Total
40 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-45096 | 1 Ibm | 1 Aspera Faspex | 2026-06-17 | N/A | 6.5 MEDIUM |
| IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a directory listing. | |||||
| CVE-2024-42007 | 2026-06-17 | N/A | 5.8 MEDIUM | ||
| SPX (aka php-spx) through 0.4.15 allows SPX_UI_URI Directory Traversal to read arbitrary files. | |||||
| CVE-2024-3707 | 1 Opengnsys | 1 Opengnsys | 2026-06-17 | N/A | 5.3 MEDIUM |
| Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file. | |||||
| CVE-2024-35113 | 1 Ibm | 1 Control Center | 2026-06-17 | N/A | 4.3 MEDIUM |
| IBM Control Center 6.2.1 and 6.3.1 could allow an authenticated user to obtain sensitive information exposed through a directory listing. | |||||
| CVE-2024-2340 | 1 Theme-fusion | 1 Avada | 2026-06-17 | N/A | 5.3 MEDIUM |
| The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism. | |||||
| CVE-2024-28766 | 1 Ibm | 2 Security Directory Integrator, Security Verify Directory Integrator | 2026-06-17 | N/A | 2.4 LOW |
| IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could disclose sensitive information about directory contents that could aid in further attacks against the system. | |||||
| CVE-2024-22082 | 1 Elspec-ltd | 2 G5dfr, G5dfr Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated directory listing can occur: the web interface cay be abused be an attacker get a better understanding of the operating system. | |||||
| CVE-2023-51948 | 1 Actidata | 2 Actinas Sl 2u-8 Rdx, Actinas Sl 2u-8 Rdx Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| A Site-wide directory listing vulnerability in /fm in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to list the files hosted by the web application. | |||||
| CVE-2023-49979 | 1 Mayurik | 1 Best Student Management System | 2026-06-17 | N/A | 7.5 HIGH |
| A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization. | |||||
| CVE-2023-38265 | 1 Ibm | 1 Cloud Pak System | 2026-06-17 | N/A | 5.3 MEDIUM |
| IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system. | |||||
| CVE-2022-50788 | 1 Sound4 | 17 Big Voice2, Big Voice2 Firmware, Big Voice4 and 14 more | 2026-06-17 | N/A | 7.5 HIGH |
| SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive log files. Attackers can directly browse the /log directory to retrieve system and sensitive information without authentication. | |||||
| CVE-2021-47718 | 1 Openbmcs | 1 Openbmcs | 2026-06-17 | N/A | 7.5 HIGH |
| OpenBMCS 2.4 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive files by exploiting directory listing functionality. Attackers can browse directories like /debug/ and /php/ to discover configuration files, database credentials, and system information. | |||||
| CVE-2021-32515 | 1 Qsan | 1 Storage Manager | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory listing vulnerability in share_link in QSAN Storage Manager allows attackers to list arbitrary directories and further access credential information. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. | |||||
| CVE-2021-32511 | 1 Qsan | 1 Storage Manager | 2026-06-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| QSAN Storage Manager through directory listing vulnerability in ViewBroserList allows remote authenticated attackers to list arbitrary directories via the file path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. | |||||
| CVE-2021-32510 | 1 Qsan | 1 Storage Manager | 2026-06-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| QSAN Storage Manager through directory listing vulnerability in antivirus function allows remote authenticated attackers to list arbitrary directories by injecting file path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. | |||||
| CVE-2021-27505 | 1 Myscada | 1 Mypro | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive directory listing information. | |||||
| CVE-2020-36921 | 2026-06-17 | N/A | 7.5 HIGH | ||
| RED-V Super Digital Signage System 5.1.1 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive webserver log files. Attackers can visit multiple endpoints to retrieve system resources and debug log information without authentication. | |||||
| CVE-2026-50233 | 2026-06-05 | N/A | 5.3 MEDIUM | ||
| Lyrion Music Server 9.2.0 contains an arbitrary directory listing vulnerability in its readdirectory query, exposed through both the CLI service (TCP port 9090) and the HTTP JSON-RPC endpoint (/jsonrpc.js). The query accepts a folder parameter and lists its contents with no restriction to the configured media directories and no authentication in the default configuration, allowing a remote, unauthenticated attacker to enumerate arbitrary locations on the host filesystem. | |||||
| CVE-2025-32750 | 1 Dell | 3 Powerflex Appliance Intelligent Catalog, Powerflex Manager, Powerflex Rack | 2026-06-02 | N/A | 7.5 HIGH |
| Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. | |||||
| CVE-2026-41933 | 2026-05-14 | N/A | 5.3 MEDIUM | ||
| Vvveb before 1.0.8.3 contains a directory listing information disclosure vulnerability that allows unauthenticated attackers to enumerate files and directories by accessing multiple paths lacking proper index directives in .htaccess files. Attackers can access directories such as admin asset paths, plugins, themes, and media folders to view filenames, file sizes, modification timestamps, and unrendered admin templates containing sensitive route maps. | |||||