Weaknesses of type CWE-434
2,824 resultsCVE-2026-11621MEDIUMDcat-Admin User Setting upload editorMDUpload unrestricted uploadEPSS 0.2%CVE-2026-36722MEDIUMAn authenticated arbitrary file upload vulnerability in the /api/create-car-image component of bookcars v8.3 allows attackers to execute arbEPSS 0.2%CVE-2018-25168MEDIUMPrecurio Intranet Portal 2.0 Cross-Site Request Forgery Add AdminEPSS 0.2%CVE-2026-32989HIGHPrecurio Intranet Portal 4.4: Cross-Site Request Forgery leading to arbitrary file uploadEPSS 0.2%CVE-2025-62802MEDIUMDNN CKEditor Provider allows unauthenticated upload out-of-the-boxEPSS 0.2%CVE-2026-14776MEDIUMSourceCodester Onlne Examination & Learning Management System Filename Extension upload_files.php pathinfo unrestricted uploadEPSS 0.2%CVE-2026-14775MEDIUMSourceCodester Onlne Examination & Learning Management System process_lesson.php unrestricted uploadEPSS 0.2%CVE-2026-11333MEDIUMtittuvarghese CollegeManagementSystem Student Data Upload Endpoint upload_student_data.php unrestricted uploadEPSS 0.2%CVE-2025-13249MEDIUMJiusi OA OfficeServer unrestricted uploadEPSS 0.2%CVE-2026-14777MEDIUMSourceCodester Onlne Examination & Learning Management System announcements.php unrestricted uploadEPSS 0.2%CVE-2023-26098HIGHAn issue was discovered in the Open Document feature in Telindus Apsal 3.14.2022.235 b. An attacker may upload a crafted file to execute arbEPSS 0.2%CVE-2026-28800MEDIUMNatro Macro: Malicious actions allowed through Discord RC Commands by any userEPSS 0.2%CVE-2024-41340HIGHAn issue in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862EPSS 0.2%CVE-2026-28133HIGHWordPress Filr plugin <= 1.2.14 - Arbitrary File Upload vulnerabilityEPSS 0.2%CVE-2026-27605MEDIUMChartbrew: Stored Cross-Site Scripting (XSS) via File Upload APIEPSS 0.2%CVE-2025-54757MEDIUMMultiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malicious file uploaded byEPSS 0.2%CVE-2025-12048HIGHAn arbitrary file upload vulnerability was reported in the Lenovo Scanner Pro client during an internal security assessment that could allowEPSS 0.2%CVE-2026-6211HIGHArbitrary File Upload in Global IT's WEOLLEPSS 0.2%CVE-2026-10807MEDIUMmjperpinosa stumasy change_profile_image.php unrestricted uploadEPSS 0.2%CVE-2026-14698MEDIUMSourceCodester Syllabus-Aligned Learning Management and Examination System upload_files.php unrestricted uploadEPSS 0.2%