Fallos del tipo CWE-434
2809 resultadosCVE-2025-10616MEDIUMitsourcecode E-Commerce Website users.php unrestricted uploadEPSS 0.4%CVE-2025-8798MEDIUMoitcode samarium Create Product product unrestricted uploadEPSS 0.4%CVE-2023-45595MEDIUMA CWE-434 “Unrestricted Upload of File with Dangerous Type” vulnerability in the “file_configuration” functionality of the web application aEPSS 0.4%CVE-2024-40551MEDIUMAn arbitrary file upload vulnerability in the component /admin/cmsTemplate/doUpload of PublicCMS v4.0.202302.e allows attackers to execute aEPSS 0.4%CVE-2025-48300CRITICALWordPress Groundhogg plugin <= 4.2.1 - Arbitrary File Upload vulnerabilityEPSS 0.4%CVE-2024-44599HIGHFNT Command 13.4.0 is vulnerable to Directory Traversal.EPSS 0.4%CVE-2025-69565CRITICALcode-projects Mobile Shop Management System 1.0 is vulnerable to File Upload in /ExAddProduct.php.EPSS 0.4%CVE-2026-3749MEDIUMBytedesk SVG File UploadRestService.java handleFileUpload unrestricted uploadEPSS 0.4%CVE-2024-13138MEDIUMwangl1989 mysiteforme LocalUploadServiceImpl upload unrestricted uploadEPSS 0.4%CVE-2025-10116MEDIUMSiempreCMS file_upload.php unrestricted uploadEPSS 0.4%CVE-2025-14583MEDIUMcampcodes Online Student Enrollment System register.php unrestricted uploadEPSS 0.4%CVE-2025-34330MEDIUMAudioCodes Fax/IVR Appliance <= 2.6.23 Unauthenticated Prompt File Upload via ajaxPromptUploadFile.phpEPSS 0.4%CVE-2025-15495MEDIUMBiggiDroid Simple PHP CMS editsite.php unrestricted uploadEPSS 0.4%CVE-2026-33704HIGHChamilo LMS Affected by Authenticated Arbitrary File Write via BigUpload endpointEPSS 0.4%CVE-2025-15426MEDIUMjackying H-ui.admin preview.php unrestricted uploadEPSS 0.4%CVE-2024-13022MEDIUMtaisan tarzan-cms Article Management UploadController.java UploadResponse unrestricted uploadEPSS 0.4%CVE-2026-13165HIGHRemote Code Execution in SzafirHostEPSS 0.4%CVE-2026-2133MEDIUMcode-projects Online Music Site AdminUpdateCategory.php unrestricted uploadEPSS 0.4%CVE-2025-57176MEDIUMOn Ceragon Networks / Siklu Communication EtherHaul and MultiHaul Series microwave antennas before 2026-03-10, the rfpiped service on TCP poEPSS 0.4%CVE-2025-32510CRITICALWordPress Ovatheme Events Manager plugin <= 1.8.4 - Arbitrary File Upload vulnerabilityEPSS 0.4%