Weaknesses of type CWE-434
2,826 resultsCVE-2026-9157HIGHRemote Code Execution in Gmission Web FAXEPSS 0.1%CVE-2026-56291CRITICALJoomla Extension - balbooa.com - Unauthenticated file upload in Balbooa Forms extension < 2.4.1EPSS —CVE-2026-55778LOWParse Server: Stored XSS via non-standard file extension bypassing file upload extension blocklistEPSS —CVE-2026-58654MEDIUMGrav - Arbitrary File Upload via Avatar EndpointEPSS —CVE-2026-15158CRITICALBlocksy Companion <= 2.1.46 - Unauthenticated Arbitrary File Upload via 'blc-review-images[]' ParameterEPSS —CVE-2026-58480CRITICALBlocksy Companion Pro < 2.1.47 Unauthenticated File Upload via save_attachmentsEPSS —