Falhas do tipo CWE-434

2.821 resultados
CVE-2026-5670MEDIUMCyber-III Student-Management-System upload.php move_uploaded_file unrestricted uploadEPSS 0.2%CVE-2026-7732MEDIUMcode-projects BloodBank Managing System request_blood.php unrestricted uploadEPSS 0.2%CVE-2025-60187MEDIUMWordPress Atarim plugin <= 4.2.1 - Arbitrary File Upload vulnerabilityEPSS 0.2%CVE-2026-5181MEDIUMSourceCodester Simple Doctors Appointment System ajax.php unrestricted uploadEPSS 0.2%CVE-2025-9795MEDIUMxujeff tianti 天梯 UploadController.java ajaxUploadFile unrestricted uploadEPSS 0.2%CVE-2025-55810MEDIUMA vulnerability was found in Alaga Home Security WiFi Camera 3K (model S-CW2503C-H) with hardware version V03 and firmware version 1.4.2, whEPSS 0.2%CVE-2025-15415MEDIUMxnx3 wangmarket XML File uploadImage.do uploadImage unrestricted uploadEPSS 0.2%CVE-2024-9544MEDIUMMapSVG - All Kinds of Maps and Store Locator for WordPress <= 8.6.4 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.2%CVE-2026-23704MEDIUMA non-administrative user can upload malicious files. When an administrator or the product accesses that file, an arbitrary script may be exEPSS 0.2%CVE-2023-53876MEDIUMAcademy LMS 6.1 Arbitrary File Upload Vulnerability via Profile SettingsEPSS 0.2%CVE-2025-15152MEDIUMh-moses moga-mall PmsProductController.java addProduct unrestricted uploadEPSS 0.2%CVE-2026-7044MEDIUMGreenCMS index.php themeadd unrestricted uploadEPSS 0.2%CVE-2026-7107MEDIUMcode-projects Invoice System in Laravel company unrestricted uploadEPSS 0.2%CVE-2026-10205MEDIUMMetasoft 美特软件 MetaCRM upload.jsp unrestricted uploadEPSS 0.2%CVE-2026-4505MEDIUMeosphoros-ai DB-GPT FastAPI Endpoint controller.py module_plugin.refresh_plugins unrestricted uploadEPSS 0.2%CVE-2026-5472MEDIUMProjectsAndPrograms School Management System Profile Picture settings.php unrestricted uploadEPSS 0.2%CVE-2026-7043MEDIUMGreenCMS index.php pluginAddLocal unrestricted uploadEPSS 0.2%CVE-2026-1969MEDIUMThemeREX Addons < 2.38.5 - Unauthenticated Arbitrary File UploadEPSS 0.2%CVE-2025-2819MEDIUMUnrestricted FileuploadEPSS 0.2%CVE-2026-32278HIGHConnect CMS has Stored Cross-site Scripting (XSS) in the File Field of its Form PluginEPSS 0.2%