Weaknesses of type CWE-434
2,824 resultsCVE-2026-7044MEDIUMGreenCMS index.php themeadd unrestricted uploadEPSS 0.2%CVE-2026-10205MEDIUMMetasoft 美特软件 MetaCRM upload.jsp unrestricted uploadEPSS 0.2%CVE-2026-1969MEDIUMThemeREX Addons < 2.38.5 - Unauthenticated Arbitrary File UploadEPSS 0.2%CVE-2026-32278HIGHConnect CMS has Stored Cross-site Scripting (XSS) in the File Field of its Form PluginEPSS 0.2%CVE-2025-2819MEDIUMUnrestricted FileuploadEPSS 0.2%CVE-2026-48945MEDIUMJoomla Extension - getk2.org - Privileged RCE vulnerability in K2 extension for Joomla < 2.26EPSS 0.2%CVE-2026-22707MEDIUMStrapi Upload Plugin MIME Validation Bypass via Content APIEPSS 0.2%CVE-2026-9374MEDIUMyangzongzhuan RuoYi-Vue Common Upload Endpoint upload FileUploadUtils.upload unrestricted uploadEPSS 0.2%CVE-2025-31979MEDIUMA File Upload Validation Bypass vulnerability has been identified in the HCL BigFix Service Management (SM)EPSS 0.2%CVE-2025-1725MEDIUMBit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File UploadsEPSS 0.2%CVE-2024-9648MEDIUMWP ULike Pro <= 1.9.3 - Unauthenticated Limited Arbitrary File UploadEPSS 0.2%CVE-2026-0496MEDIUMMultiple vulnerabilities in SAP Fiori App (Intercompany Balance Reconciliation)EPSS 0.2%CVE-2025-52546MEDIUMStored XSS by uploading a specially crafted floor plan fileEPSS 0.2%CVE-2018-25258HIGHRGui 3.5.0 Local Buffer Overflow SEH DEP BypassEPSS 0.2%CVE-2025-32215MEDIUMWordPress Accessibility Suite plugin <= 4.18 - Arbitrary File Upload vulnerabilityEPSS 0.2%CVE-2025-40808MEDIUMA vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CEPSS 0.2%CVE-2022-0517HIGHMozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage thEPSS 0.2%CVE-2025-36183LOWPrivileged User File Upload Vulnerability Leading to Limited Server-Side Execution affects watsonx.dataEPSS 0.2%CVE-2022-2791MEDIUMEmerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestricted Upload of File with Dangerous Type, EPSS 0.2%CVE-2024-34692LOW[CVE-2024-34692] Unrestricted File upload vulnerability in SAP Enable NowEPSS 0.2%