Total
46 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-62396 | 2025-10-23 | N/A | 5.3 MEDIUM | ||
| An error-handling issue in the Moodle router (r.php) could cause the application to display internal directory listings when specific HTTP headers were not properly configured. | |||||
| CVE-2025-27906 | 4 Apple, Ibm, Linux and 1 more | 4 Macos, Content Navigator, Linux Kernel and 1 more | 2025-10-21 | N/A | 5.3 MEDIUM |
| IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and folders are visible in the browser to a user; however, the contents of the files cannot be read obtained or modified. | |||||
| CVE-2025-61685 | 2025-10-06 | N/A | 6.5 MEDIUM | ||
| Mastra is a Typescript framework for building AI agents and assistants. Versions 0.13.8 through 0.13.20-alpha.0 are vulnerable to a Directory Traversal attack that results in the disclosure of directory listings. The code contains a security check to prevent path traversal for reading file contents, but this check is effectively bypassed by subsequent logic that attempts to find directory suggestions. An attacker can leverage this flaw to list the contents of arbitrary directories on the user's filesystem, including the user's home directory, exposing sensitive information about the file system's structure. This issue is fixed in version 0.13.20. | |||||
| CVE-2025-28170 | 1 Grandstream | 2 Gxp1628, Gxp1628 Firmware | 2025-08-06 | N/A | 7.6 HIGH |
| Grandstream Networks GXP1628 <=1.0.4.130 is vulnerable to Incorrect Access Control. The device is configured with directory listing enabled, allowing unauthorized access to sensitive directories and files. | |||||
| CVE-2025-2827 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling File Gateway, Linux Kernel and 1 more | 2025-08-02 | N/A | 4.3 MEDIUM |
| IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 could disclose sensitive installation directory information to an authenticated user that could be used in further attacks against the system. | |||||
| CVE-2025-23378 | 1 Dell | 1 Powerscale Onefs | 2025-07-15 | N/A | 3.3 LOW |
| Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an exposure of information through directory listing vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure. | |||||
| CVE-2024-28766 | 1 Ibm | 2 Security Directory Integrator, Security Verify Directory Integrator | 2025-07-14 | N/A | 2.4 LOW |
| IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could disclose sensitive information about directory contents that could aid in further attacks against the system. | |||||
| CVE-2025-27452 | 2025-07-03 | N/A | 5.3 MEDIUM | ||
| The configuration of the Apache httpd webserver which serves the MEAC300-FNADE4 web application, is partly insecure. There are modules activated that are not required for the operation of the FNADE4 web application. The functionality of the some modules pose a risk to the webserver which enable dircetory listing. | |||||
| CVE-2023-51948 | 1 Actidata | 2 Actinas Sl 2u-8 Rdx, Actinas Sl 2u-8 Rdx Firmware | 2025-06-20 | N/A | 7.5 HIGH |
| A Site-wide directory listing vulnerability in /fm in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to list the files hosted by the web application. | |||||
| CVE-2025-1138 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server On Cloud | 2025-06-04 | N/A | 4.3 MEDIUM |
| IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks against the system through a directory listing. | |||||
| CVE-2025-4807 | 1 Senior-walter | 1 Online Student Clearance System | 2025-05-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in SourceCodester Online Student Clearance System 1.0. This affects an unknown part. The manipulation leads to exposure of information through directory listing. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4909 | 1 Lerouxyxchire | 1 Client Database Management System | 2025-05-28 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical was found in SourceCodester Client Database Management System 1.0. This vulnerability affects unknown code. The manipulation leads to exposure of information through directory listing. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2651 | 1 Oretnom23 | 1 Online Eyewear Shop | 2025-05-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /oews/admin/. The manipulation leads to exposure of information through directory listing. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. Multiple sub-directories are affected. | |||||
| CVE-2025-2038 | 1 Code-projects | 1 Blood Bank Management System | 2025-05-13 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /upload/. The manipulation leads to exposure of information through directory listing. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-45320 | 1 Lopalopa | 1 Online Service Management Portal | 2025-05-07 | N/A | 5.3 MEDIUM |
| A Directory Listing Vulnerability was found in the /osms/Requester/ directory of the Kashipara Online Service Management Portal V1.0. | |||||
| CVE-2017-6045 | 1 Trihedral | 1 Vtscada | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information. | |||||
| CVE-2024-22082 | 1 Elspec-ltd | 2 G5dfr, G5dfr Firmware | 2025-04-16 | N/A | 7.5 HIGH |
| An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated directory listing can occur: the web interface cay be abused be an attacker get a better understanding of the operating system. | |||||
| CVE-2025-2652 | 1 Oretnom23 | 1 Employee And Visitor Gate Pass Logging System | 2025-03-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to exposure of information through directory listing. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. Multiple sub-directories are affected. | |||||
| CVE-2024-7809 | 1 Tamparongj03 | 1 Online Graduate Tracer System | 2025-02-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /tracking/nbproject/. The manipulation leads to exposure of information through directory listing. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-35113 | 2025-01-25 | N/A | 4.3 MEDIUM | ||
| IBM Control Center 6.2.1 and 6.3.1 could allow an authenticated user to obtain sensitive information exposed through a directory listing. | |||||