Fallos del tipo CWE-434
2814 resultadosCVE-2024-23762HIGHUnrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload ofEPSS 0.3%CVE-2025-10856HIGHArbitrary File Upload in Solvera Software's TeknoeraEPSS 0.3%CVE-2025-46384HIGHCWE-434 Unrestricted Upload of File with Dangerous TypeEPSS 0.3%CVE-2025-58819CRITICALWordPress Bulk Featured Image plugin <= 1.2.4 - Arbitrary File Upload vulnerabilityEPSS 0.3%CVE-2024-3344MEDIUMOtter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.8 - Authenticated (Author+) Limited File Upload to Stored Cross-Site ScriptingEPSS 0.3%CVE-2023-30962MEDIUMStored XSS in cerberus attachmentsEPSS 0.3%CVE-2025-51489MEDIUMA Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine version < 3.12.5, allowing remote attackers to upload a malicious SVG EPSS 0.3%CVE-2026-32523CRITICALWordPress WPJAM Basic plugin <= 6.9.2 - Arbitrary File Upload vulnerabilityEPSS 0.3%CVE-2026-32482CRITICALWordPress Ona theme < 1.24 - Arbitrary File Upload vulnerabilityEPSS 0.3%CVE-2026-27041CRITICALWordPress Unlimited Elements for Elementor (Premium) plugin <= 2.0.6 - Arbitrary File Upload vulnerabilityEPSS 0.3%CVE-2025-6466MEDIUMageerle ruoyi-ai SseServiceImpl.java upload unrestricted uploadEPSS 0.3%CVE-2025-2606MEDIUMSourceCodester Best Church Management Software soulwinning_crud.php unrestricted uploadEPSS 0.3%CVE-2025-13185MEDIUMBdtask/CodeCanyon News365 profile unrestricted uploadEPSS 0.3%CVE-2024-12042MEDIUMMStore API – Create Native Android & iOS Apps On The Cloud <= 4.16.4 - Authenticated (Subscriber+) HTML File Upload (Stored Cross-Site Scripting)EPSS 0.3%CVE-2024-50625HIGHAn issue was discovered in Digi ConnectPort LTS before 1.4.12. A vulnerability in the file upload handling of a web application allows manipEPSS 0.3%CVE-2025-9415MEDIUMGreenCMS index.php unrestricted uploadEPSS 0.3%CVE-2024-7987HIGHRockwell Automation ThinManager® ThinServer™ Information Disclosure and Remote Code Execution VulnerabilitiesEPSS 0.3%CVE-2026-24815CRITICALA XStream Security Vulnerability in XML Deserialization in datavane/tisEPSS 0.3%CVE-2025-64374CRITICALWordPress Motors theme <= 5.6.81 - Arbitrary File Upload vulnerabilityEPSS 0.3%CVE-2024-8918HIGHFile Manager Pro <= 8.3.9 - Unauthenticated Limited JavaScript File UploadEPSS 0.3%