Falhas do tipo CWE-434

2.812 resultados
CVE-2024-40513MEDIUMAn issue in themesebrand Chatvia v.5.3.2 allows a remote attacker to execute arbitrary code via the User profile Upload image function.EPSS 0.4%CVE-2025-58963CRITICALWordPress Medcity theme < 1.1.9 - Arbitrary File Upload vulnerabilityEPSS 0.4%CVE-2025-57148CRITICALphpgurukul Online Shopping Portal 2.0 is vulnerable to Arbitrary File Upload in /admin/insert-product.php, due to the lack of extension valiEPSS 0.4%CVE-2026-9009HIGHCrawlomatic Multipage Scraper Post Generator <= 2.7.2 - Authenticated (Author+) Remote Code Execution via 'callback_raw' Shortcode AttributeEPSS 0.4%CVE-2025-3410MEDIUMmymagicpower AIAS LocalStorageController.java unrestricted uploadEPSS 0.4%CVE-2026-44088HIGHRemote Code Execution in SzafirHostEPSS 0.4%CVE-2025-26325CRITICALShopXO 6.4.0 is vulnerable to File Upload in ThemeDataService.php.EPSS 0.4%CVE-2026-5482CRITICALRemote Code Execution via Unrestricted File Upload in Responsive FileManagerEPSS 0.4%CVE-2018-25162HIGH2-Plan Team 1.0.4 Arbitrary File Upload via managefile.phpEPSS 0.4%CVE-2025-0460MEDIUMBlog Botz for Journal Theme blog_add unrestricted uploadEPSS 0.4%CVE-2025-9942MEDIUMCodeAstro Real Estate Management System submitproperty.php unrestricted uploadEPSS 0.4%CVE-2025-47549CRITICALWordPress BEAF plugin <= 4.6.10 - Arbitrary File Upload VulnerabilityEPSS 0.4%CVE-2025-9941MEDIUMCodeAstro Real Estate Management System register.php unrestricted uploadEPSS 0.4%CVE-2025-1646MEDIUMLumsoft ERP ASPX File UploadAjaxAPI.ashx unrestricted uploadEPSS 0.4%CVE-2024-5050MEDIUMWangshen SecGate 3600 ?g=log_import_save unrestricted uploadEPSS 0.4%CVE-2025-32291CRITICALWordPress SUMO Affiliates Pro plugin < 11.1.0 - Arbitrary File Upload vulnerabilityEPSS 0.4%CVE-2026-50873CRITICALAn arbitrary file upload vulnerability in the attachment handling component of flatnotes v5.5.4 allows attackers to execute arbitrary code vEPSS 0.4%CVE-2025-48782CRITICALSoar Cloud HRD Human Resource Management System - Unrestricted Upload of File with Dangerous TypeEPSS 0.4%CVE-2024-28418MEDIUMWebedition CMS 9.2.2.0 has a File upload vulnerability via /webEdition/we_cmd.phpEPSS 0.4%CVE-2025-1070HIGHCWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could render the device inoperable when a malicious file EPSS 0.4%