Weaknesses of type CWE-434
2,824 resultsCVE-2025-54962MEDIUM/edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows authenticated users to upload arbitrary files (such as .html or .svg), aEPSS 0.2%CVE-2025-13198MEDIUMDouPHP file.class.php unrestricted uploadEPSS 0.2%CVE-2022-45415HIGHWhen downloading an HTML file, if the title of the page was formatted as a filename with a malicious extension, Firefox may have saved the fEPSS 0.2%CVE-2026-7578MEDIUMMacCMS Pro Plugin Installation add.html install unrestricted uploadEPSS 0.2%CVE-2025-2350MEDIUMIROAD Dash Cam FX2 upload_file unrestricted uploadEPSS 0.2%CVE-2026-29104LOWSuiteCRM Vulnerable to Authenticated Arbitrary File Upload via Configurator addfontresult View in SuiteCRMEPSS 0.2%CVE-2025-0057MEDIUMCross-Site Scripting vulnerability in SAP NetWeaver AS JAVA (User Admin Application)EPSS 0.2%CVE-2025-61181MEDIUMdaicuocms V1.3.13 contains an arbitrary file upload vulnerability in the image upload feature.EPSS 0.2%CVE-2026-42879MEDIUMFacturaScripts: Authenticated Remote Code Execution (RCE) via GIF Image Upload in Product ImagesEPSS 0.2%CVE-2025-49329MEDIUMWordPress Store Locator WordPress plugin <= 1.5.2 - Arbitrary File Upload VulnerabilityEPSS 0.2%CVE-2026-22789MEDIUMWebErpMesv2 has a File Upload Validation Bypass Leading to RCEEPSS 0.2%CVE-2026-7238MEDIUMcode-projects Online Music Site AdminUpdateAlbum.php unrestricted uploadEPSS 0.2%CVE-2026-23499HIGHSaleor vulnerable to stored XSS via Unrestricted File UploadEPSS 0.2%CVE-2025-61681MEDIUMKuno is Vulnerable to Stored XSS Attack via SVG File UploadEPSS 0.2%CVE-2026-33273MEDIUMUnrestricted upload of file with dangerous type issue exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is exploited, an arbEPSS 0.2%CVE-2026-53909MEDIUMArbitrary File Upload in MCOEPSS 0.2%CVE-2021-35485HIGHThe Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload sEPSS 0.2%CVE-2026-40487HIGHPostiz Has Unrestricted File Upload via MIME Type Spoofing that Leads to Stored XSSEPSS 0.2%CVE-2023-39538HIGHFailure when uploading a Logo image fileEPSS 0.2%CVE-2026-7696MEDIUMAcrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform uploadH5Files unrestricted uploadEPSS 0.2%