Fallos del tipo CWE-434
2804 resultadosCVE-2024-52372CRITICALWordPress Easy CSV Importer plugin <= 7.0.0 - Arbitrary File Upload vulnerabilityEPSS 0.5%CVE-2024-50484CRITICALWordPress Multi Purpose Mail Form plugin <= 1.0.2 - Arbitrary File Upload vulnerabilityEPSS 0.5%CVE-2024-49291CRITICALWordPress Cooked Pro plugin < 1.8.0 - Unauthenticated Arbitrary File Upload vulnerabilityEPSS 0.5%CVE-2025-12968HIGHInfility Global <= 2.14.42 - Authenticated (Subscriber+) Arbitrary File UploadEPSS 0.5%CVE-2026-32931HIGHChamilo LMS has Arbitrary File Upload via MIME-Only Validation in Exercise Sound Upload Leads to RCEEPSS 0.5%CVE-2024-54285CRITICALWordPress SeedProd Pro plugin <= 6.18.10 - Remote Code Execution (RCE) vulnerabilityEPSS 0.5%CVE-2025-0213MEDIUMCampcodes Project Management System update_forms.php unrestricted uploadEPSS 0.5%CVE-2026-25200CRITICALA vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentication, leading to Stored XSS, which can rEPSS 0.5%CVE-2025-53970CRITICALSS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated attacker to upload arbitrary files and exeEPSS 0.5%CVE-2025-11755HIGHDelicious Recipes <= 1.9.0 - Authenticated (Contributor+) Arbitrary File UploadEPSS 0.5%CVE-2025-54762CRITICALSS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated attacker to upload arbitrary files and exeEPSS 0.5%CVE-2025-12171HIGHRESTful Content Syndication 1.1.0 - 1.5.0 - Authenticated (Contributor+) Arbitrary File UploadEPSS 0.5%CVE-2024-13201MEDIUMwander-chu SpringBoot-Blog Admin Attachment AttachtController.java upload unrestricted uploadEPSS 0.5%CVE-2024-37420CRITICALWordPress Zita Elementor Site Library plugin <= 1.6.1 - Arbitrary Code Execution vulnerabilityEPSS 0.5%CVE-2025-22782CRITICALWordPress WR Price List Manager For Woocommerce plugin <= 1.0.8 - Remote Code Execution (RCE) vulnerabilityEPSS 0.5%CVE-2025-35055HIGHNewforma Info Exchange (NIX) insecure file uploadEPSS 0.5%CVE-2024-37424CRITICALWordPress Newspack Blocks plugin <= 3.0.8 - Arbitrary File Upload vulnerabilityEPSS 0.5%CVE-2025-2978MEDIUMWCMS Article Publishing Page CKEditor unrestricted uploadEPSS 0.5%CVE-2024-3508MEDIUMBzip2: compressed content bomb leads to denial of service of bombastic apiEPSS 0.5%CVE-2024-46373HIGHDedecms V5.7.115 contains an arbitrary code execution via file upload vulnerability in the backend.EPSS 0.5%