Weaknesses of type CWE-434

2,805 results
CVE-2026-26746HIGHOpenSourcePOS 3.4.1 contains a Local File Inclusion (LFI) vulnerability in the Sales.php::getInvoice() function. An attacker can read arbitrEPSS 0.6%CVE-2023-50717MEDIUMNocoDB Allows Preview of File with Dangerous ContentEPSS 0.6%CVE-2025-9113CRITICALDoccure Core <= 1.5.3 - Unauthenticated Arbitrary File UploadEPSS 0.6%CVE-2025-12528HIGHPie Forms for WP <= 1.6 - Unauthenticated Arbitrary File UploadEPSS 0.6%CVE-2024-22550MEDIUMAn arbitrary file upload vulnerability in the component /alsdemo/ss/mediam.cgi of ShopSite v14.0 allows attackers to execute arbitrary code EPSS 0.6%CVE-2023-41812MEDIUMUploading executables via the file managerEPSS 0.6%CVE-2023-6794MEDIUMPAN-OS: File Upload Vulnerability in the Web InterfaceEPSS 0.6%CVE-2024-58283HIGHWBCE CMS 1.6.2 Remote Code Execution via Elfinder File UploadEPSS 0.6%CVE-2023-20196MEDIUMTwo vulnerabilities in Cisco ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit tEPSS 0.6%CVE-2025-4561HIGHKinfor KFOX - Arbitrary File UploadEPSS 0.6%CVE-2023-20195MEDIUMTwo vulnerabilities in Cisco ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit tEPSS 0.6%CVE-2022-29451HIGHWordPress Rara One Click Demo Import plugin <= 1.2.9 - Cross-Site Request Forgery (CSRF) leads to Arbitrary File Upload vulnerabilityEPSS 0.6%CVE-2024-1532MEDIUMA vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor couEPSS 0.6%CVE-2026-1222HIGHBROWAN COMMUNICATIONS |PrismX MX100 AP controller - Arbitrary File UploadEPSS 0.6%CVE-2024-2268MEDIUMkeerti1924 Online-Book-Store-Website unrestricted uploadEPSS 0.6%CVE-2025-22137CRITICALArbitrary File Overwrite via HTTP POST in Pingvin ShareEPSS 0.6%CVE-2024-2394MEDIUMSourceCodester Employee Management System add-admin.php unrestricted uploadEPSS 0.6%CVE-2025-48106CRITICALWordPress Clanora theme < 1.3.1 - Arbitrary File Upload vulnerabilityEPSS 0.6%CVE-2025-68001CRITICALWordPress g-FFL Checkout plugin <= 2.1.0 - Arbitrary File Upload vulnerabilityEPSS 0.6%CVE-2025-29411CRITICALAn arbitrary file upload vulnerability in the Client Profile Update section of Mart Developers iBanking v2.0.0 allows attackers to execute aEPSS 0.6%