Fallos del tipo CWE-434
2818 resultadosCVE-2025-1725MEDIUMBit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File UploadsEPSS 0.2%CVE-2024-9648MEDIUMWP ULike Pro <= 1.9.3 - Unauthenticated Limited Arbitrary File UploadEPSS 0.2%CVE-2026-0496MEDIUMMultiple vulnerabilities in SAP Fiori App (Intercompany Balance Reconciliation)EPSS 0.2%CVE-2025-52546MEDIUMStored XSS by uploading a specially crafted floor plan fileEPSS 0.2%CVE-2018-25258HIGHRGui 3.5.0 Local Buffer Overflow SEH DEP BypassEPSS 0.2%CVE-2025-32215MEDIUMWordPress Accessibility Suite plugin <= 4.18 - Arbitrary File Upload vulnerabilityEPSS 0.2%CVE-2025-40808MEDIUMA vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CEPSS 0.2%CVE-2022-0517HIGHMozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage thEPSS 0.2%CVE-2025-36183LOWPrivileged User File Upload Vulnerability Leading to Limited Server-Side Execution affects watsonx.dataEPSS 0.2%CVE-2024-34692LOW[CVE-2024-34692] Unrestricted File upload vulnerability in SAP Enable NowEPSS 0.2%CVE-2026-45315HIGHOpen WebUI: Stored XSS via attacker-controlled file extension in /api/v1/audio/transcriptionsEPSS 0.2%CVE-2022-2791MEDIUMEmerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestricted Upload of File with Dangerous Type, EPSS 0.2%CVE-2025-24862LOWUnrestricted upload of file with dangerous type for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User ApplicEPSS 0.2%CVE-2025-55251LOWHCL AION is affected by an Unrestricted File Upload vulnerabilityEPSS 0.2%CVE-2026-46426HIGHBudibase: Unrestricted Upload of File with Dangerous TypeEPSS 0.2%CVE-2026-42538MEDIUMIRIS has an Insecure File UploadEPSS 0.2%CVE-2026-27146HIGHGetSimple CMS: Cross-Site Request Forgery (CSRF) in File Upload Allows Arbitrary UploadsEPSS 0.2%CVE-2025-51736MEDIUMFile upload vulnerability in HCL Technologies Ltd. Unica 12.0.0.EPSS 0.2%CVE-2024-28520MEDIUMFile Upload vulnerability in Byzoro Networks Smart multi-service security gateway intelligent management platform version S210, allows an atEPSS 0.2%CVE-2026-48946MEDIUMJoomla Extension - getk2.org - Privileged RCE vulnerability in K2 extension for Joomla < 2.26EPSS 0.2%