Fallos del tipo CWE-434

2805 resultados
CVE-2025-67164CRITICALAn authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arEPSS 0.4%CVE-2025-3585MEDIUMwestboy CicadasCMS JSP Parser upload unrestricted uploadEPSS 0.4%CVE-2025-47559CRITICALWordPress MapSVG plugin < 8.7.4 - Arbitrary File Upload vulnerabilityEPSS 0.4%CVE-2026-5411HIGHWP Captcha PRO <= 5.38 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File UploadEPSS 0.4%CVE-2024-1531HIGHA vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor couEPSS 0.4%CVE-2024-31610MEDIUMFile Upload vulnerability in the function for employees to upload avatars in Code-Projects Simple School Management System v1.0 allows attacEPSS 0.4%CVE-2025-60218CRITICALWordPress PT Luxa Addons Plugin <= 1.2.2 - Arbitrary File Upload VulnerabilityEPSS 0.4%CVE-2025-68553CRITICALWordPress Lendiz theme < 2.0.1 - Arbitrary File Upload vulnerabilityEPSS 0.4%CVE-2025-49071CRITICALWordPress Flozen < 1.5.1 - Arbitrary File Upload VulnerabilityEPSS 0.4%CVE-2025-5131MEDIUMTmall Demo uploadCategoryImage unrestricted uploadEPSS 0.4%CVE-2025-32682CRITICALWordPress MapSVG Lite plugin <= 8.6.4 - Arbitrary File Upload VulnerabilityEPSS 0.4%CVE-2024-39865HIGHA vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to uploEPSS 0.4%CVE-2025-55743HIGHUnoPim vulnerable to remote code execution through Arbitrary File uploadEPSS 0.4%CVE-2025-57148CRITICALphpgurukul Online Shopping Portal 2.0 is vulnerable to Arbitrary File Upload in /admin/insert-product.php, due to the lack of extension valiEPSS 0.4%CVE-2025-6206HIGHAiomatic - AI Content Writer, Editor, ChatBot & AI Toolkit <= 2.5.0 - Authenticated (Subscriber+) Arbitrary File UploadEPSS 0.4%CVE-2025-12966HIGHAll-in-One Video Gallery 4.5.4 - 4.5.7 – Authenticated (Author+) Arbitrary File Upload via Import ZIPEPSS 0.4%CVE-2024-40513MEDIUMAn issue in themesebrand Chatvia v.5.3.2 allows a remote attacker to execute arbitrary code via the User profile Upload image function.EPSS 0.4%CVE-2026-9009HIGHCrawlomatic Multipage Scraper Post Generator <= 2.7.2 - Authenticated (Author+) Remote Code Execution via 'callback_raw' Shortcode AttributeEPSS 0.4%CVE-2025-58963CRITICALWordPress Medcity theme < 1.1.9 - Arbitrary File Upload vulnerabilityEPSS 0.4%CVE-2026-44088HIGHRemote Code Execution in SzafirHostEPSS 0.4%