Weaknesses of type CWE-434

2,818 results
CVE-2025-9212HIGHWP Dispatcher <= 1.2.0 - Authenticated (Subscriber+) Arbitrary File UploadEPSS 0.5%CVE-2025-3593MEDIUMZHENFENG13/code-projects My-Blog-layui authorImg upload unrestricted uploadEPSS 0.5%CVE-2024-52397CRITICALWordPress Convert Docx2post plugin <= 1.4 - Arbitrary File Upload vulnerabilityEPSS 0.5%CVE-2024-52398CRITICALWordPress CDI plugin <= 5.5.3 - Arbitrary File Upload vulnerabilityEPSS 0.5%CVE-2023-23937HIGHMissing file upload type validation in pimcore/pimcoreEPSS 0.5%CVE-2024-10420MEDIUMSourceCodester Attendance and Payroll System update.php upload unrestricted uploadEPSS 0.5%CVE-2026-13553MEDIUMitsourcecode Online Hotel Management System controller.php add unrestricted uploadEPSS 0.5%CVE-2026-40040HIGHPachno 1.0.6 Unrestricted File Upload Remote Code ExecutionEPSS 0.5%CVE-2024-57761HIGHAn arbitrary file upload vulnerability in the parserXML() method of JeeWMS before v2025.01.01 allows attackers to execute arbitrary code viaEPSS 0.5%CVE-2025-54442CRITICALUnrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affEPSS 0.5%CVE-2025-1166MEDIUMSourceCodester Food Menu Manager update.php unrestricted uploadEPSS 0.5%CVE-2024-3444MEDIUMWangshen SecGate 3600 ?g=net_pro_keyword_import_save unrestricted uploadEPSS 0.5%CVE-2026-41269HIGHFlowise: File Upload Validation Bypass in createAttachmentEPSS 0.5%CVE-2025-32140CRITICALWordPress WP Remote Thumbnail Plugin <= 1.3.2 - Arbitrary File Upload vulnerabilityEPSS 0.5%CVE-2026-39292HIGHFalco Solutions PHPPageBuilder v0.31.0 contains an unrestricted file upload vulnerability in the pagemanager/pagebuilder module that allows EPSS 0.5%CVE-2024-3804MEDIUMVesystem Cloud Desktop fileupload2.php unrestricted uploadEPSS 0.5%CVE-2024-6647MEDIUMCroogo Setting Theme unrestricted uploadEPSS 0.5%CVE-2024-52488CRITICALWordPress Grip theme <= 1.0.9 - Arbitrary Plugin Activation/Deactivation to RCE vulnerabilityEPSS 0.5%CVE-2024-3803MEDIUMVesystem Cloud Desktop fileupload.php unrestricted uploadEPSS 0.5%CVE-2026-21628CRITICALExtension - astroidframe.work - Unauthenticated Remote Code Execution in Astroid Framework 2.0.0 - 3.3.10 for JoomlaEPSS 0.5%