Falhas do tipo CWE-434

2.812 resultados
CVE-2020-37073HIGHVictor CMS 1.0 - Authenticated Arbitrary File UploadEPSS 0.5%CVE-2025-8379MEDIUMCampcodes Online Hotel Reservation System edit_room.php unrestricted uploadEPSS 0.5%CVE-2025-11967HIGHMail Mint <= 1.18.10 - Authenticated (Admin+) Arbitrary File UploadEPSS 0.5%CVE-2026-27540CRITICALWordPress Woocommerce Wholesale Lead Capture plugin <= 2.0.3.1 - Arbitrary File Upload vulnerabilityEPSS 0.5%CVE-2025-10009HIGHAuthenticated admin RCE in Invoice NinjaEPSS 0.5%CVE-2025-31342CRITICALGalaxy Software Services Vitals ESP Forum Module - Unrestricted Upload of File with Dangerous TypeEPSS 0.5%CVE-2024-35375CRITICALThere is an arbitrary file upload vulnerability on the media add .php page in the backend of the website in version 5.7.114 of DedeCMSEPSS 0.5%CVE-2024-13210MEDIUMdonglight bookstore电商书城系统说明 AdminBookController. java uploadPicture unrestricted uploadEPSS 0.5%CVE-2025-27692MEDIUMDell Wyse Management Suite, versions prior to WMS 5.1, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high priEPSS 0.5%CVE-2025-2973MEDIUMcode-projects College Management System student.php unrestricted uploadEPSS 0.5%CVE-2025-22504CRITICALWordPress 4ECPS Web Forms Plugin <= 0.2.18 - Arbitrary File Upload vulnerabilityEPSS 0.5%CVE-2025-13067HIGHRoyal Addons for Elementor <= 1.7.1049 - Authenticated (Author+) Arbitrary File Upload via main.php Upload BypassEPSS 0.5%CVE-2024-58295HIGHElkArte Forum 1.1.9 Authenticated Remote Code Execution via Theme UploadEPSS 0.5%CVE-2025-12161HIGHSmart Auto Upload Images <= 1.2.0 - Authenticated (Contributor+) Arbitrary File UploadEPSS 0.5%CVE-2024-1027MEDIUMSourceCodester Facebook News Feed Like Post unrestricted uploadEPSS 0.5%CVE-2026-22327CRITICALWordPress Restaurt theme <= 1.0.4 - Arbitrary File Upload vulnerabilityEPSS 0.5%CVE-2024-9278MEDIUMHuankeMao SCRM Administrator Backend WxkConfig.php upload_domain_verification_file unrestricted uploadEPSS 0.5%CVE-2026-7490HIGHSunnet|CTMS and CPAS - Arbitrary File UploadEPSS 0.5%CVE-2026-23802CRITICALWordPress AI Engine plugin <= 3.3.2 - Arbitrary File Upload vulnerabilityEPSS 0.5%CVE-2025-68910CRITICALWordPress Blogzee theme <= 1.0.5 - Arbitrary File Upload vulnerabilityEPSS 0.5%