Fallos del tipo CWE-434

2818 resultados
CVE-2025-9795MEDIUMxujeff tianti 天梯 UploadController.java ajaxUploadFile unrestricted uploadEPSS 0.2%CVE-2025-60187MEDIUMWordPress Atarim plugin <= 4.2.1 - Arbitrary File Upload vulnerabilityEPSS 0.2%CVE-2026-5181MEDIUMSourceCodester Simple Doctors Appointment System ajax.php unrestricted uploadEPSS 0.2%CVE-2024-9544MEDIUMMapSVG - All Kinds of Maps and Store Locator for WordPress <= 8.6.4 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.2%CVE-2026-23704MEDIUMA non-administrative user can upload malicious files. When an administrator or the product accesses that file, an arbitrary script may be exEPSS 0.2%CVE-2023-53876MEDIUMAcademy LMS 6.1 Arbitrary File Upload Vulnerability via Profile SettingsEPSS 0.2%CVE-2025-15152MEDIUMh-moses moga-mall PmsProductController.java addProduct unrestricted uploadEPSS 0.2%CVE-2026-7043MEDIUMGreenCMS index.php pluginAddLocal unrestricted uploadEPSS 0.2%CVE-2026-7044MEDIUMGreenCMS index.php themeadd unrestricted uploadEPSS 0.2%CVE-2026-5472MEDIUMProjectsAndPrograms School Management System Profile Picture settings.php unrestricted uploadEPSS 0.2%CVE-2026-7107MEDIUMcode-projects Invoice System in Laravel company unrestricted uploadEPSS 0.2%CVE-2026-10205MEDIUMMetasoft 美特软件 MetaCRM upload.jsp unrestricted uploadEPSS 0.2%CVE-2026-4505MEDIUMeosphoros-ai DB-GPT FastAPI Endpoint controller.py module_plugin.refresh_plugins unrestricted uploadEPSS 0.2%CVE-2026-1969MEDIUMThemeREX Addons < 2.38.5 - Unauthenticated Arbitrary File UploadEPSS 0.2%CVE-2025-2819MEDIUMUnrestricted FileuploadEPSS 0.2%CVE-2026-32278HIGHConnect CMS has Stored Cross-site Scripting (XSS) in the File Field of its Form PluginEPSS 0.2%CVE-2026-48945MEDIUMJoomla Extension - getk2.org - Privileged RCE vulnerability in K2 extension for Joomla < 2.26EPSS 0.2%CVE-2026-9374MEDIUMyangzongzhuan RuoYi-Vue Common Upload Endpoint upload FileUploadUtils.upload unrestricted uploadEPSS 0.2%CVE-2026-22707MEDIUMStrapi Upload Plugin MIME Validation Bypass via Content APIEPSS 0.2%CVE-2025-31979MEDIUMA File Upload Validation Bypass vulnerability has been identified in the HCL BigFix Service Management (SM)EPSS 0.2%