Fallos del tipo CWE-434
2813 resultadosCVE-2023-43619—An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/autEPSS 0.3%CVE-2025-65844HIGHEverShop 2.0.1 allows a remote unauthenticated attacker to upload arbitrary files and create directories via the /api/images endpoint. The eEPSS 0.3%CVE-2025-14800HIGHRedirection for Contact Form 7 <= 3.2.7 - Unauthenticated Arbitrary File Copy via move_file_to_uploadEPSS 0.3%CVE-2025-49414CRITICALWordPress FW Gallery plugin <= 8.0.0 - Arbitrary File Upload VulnerabilityEPSS 0.3%CVE-2024-9417MEDIUMHash Form - Drag & Drop Form Builder <= 1.1.9 - Unauthenticated Limited File UploadEPSS 0.3%CVE-2026-1065HIGHForm Maker by 10Web <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via SVG fileEPSS 0.3%CVE-2025-49447CRITICALWordPress FW Food Menu <= 6.0.0 - Arbitrary File Upload VulnerabilityEPSS 0.3%CVE-2024-40553MEDIUMTmall_demo v2024.07.03 was discovered to contain an arbitrary file upload via the component uploadUserHeadImage.EPSS 0.3%CVE-2025-30933CRITICALWordPress LogisticsHub theme <= 1.1.6 - Arbitrary File Upload VulnerabilityEPSS 0.3%CVE-2025-49444CRITICALWordPress Reformer for Elementor plugin <= 1.0.5 - Arbitrary File Upload VulnerabilityEPSS 0.3%CVE-2025-14582MEDIUMcampcodes Online Student Enrollment System index.php unrestricted uploadEPSS 0.3%CVE-2025-14642MEDIUMcode-projects Computer Laboratory System technical_staff_pic.php unrestricted uploadEPSS 0.3%CVE-2025-14641MEDIUMcode-projects Computer Laboratory System admin_pic.php unrestricted uploadEPSS 0.3%CVE-2025-8965MEDIUMlinlinjava litemall Endpoint AdminStorageController.java create unrestricted uploadEPSS 0.3%CVE-2026-44566HIGHOpen WebUI: Arbitrary File Upload and Path TraversalEPSS 0.3%CVE-2026-42844HIGHGrav: Low-privileged API users can create super-admin accounts via blueprint-uploadEPSS 0.3%CVE-2026-24729CRITICALInterinfo DreamMaker - Unrestricted Upload of File with Dangerous TypeEPSS 0.3%CVE-2024-44598HIGHFNT Command 13.4.0 is vulnerable to Code Execution via the C Base Module.EPSS 0.3%CVE-2026-11839CRITICALArbitrary File Upload in Basarsoft's RotabanEPSS 0.3%CVE-2025-31100CRITICALWordPress School Management Plugin <= 1.93.1 (02-07-2025) - Arbitrary File Upload VulnerabilityEPSS 0.3%