Weaknesses of type CWE-434
2,802 resultsCVE-2025-28915CRITICALWordPress ThemeEgg ToolKit plugin <= 1.2.9 - Arbitrary File Upload vulnerabilityEPSS 1.2%CVE-2019-1010123—MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. The impact is: Creating file with cuEPSS 1.2%CVE-2023-40050CRITICALAutomate Vulnerable to Malicious Content Uploaded Through Embedded Compliance ApplicationEPSS 1.2%CVE-2021-32961HIGHMDT AutoSave Unrestricted Upload of File with Dangerous TypeEPSS 1.2%CVE-2024-40318HIGHAn arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file.EPSS 1.2%CVE-2024-2930HIGHSourceCodester Music Gallery Site unrestricted uploadEPSS 1.2%CVE-2020-26629CRITICALA JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated EPSS 1.2%CVE-2022-46135HIGHIn AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload websheEPSS 1.2%CVE-2022-47893CRITICALNetMan 204 Remote Code ExecutionEPSS 1.2%CVE-2024-38529CRITICALAdmidio Vulnerable to RCE via Arbitrary File Upload in Message AttachmentEPSS 1.2%CVE-2024-13723HIGHCheckmk NagVis Remote Code ExecutionEPSS 1.2%CVE-2020-21474CRITICALFile Upload vulnerability in NucleusCMS v.3.71 allows a remote attacker to execute arbitrary code via the /nucleus/plugins/skinfiles/?dir=rsEPSS 1.2%CVE-2022-42038CRITICALThe d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. TheEPSS 1.2%CVE-2022-42043CRITICALThe d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoorEPSS 1.2%CVE-2022-41385CRITICALThe d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdooEPSS 1.2%CVE-2022-42044CRITICALThe d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdooEPSS 1.2%CVE-2022-41382CRITICALThe d8s-json package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdooEPSS 1.2%CVE-2023-3375HIGHUnrestricted File Upload in BookreenEPSS 1.2%CVE-2022-41384CRITICALThe d8s-domains package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backEPSS 1.2%CVE-2022-2111CRITICALUnrestricted Upload of File with Dangerous Type in inventree/inventreeEPSS 1.2%