CWE-548Exposure of Information Through Directory Listing

Abstraction: Variant · CVEs in our corpus: 54

The product inappropriately exposes a directory listing with an index of all the resources located inside of the directory.

Last updated: 09 May 2026 03:25 UTC

NIST 800-53 r5 controls that address this weakness (3)AI

Control	Title	Family	Why it addresses this CWE
`SC-30`	Concealment and Misdirection	SC	Directory listings and resource enumeration can be suppressed or populated with misleading entries.
`SC-38`	Operations Security	SC	Reduces exposure via directory listings or accessible files when OPSEC restricts visibility of key organizational resources.
`AU-13`	Monitoring for Information Disclosure	AU	Detects information exposure through directory listings as unauthorized disclosure.

CVE	Risk	CVSS	EPSS	Published
`CVE-2024-2340`	4.6	5.3	0.5818	2024-04-09
`CVE-2020-8161`	1.8	8.6	0.0091	2020-07-02
`CVE-2018-14785`	1.6	7.5	0.0151	2018-08-10
`CVE-2020-15081`	1.6	5.3	0.0969	2020-07-02
`CVE-2017-6045`	1.5	7.5	0.0052	2017-06-21
`CVE-2018-10590`	1.5	7.5	0.0043	2018-05-15
`CVE-2018-16493`	1.5	7.5	0.0061	2019-02-01
`CVE-2019-5415`	1.5	7.5	0.0032	2019-03-21
`CVE-2021-21528`	1.5	7.5	0.0027	2021-11-12
`CVE-2021-27505`	1.5	7.5	0.0021	2022-05-13
`CVE-2023-51948`	1.5	7.5	0.0018	2024-01-19
`CVE-2024-22082`	1.5	7.5	0.0024	2024-03-20
`CVE-2023-49979`	1.5	7.5	0.0057	2024-03-21
`CVE-2025-2038`	1.5	7.3	0.0007	2025-03-06
`CVE-2025-4909`	1.5	7.3	0.0031	2025-05-19
`CVE-2025-28170`	1.5	7.6	0.0013	2025-07-29
`CVE-2021-47718`	1.5	7.5	0.0027	2025-12-09
`CVE-2022-50788`	1.5	7.5	0.0063	2025-12-30
`CVE-2020-36921`	1.5	7.5	0.0030	2026-01-06
`CVE-2026-22860`	1.5	7.5	0.0010	2026-02-18
`CVE-2020-7858`	1.4	6.8	0.0042	2021-04-22
`CVE-2024-45096`	1.3	6.5	0.0014	2024-09-05
`CVE-2025-61685`	1.3	6.5	0.0052	2025-10-03
`CVE-2024-42007`	1.2	5.8	0.0074	2024-07-26
`CVE-2025-4807`	1.2	5.3	0.0159	2025-05-16