Weaknesses of type CWE-434

2,782 results

CVE-2017-12617HIGHWhen running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g.EPSS 100.0%KEV CVE-2018-15961CRITICALAdobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file uploaEPSS 100.0%KEV CVE-2021-31207MEDIUMMicrosoft Exchange Server Security Feature Bypass VulnerabilityEPSS 99.8%KEV CVE-2017-12615HIGHWhen running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the EPSS 99.6%KEV CVE-2025-31324CRITICALMissing Authorization check in SAP NetWeaver (Visual Composer development server)EPSS 99.3%KEV CVE-2024-50623CRITICALIn Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download thEPSS 98.5%KEV CVE-2016-3088CRITICALThe Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTEPSS 98.5%KEV CVE-2020-25213CRITICALThe File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because EPSS 97.3%KEV CVE-2020-8260HIGHA vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code eEPSS 96.5%KEV CVE-2024-8856CRITICALBackup and Staging by WP Time Capsule <= 1.22.21 - Unauthenticated Arbitrary File UploadEPSS 93.7%CVE-2022-1329HIGHElementor Website Builder 3.6.0 - 3.6.2 - Missing Authorization to Remote Code ExecutionEPSS 92.9%CVE-2024-7399HIGHImproper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackEPSS 91.9%KEV CVE-2023-20073MEDIUMCisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload VulnerabilityEPSS 88.9%CVE-2021-24145—Modern Events Calendar Lite < 5.16.5 - Authenticated Arbitrary File Upload leading to RCEEPSS 88.2%CVE-2025-52691CRITICALUpload Arbitrary FilesEPSS 85.5%KEV CVE-2023-28128HIGHAn unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker tEPSS 84.7%CVE-2023-50386HIGHApache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSetsEPSS 83.8%CVE-2021-24155—Backup Guard < 1.6.0 - Authenticated Arbitrary File UploadEPSS 83.7%CVE-2021-21351MEDIUMXStream is vulnerable to an Arbitrary Code Execution attackEPSS 82.6%CVE-2021-42362HIGHWordPress Popular Posts <= 5.3.2 Authenticated Arbitrary File UploadEPSS 79.8%

← previouspage 1 / 140next →