Weaknesses of type CWE-434

2,805 results
CVE-2022-50993CRITICALWeaver E-office < 10.0_20221201 Unauthenticated Arbitrary File Read via XmlRpcServletEPSS 0.8%CVE-2024-28423CRITICALAirflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsafe_load function at cli.py. This vulneraEPSS 0.8%CVE-2023-1561MEDIUMcode-projects Simple Online Hotel Reservation System add_room.php unrestricted uploadEPSS 0.8%CVE-2020-37090HIGHSchool ERP Pro 1.0 - Remote Code ExecutionEPSS 0.8%CVE-2024-13908HIGHSMTP by BestWebSoft <= 1.1.9 - Authenticated (Administrator+) Arbitrary File UploadEPSS 0.8%CVE-2025-12674CRITICALKiotViet Sync <= 1.8.5 - Unauthenticated Arbitrary File UploadEPSS 0.8%CVE-2023-38029CRITICALSaho ADM100&ADM-100FP - Arbitrary File UploadEPSS 0.8%CVE-2021-24960WordPress File Upload < 4.16.3 - Contributor+ Stored Cross-Site Scripting via Malicious SVGEPSS 0.8%CVE-2024-25674CRITICALAn issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and EPSS 0.8%CVE-2024-1116HIGHopenBI Upload.php index unrestricted uploadEPSS 0.8%CVE-2023-52044CRITICALStudio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution (RCE) as there is no restriction for uploading files with the .php8 extensiEPSS 0.8%CVE-2024-22895HIGHDedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php.EPSS 0.8%CVE-2024-3705HIGHUnrestricted Upload of File with Dangerous Type vulnerability in OpenGnsysEPSS 0.8%CVE-2025-34506HIGHWBCE CMS 1.6.3 Authenticated Remote Code Execution via Module UploadEPSS 0.8%CVE-2026-35573CRITICALChurchCRM has a Path traversal leads to RCEEPSS 0.8%CVE-2024-1034HIGHopenBI File.php uploadFile unrestricted uploadEPSS 0.8%CVE-2024-8614CRITICALWP JobSearch <= 2.6.7 - Authenticated (Subscriber+) Arbitrary File UploadEPSS 0.8%CVE-2022-2046Directorist - Business Directory Plugin < 7.2.3 - Admin+ Arbitrary File UploadEPSS 0.8%CVE-2023-4409MEDIUMNBS&HappySoftWeChat unrestricted uploadEPSS 0.8%CVE-2023-5829MEDIUMcode-projects Admission Management System student_avatar.php unrestricted uploadEPSS 0.8%