Weaknesses of type CWE-434
2,786 resultsCVE-2022-46610HIGH72crm v9 was discovered to contain an arbitrary file upload vulnerability via the avatar upload function. This vulnerability allows attackerEPSS 18.1%CVE-2024-22567HIGHFile Upload vulnerability in MCMS 5.3.5 allows attackers to upload arbitrary files via crafted POST request to /ms/file/upload.do.EPSS 17.8%CVE-2025-2005CRITICALFront-End-Only-Users <= 3.2.32 - Unauthenticated Arbitrary File UploadEPSS 17.7%CVE-2024-31214CRITICALTraccar's unrestricted file upload vulnerability in device image upload could lead to remote code executionEPSS 17.6%CVE-2024-13171HIGHInsufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allowsEPSS 17.6%CVE-2022-1952—eaSYNC < 1.1.16 - Unauthenticated Arbitrary File UploadEPSS 17.6%CVE-2025-1025HIGHVersions of the package cockpit-hq/cockpit before 2.4.1 are vulnerable to Arbitrary File Upload where an attacker can use different extensioEPSS 17.6%CVE-2024-22263HIGHArbitrary File Write Vulnerability in Spring Cloud Data FlowEPSS 17.5%CVE-2025-24801HIGHGLPI allows authenticated remote code executionEPSS 17.5%CVE-2024-5008HIGHWhatsUp Gold APM Unrestricted File Upload Remote Code Execution VulnerabilityEPSS 17.3%CVE-2021-20022HIGHSonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to EPSS 16.5%KEVCVE-2022-38916CRITICALA file upload vulnerability exists in the storage feature of pagekit 1.0.18, which allows an attacker to upload malicious filesEPSS 16.3%CVE-2024-44871HIGHAn arbitrary file upload vulnerability in the component /admin/index.php of moziloCMS v3.0 allows attackers to execute arbitrary code via upEPSS 16.2%CVE-2021-39141HIGHXStream is vulnerable to an Arbitrary Code Execution attackEPSS 16.2%CVE-2021-21350MEDIUMXStream is vulnerable to an Arbitrary Code Execution attackEPSS 15.6%CVE-2024-24399HIGHAn arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code EPSS 15.6%CVE-2022-45275HIGHAn arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=save_settings of Dynamic Transaction Queuing System v1.0 allows attEPSS 15.3%CVE-2018-17936—NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or overwrite configuration files toEPSS 15.3%CVE-2023-41998CRITICALArcserve UDP Unauthenticated RCEEPSS 15.3%CVE-2023-5154MEDIUMD-Link DAR-8000 changelogo.php unrestricted uploadEPSS 15.1%