Fallos del tipo CWE-73
466 resultadosCVE-2025-3812HIGHWPBot Pro Wordpress Chatbot <= 13.6.2 - Authenticated (Subscriber+) Arbitrary File DeletionEPSS 0.5%CVE-2025-54945CRITICALSUNNET Corporate Training Management System - External Control of File Name or PathEPSS 0.5%CVE-2024-9575HIGHLocal File Inclusion in pretix-widget WordPress pluginEPSS 0.5%CVE-2026-27211CRITICALCloud Hypervisor: Host File Exfiltration via QCOW Backing File AbuseEPSS 0.5%CVE-2026-5809HIGHwpForo Forum <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion via 'data[body][fileurl]' ParameterEPSS 0.5%CVE-2024-55371CRITICALWallos <= 2.38.2 has a file upload vulnerability in the restore backup function, which allows authenticated users to restore backups by uploEPSS 0.5%CVE-2025-9529MEDIUMCampcodes Payroll Management System index.php include file inclusionEPSS 0.5%CVE-2026-25628HIGHQdrant affected by arbitrary file write via `/logger` endpointEPSS 0.5%CVE-2025-65473CRITICALAn arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6 and below allows attackers with AdministraEPSS 0.5%CVE-2026-33989HIGH@mobilenext/mobile-mcp alllows arbitrary file write via Path Traversal in mobile screen capture toolsEPSS 0.5%CVE-2022-34765MEDIUMA CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-contEPSS 0.5%CVE-2024-10672LOWMultiple Page Generator Plugin – MPG <= 4.0.2 - Authenticated (Editor+) Directory Traversal to Limited File DeletionEPSS 0.5%CVE-2026-47357CRITICALTerrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the remote_url parameter in the remote directory scan eEPSS 0.5%CVE-2026-47358CRITICALTerrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via external URL resolution in uploaded IaC templates when EPSS 0.5%CVE-2024-28826HIGHUnrestricted upload and download paths in check_sftpEPSS 0.5%CVE-2023-43074MEDIUM
Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerEPSS 0.5%CVE-2025-33117CRITICALIBM QRadar SIEM command executionEPSS 0.5%CVE-2024-38040HIGHBUG-000167984 - Portal for ArcGIS has a Local file inclusion (LFI) vulnerabilityEPSS 0.5%CVE-2024-57394HIGHThe quarantine - restore function in Qi-ANXIN Tianqing Endpoint Security Management System v10.0 allows user to restore a malicious file to EPSS 0.5%CVE-2025-13380MEDIUMAI Engine for WordPress: ChatGPT, GPT Content Generator <= 1.0.1 - Authenticated (Contributor+) Arbitrary File ReadEPSS 0.5%