Fallos del tipo CWE-434
2786 resultadosCVE-2024-5247HIGHNETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution VulnerabilityEPSS 26.9%CVE-2023-5147MEDIUMD-Link DAR-7000 updateos.php unrestricted uploadEPSS 26.6%CVE-2025-1128CRITICALEverest Forms <= 3.0.9.4 - Unauthenticated Arbitrary File Upload, Read, and DeletionEPSS 26.0%CVE-2024-32002CRITICALGit's recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code ExecutionEPSS 25.3%CVE-2023-2924MEDIUMSupcon SimField reportupload.aspx unrestricted uploadEPSS 24.3%CVE-2024-27747CRITICALFile Upload vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the EPSS 23.6%CVE-2023-46474HIGHFile Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploEPSS 23.4%CVE-2022-40878HIGHIn Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code ExeEPSS 23.2%CVE-2023-3852MEDIUMOpenRapid RapidCMS upload.php unrestricted uploadEPSS 23.2%CVE-2023-5150MEDIUMD-Link DAR-7000/DAR-8000 web.php unrestricted uploadEPSS 22.8%CVE-2024-29974CRITICAL** UNSUPPORTED WHEN ASSIGNED **
The remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 firmware versioEPSS 22.8%CVE-2022-0863—WP SVG Icons <= 3.2.3 - Admin+ Remote Code Execution (RCE)EPSS 22.4%CVE-2023-31689CRITICALIn Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parEPSS 21.8%CVE-2023-5149MEDIUMD-Link DAR-7000 userattestation.php unrestricted uploadEPSS 21.0%CVE-2023-28725CRITICALGeneral Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute aEPSS 20.6%CVE-2025-9712HIGHInsufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker toEPSS 20.5%CVE-2023-34747CRITICALFile upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-file-upload/upload.EPSS 20.0%CVE-2022-40471CRITICALRemote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture uploaEPSS 19.4%CVE-2024-25869HIGHAn Unrestricted File Upload vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitraEPSS 18.7%CVE-2026-30821HIGHFlowise: Arbitrary File Upload via MIME SpoofingEPSS 18.3%