Home/Alerts/Alert detail/

Full Path Disclosure

Risk:
Low

Type:
Passive

CWE:
CWE-209

Summary: The full path of files which might be sensitive has been exposed to the client.

Solution: Disable directory browsing in your web server. Refer to the web server documentation.

References: https://owasp.org/www-community/attacks/Full_Path_Disclosure

Top Security News

New NailaoLocker ransomware used against EU healthcare orgs

Black Basta ransomware gang's internal chat logs leak online

Windows Server 2025 released—here are the new features

SonicWall firewall bug leveraged in attacks after PoC exploit release

Chinese hackers abuse Microsoft APP-v tool to evade antivirus

Cisco Confirms Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks

Data Leak Exposes TopSec's Role in China's Censorship-as-a-Service Operations

CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks

Common Alerts

MediumXSLT Injection

HighPath Traversal

InformationalUser Controllable HTML Element Attribute (Potential XSS)

MediumSource Code Disclosure - SVN

InformationalRetrieved from Cache

HighSQL Injection

MediumCORS Misconfiguration

HighProperties File Disclosure - /WEB-INF folder

HighCloud Metadata Potentially Exposed

HighSource Code Disclosure - CVE-2012-1823

Top CVE List

CVE-2024-41710 Mitel SIP Phones Argument Injection Vulnerability

CVE-2025-0111 Palo Alto Networks PAN-OS File Read Vulnerability

CVE-2025-0108 Palo Alto Networks PAN-OS Authentication Bypass Vulnerability

CVE-2017-3881 Cisco IOS and IOS XE Remote Code Execution Vulnerability

CVE-2017-6736 Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

CVE-2024-40891 Zyxel DSL CPE OS Command Injection Vulnerability

CVE-2025-0994 Trimble Cityworks Deserialization Vulnerability

CVE-2025-24989 Microsoft Power Pages Improper Access Control Vulnerability

CVE-2017-0148 Microsoft SMBv1 Server Remote Code Execution Vulnerability

CVE-2025-0411 7-Zip Mark of the Web Bypass Vulnerability

Top CWE List

HighCWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CWE-693 Protection Mechanism Failure

CWE-201 Insertion of Sensitive Information Into Sent Data

CWE-581 Object Model Violation: Just One of Equals and Hashcode Defined

CWE-1426 Improper Validation of Generative AI Output

HighCWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-1021 Improper Restriction of Rendered UI Layers or Frames

CWE-284 Improper Access Control

CWE-1193 Power-On of Untrusted Execution Core Before Enabling Fabric Access Control

CWE-125 Out-of-bounds Read

Free online web security scanner

Don't show website scan report rating on the leaderboard

Full Path Disclosure

Low