Weaknesses of type CWE-434
2,821 resultsCVE-2025-32510CRITICALWordPress Ovatheme Events Manager plugin <= 1.8.4 - Arbitrary File Upload vulnerabilityEPSS 0.4%CVE-2025-57176MEDIUMOn Ceragon Networks / Siklu Communication EtherHaul and MultiHaul Series microwave antennas before 2026-03-10, the rfpiped service on TCP poEPSS 0.4%CVE-2025-4259MEDIUMnewbee-mall UploadController.java upload unrestricted uploadEPSS 0.4%CVE-2024-40695HIGHIBM Cognos Analytics file uploadEPSS 0.4%CVE-2024-56508HIGHFile Upload Vulnerability Leading to XSS in LinkAce v1.15.5EPSS 0.4%CVE-2025-3807MEDIUMzhenfeng13 My-BBS Endpoint UploadController.java upload unrestricted uploadEPSS 0.4%CVE-2025-46490CRITICALWordPress Crossword Compiler Puzzles plugin <= 5.2 - Arbitrary File Upload VulnerabilityEPSS 0.4%CVE-2025-5171MEDIUMllisoft MTA Maita Training System OpenController.java this.fileService.download unrestricted uploadEPSS 0.4%CVE-2025-3969MEDIUMcodeprojects News Publishing Site Dashboard Edit Category Page edit-category.php unrestricted uploadEPSS 0.4%CVE-2025-49060CRITICALWordPress Wastia theme < 1.1.3 - Arbitrary File Upload vulnerabilityEPSS 0.4%CVE-2025-11660MEDIUMProjectsAndPrograms School Management System uploadSllyabus.php unrestricted uploadEPSS 0.4%CVE-2025-2952MEDIUMBluestar Micro Mall api.php unrestricted uploadEPSS 0.4%CVE-2025-60235CRITICALWordPress Support Ticket System for WooCommerce plugin <= 2.0.7 - Arbitrary File Upload vulnerabilityEPSS 0.4%CVE-2025-60207CRITICALWordPress Custom User Registration Fields for WooCommerce plugin <= 2.1.2 - Arbitrary File Upload VulnerabilityEPSS 0.4%CVE-2025-11658MEDIUMProjectsAndPrograms School Management System changeSllyabus.php unrestricted uploadEPSS 0.4%CVE-2025-53283CRITICALWordPress Drop Uploader for CF7 - Drag&Drop File Uploader Addon Plugin <= 2.4.1 - Arbitrary File Upload VulnerabilityEPSS 0.4%CVE-2024-2125HIGHEnvíaloSimple: Email Marketing y Newsletters <= 2.3 - Cross-Site Request Forgery to Arbitrary File UploadEPSS 0.4%CVE-2025-58996CRITICALWordPress Advanced Settings Plugin <= 3.1.1 - Arbitrary File Upload VulnerabilityEPSS 0.4%CVE-2025-26927CRITICALWordPress AI Hub plugin <= 1.3.7 - Arbitrary File Upload vulnerabilityEPSS 0.4%CVE-2024-51208HIGHFile Upload vulnerability in change-image.php in Anuj Kumar's Boat Booking System version 1.0 allows local attackers to upload a malicious PEPSS 0.4%