Falhas do tipo CWE-434
2.786 resultadosCVE-2022-1565HIGHImport any XML or CSV File to WordPress <= 3.6.7 - Admin+ Malicious File UploadEPSS 11.3%CVE-2025-53119HIGHSecurden Unified PAM Unauthenticated Unrestricted File UploadEPSS 11.0%CVE-2020-15645HIGHThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. AlthougEPSS 10.7%CVE-2021-43258HIGHCartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated accEPSS 10.5%CVE-2024-6127CRITICALBC Security Empire Path Traversal RCEEPSS 10.3%CVE-2025-61687HIGHFlowiseAI/Flosise has File Upload vulnerabilityEPSS 10.2%CVE-2016-15043CRITICALWP Mobile Detector <= 3.5 - Arbitrary File UploadEPSS 10.0%CVE-2025-34077CRITICALWordPress Pie Register Plugin ≤ 3.7.1.4 Authentication Bypass RCEEPSS 9.9%CVE-2023-38098HIGHNETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution VulnerabilityEPSS 9.8%CVE-2024-7074MEDIUMAuthenticated Arbitrary File Upload in Multiple WSO2 Products via SOAP Admin Service Leading to Remote Code ExecutionEPSS 9.8%CVE-2020-8866MEDIUMThis vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. AuEPSS 9.6%CVE-2024-29272MEDIUMArbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and oEPSS 9.4%CVE-2025-50286HIGHA Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/toEPSS 8.7%CVE-2022-46604HIGHAn issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a craftEPSS 8.6%CVE-2025-34511HIGHSitecore PowerShell Extension RCE via Unrestricted UploadEPSS 8.5%CVE-2025-61808CRITICALColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)EPSS 8.5%CVE-2021-24160—Responsive Menu 4.0.0 - 4.0.3 - Authenticated Arbitrary File UploadEPSS 8.4%CVE-2021-27274CRITICALThis vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System EPSS 8.2%CVE-2021-24212—WooCommerce Help Scout < 2.9.1 - Unauthenticated Arbitrary File Upload leading to RCEEPSS 7.9%CVE-2021-22937—A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously cEPSS 7.8%