Weaknesses of type CWE-434
2,823 resultsCVE-2026-56290CRITICALJoomla Extension - joomlack.fr - Unauthenticated file upload in Page Builder CK extension < 3.6.0EPSS 0.4%CVE-2023-25365HIGHCross Site Scripting vulnerability found in October CMS v.3.2.0 allows local attacker to execute arbitrary code via the file type .mp3EPSS 0.4%CVE-2026-3797MEDIUMTiandy Video Surveillance System 视频监控平台 CLS_REST_File.java uploadFile unrestricted uploadEPSS 0.4%CVE-2025-23213HIGHTandoor Recipes - Stored XSS through Unrestricted File UploadEPSS 0.4%CVE-2025-49387CRITICALWordPress Drag and Drop File Upload for Elementor Forms Plugin <= 1.5.3 - Arbitrary File Upload VulnerabilityEPSS 0.4%CVE-2025-11103MEDIUMProjectworlds Online Tours and Travels change-image.php unrestricted uploadEPSS 0.4%CVE-2025-47658CRITICALWordPress ELEX HelpDesk & Customer Ticketing System plugin <= 3.2.9 - Arbitrary File Upload vulnerabilityEPSS 0.4%CVE-2025-12331MEDIUMWillow CMS add unrestricted uploadEPSS 0.4%CVE-2025-63695CRITICALDzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php/controller.php.EPSS 0.4%CVE-2024-13133MEDIUMZeroWdd studentmanager StudentController. java editStudent unrestricted uploadEPSS 0.3%CVE-2025-8174MEDIUMcode-projects Voting System candidates_add.php unrestricted uploadEPSS 0.3%CVE-2025-67910CRITICALWordPress Contentstudio plugin <= 1.3.7 - Arbitrary File Upload vulnerabilityEPSS 0.3%CVE-2026-4191MEDIUMJawherKl node-api-postgres Profile Picture index.js path.extname unrestricted uploadEPSS 0.3%CVE-2024-46482HIGHAn arbitrary file upload vulnerability in the Ticket Generation function of Ladybird Web Solution Faveo-Helpdesk v2.0.3 allows attackers to EPSS 0.3%CVE-2025-11436MEDIUMJhumanJ OpnForm answer unrestricted uploadEPSS 0.3%CVE-2025-49885CRITICALWordPress Drag and Drop Multiple File Upload (Pro) - WooCommerce plugin <= 5.0.6 - Arbitrary File Upload VulnerabilityEPSS 0.3%CVE-2025-39402CRITICALWordPress WPAMS plugin <= 44.0 (17-08-2023) - Arbitrary File Upload vulnerabilityEPSS 0.3%CVE-2026-40772CRITICALWordPress GeekyBot plugin <= 1.2.2 - Arbitrary File Upload vulnerabilityEPSS 0.3%CVE-2025-46264CRITICALWordPress PowerPress Podcasting <= 11.12.5 - Arbitrary File Upload VulnerabilityEPSS 0.3%CVE-2026-21625MEDIUMExtension - stackideas.com - Lack of mime type validation in EasyDiscuss component 1.0.0-5.0.15 for JoomlaEPSS 0.3%