CVEs classified under CWE-548, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (34)
CVE-2025-28170 — CVSS 7.6 (high): Grandstream Networks GXP1628 <=1.0.4.130 is vulnerable to Incorrect Access Control. The device is configured with directory listing…
CVE-2025-32750 — CVSS 7.5 (high): Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An…
CVE-2020-36921 — CVSS 7.5 (high): RED-V Super Digital Signage System 5.1.1 contains an information disclosure vulnerability that allows unauthenticated attackers to access…
CVE-2022-50788 — CVSS 7.5 (high): SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an information disclosure vulnerability that allows unauthenticated attackers to access…
CVE-2021-47718 — CVSS 7.5 (high): OpenBMCS 2.4 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive files by exploiting…
CVE-2024-22082 — CVSS 7.5 (high): An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated directory listing can occur: the…
CVE-2023-51948 — CVSS 7.5 (high): A Site-wide directory listing vulnerability in /fm in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to list the files…
CVE-2021-27505 — CVSS 7.5 (high): mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive directory listing information.
CVE-2021-21528 — CVSS 7.5 (high): Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an Exposure of Information through Directory Listing vulnerability. This…
CVE-2025-61685 — CVSS 6.5 (medium): Mastra is a Typescript framework for building AI agents and assistants. Versions 0.13.8 through 0.13.20-alpha.0 are vulnerable to a…
CVE-2024-45096 — CVSS 6.5 (medium): IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a directory…
CVE-2026-50233 — CVSS 5.3 (medium): Lyrion Music Server 9.2.0 contains an arbitrary directory listing vulnerability in its readdirectory query, exposed through both the CLI…
CVE-2026-41933 — CVSS 5.3 (medium): Vvveb before 1.0.8.3 contains a directory listing information disclosure vulnerability that allows unauthenticated attackers to enumerate…
CVE-2023-38265 — CVSS 5.3 (medium): IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated…
CVE-2025-13200 — CVSS 5.3 (medium): A vulnerability was determined in SourceCodester Farm Management System 1.0. Affected by this vulnerability is an unknown functionality…
CVE-2025-62396 — CVSS 5.3 (medium): An error-handling issue in the Moodle router (r.php) could cause the application to display internal directory listings when specific HTTP…
CVE-2025-27906 — CVSS 5.3 (medium): IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL…
CVE-2025-27452 — CVSS 5.3 (medium): The configuration of the Apache httpd webserver which serves the MEAC300-FNADE4 web application, is partly insecure. There are modules…
CVE-2025-45320 — CVSS 5.3 (medium): A Directory Listing Vulnerability was found in the /osms/Requester/ directory of the Kashipara Online Service Management Portal V1.0.
CVE-2025-2652 — CVSS 5.3 (medium): A vulnerability has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected…
CVE-2024-8711 — CVSS 5.3 (medium): A vulnerability, which was classified as problematic, has been found in SourceCodester Food Ordering Management System 1.0. Affected by…
CVE-2024-7912 — CVSS 5.3 (medium): A vulnerability was found in CodeAstro Online Railway Reservation System 1.0. It has been declared as problematic. This vulnerability…
CVE-2024-7809 — CVSS 5.3 (medium): A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0. It has been declared as problematic. Affected by this…
CVE-2024-3707 — CVSS 5.3 (medium): Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to enumerate all…
CVE-2024-2340 — CVSS 5.3 (medium): The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the…
CVE-2021-32515 — CVSS 5.3 (medium): Directory listing vulnerability in share_link in QSAN Storage Manager allows attackers to list arbitrary directories and further access…
CVE-2025-2827 — CVSS 4.3 (medium): IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 could disclose sensitive installation directory information…
CVE-2025-1138 — CVSS 4.3 (medium): IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks…
CVE-2024-35113 — CVSS 4.3 (medium): IBM Control Center 6.2.1 and 6.3.1 could allow an authenticated user to obtain sensitive information exposed through a directory listing.
CVE-2021-32511 — CVSS 4.3 (medium): QSAN Storage Manager through directory listing vulnerability in ViewBroserList allows remote authenticated attackers to list arbitrary…
CVE-2021-32510 — CVSS 4.3 (medium): QSAN Storage Manager through directory listing vulnerability in antivirus function allows remote authenticated attackers to list arbitrary…
CVE-2025-23378 — CVSS 3.3 (low): Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an exposure of information through directory listing vulnerability. A…
CVE-2024-56464 — CVSS 2.7 (low): IBM QRadar SIEM 7.5 - 7.5.0 UP14 IF01 is affected by an information disclosure vulnerability involving exposure of directory information…
CVE-2024-28766 — CVSS 2.4 (low): IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could disclose sensitive information about…