Falhas do tipo CWE-434
2.786 resultadosCVE-2023-32562MEDIUMAn unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker tEPSS 38.4%CVE-2022-4732MEDIUMUnrestricted Upload of File with Dangerous Type in microweber/microweberEPSS 38.2%CVE-2022-47878CRITICALIncorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authenticated users to specifyEPSS 38.1%CVE-2024-9932CRITICALWux Blog Editor <= 3.0.0 - Unauthenticated Arbitrary File UploadEPSS 37.8%CVE-2025-7441CRITICALStoryChief <= 1.0.42 - Unauthenticated Arbitrary File UploadEPSS 37.3%CVE-2021-32955—Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may allow an attacker to remotely execute code.EPSS 37.3%CVE-2026-3844CRITICALBreeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remoteEPSS 36.5%CVE-2024-6220CRITICAL简数采集器 (Keydatas) <= 2.5.2 - Unauthenticated Arbitrary File UploadEPSS 35.7%CVE-2023-5145MEDIUMD-Link DAR-7000 licence.php unrestricted uploadEPSS 34.3%CVE-2022-48194HIGHTP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoSEPSS 33.5%CVE-2023-5146MEDIUMD-Link DAR-7000/DAR-8000 updatelib.php unrestricted uploadEPSS 32.9%CVE-2023-2523HIGHWeaver E-Office unrestricted uploadEPSS 32.9%CVE-2026-1357CRITICALMigration, Backup, Staging <= 0.9.123 - Unauthenticated Arbitrary File UploadEPSS 32.7%CVE-2025-6440CRITICALWooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File UploadEPSS 31.8%CVE-2026-28289CRITICALFreeScout 1.8.206 Patch Bypass for CVE-2026-27636 via Zero-Width Space Character Leads to Remote Code ExecutionEPSS 31.1%CVE-2023-5148MEDIUMD-Link DAR-7000/DAR-8000 uploadfile.php unrestricted uploadEPSS 30.7%CVE-2024-57968CRITICALAdvantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessibleEPSS 30.3%KEVCVE-2023-50564HIGHAn arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary EPSS 29.1%CVE-2023-2648MEDIUMWeaver E-Office uploadify.php unrestricted uploadEPSS 28.5%CVE-2018-4063HIGHAn exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A speciEPSS 28.1%KEV