CWE-548— Exposure of Information Through Directory Listing
The product inappropriately exposes a directory listing with an index of all the resources located inside of the directory.— MITRE CWE catalog
56 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-548page 2 of 2
- CVE-2025-4909HIGHCVSS 7.3EG 7.32025-05-19
A vulnerability classified as critical was found in SourceCodester Client Database Management System 1.0. This vulnerability affects unknown code. The manipulation leads to exposure of information through directory listing. The attack can …
- CVE-2025-61685MEDIUMCVSS 6.5EG 6.52025-10-03
Mastra is a Typescript framework for building AI agents and assistants. Versions 0.13.8 through 0.13.20-alpha.0 are vulnerable to a Directory Traversal attack that results in the disclosure of directory listings. The code contains a securi…
- CVE-2025-62396MEDIUMCVSS 5.3EG 5.32025-10-23
An error-handling issue in the Moodle router (r.php) could cause the application to display internal directory listings when specific HTTP headers were not properly configured.
- CVE-2026-22860HIGHCVSS 7.5EG 7.52026-02-18
Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory`’s path check used a string prefix match on the expanded path. A request like `/../root_example/` can escape the configured root i…
- CVE-2026-41933MEDIUMCVSS 5.3EG 5.32026-05-14
Vvveb before 1.0.8.3 contains a directory listing information disclosure vulnerability that allows unauthenticated attackers to enumerate files and directories by accessing multiple paths lacking proper index directives in .htaccess files.…
- CVE-2026-50233MEDIUMCVSS 5.3EG 5.32026-06-05
Lyrion Music Server 9.2.0 contains an arbitrary directory listing vulnerability in its readdirectory query, exposed through both the CLI service (TCP port 9090) and the HTTP JSON-RPC endpoint (/jsonrpc.js). The query accepts a folder param…
Map vulnerabilities like CWE-548 to your infrastructure
EchelonGraph correlates every CVE — across CWE-548 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →