 5.32024-08-15
A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /tracking/nbproject/. The manipulation leads to expo…
- CVE-2024-7912MEDIUMCVSS 5.3EG 5.32024-08-18
A vulnerability was found in CodeAstro Online Railway Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/assets/. The manipulation leads to exposure of information throug…
- CVE-2024-8711MEDIUMCVSS 5.3EG 5.32024-09-12
A vulnerability, which was classified as problematic, has been found in SourceCodester Food Ordering Management System 1.0. Affected by this issue is some unknown functionality of the file /includes/. The manipulation leads to exposure of …
- CVE-2025-1138MEDIUMCVSS 4.3EG 4.32025-05-15
IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks against the system through a directory listing.
- CVE-2025-13200MEDIUMCVSS 5.3EG 5.32025-11-15
A vulnerability was determined in SourceCodester Farm Management System 1.0. Affected by this vulnerability is an unknown functionality. This manipulation causes exposure of information through directory listing. The attack is possible to …
- CVE-2025-2038HIGHCVSS 7.3EG 7.32025-03-06
A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /upload/. The manipulation leads to exposure of information through director…
- CVE-2025-23378LOWCVSS 3.3EG 3.32025-04-10
Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an exposure of information through directory listing vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to inf…
- CVE-2025-2651MEDIUMCVSS 5.3EG 5.32025-03-23
A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /oews/admin/. The manipulation leads to exposure of information through directory listin…
- CVE-2025-2652MEDIUMCVSS 5.3EG 5.32025-03-23
A vulnerability has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to exposure of information…
- CVE-2025-27452MEDIUMCVSS 5.3EG 5.32025-07-03
The configuration of the Apache httpd webserver which serves the MEAC300-FNADE4 web application, is partly insecure. There are modules activated that are not required for the operation of the FNADE4 web application. The functionality of th…
- CVE-2025-27906MEDIUMCVSS 5.3EG 5.32025-10-14
IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and folders are visible in the browser to a user; however, the contents of the fi…
- CVE-2025-28170HIGHCVSS 7.6EG 7.62025-07-29
Grandstream Networks GXP1628 <=1.0.4.130 is vulnerable to Incorrect Access Control. The device is configured with directory listing enabled, allowing unauthorized access to sensitive directories and files.
- CVE-2025-2827MEDIUMCVSS 4.3EG 4.32025-07-08
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 could disclose sensitive installation directory information to an authenticated user that could be used in further attacks against the system.
- CVE-2025-32750HIGHCVSS 7.5EG 7.52026-05-20
Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information …
- CVE-2025-45320MEDIUMCVSS 5.3EG 7.52025-05-05
A Directory Listing Vulnerability was found in the /osms/Requester/ directory of the Kashipara Online Service Management Portal V1.0.
- CVE-2025-4807MEDIUMCVSS 5.3EG 5.32025-05-16
A vulnerability, which was classified as problematic, was found in SourceCodester Online Student Clearance System 1.0. This affects an unknown part. The manipulation leads to exposure of information through directory listing. It is possibl…
Map vulnerabilities like CWE-548 to your infrastructure
EchelonGraph correlates every CVE — across CWE-548 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →