Falhas do tipo CWE-434

2.805 resultados
CVE-2025-29411CRITICALAn arbitrary file upload vulnerability in the Client Profile Update section of Mart Developers iBanking v2.0.0 allows attackers to execute aEPSS 0.6%CVE-2025-6161MEDIUMSourceCodester Simple Food Ordering System editproduct.php unrestricted uploadEPSS 0.6%CVE-2026-9102CRITICALPath Traversal in Altium Enterprise Server ComparisonService Allows Arbitrary File WriteEPSS 0.6%CVE-2024-52490CRITICALWordPress Pathomation plugin <= 2.5.1 - Arbitrary File Upload vulnerabilityEPSS 0.6%CVE-2025-13069HIGHEnable SVG, WebP, and ICO Upload <= 1.1.3 - Authenticated (Author+) Arbitrary File Upload via ICO Upload BypassEPSS 0.6%CVE-2024-9975MEDIUMSourceCodester Drag and Drop Image Upload upload.php unrestricted uploadEPSS 0.6%CVE-2024-25802CRITICALSKINsoft S-Museum 7.02.3 allows Unrestricted File Upload via the Add Media function. Unlike in CVE-2024-25801, the attack payload is the filEPSS 0.6%CVE-2023-43269CRITICALpigcms up to 7.0 was discovered to contain an arbitrary file upload vulnerability.EPSS 0.6%CVE-2024-28425HIGHgreykite v1.0.0 was discovered to contain an arbitrary file upload vulnerability in the load_obj function at /templates/pickle_utils.py. ThiEPSS 0.6%CVE-2023-40784CRITICALDedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/module_make.php.EPSS 0.6%CVE-2025-0471CRITICALUnrestricted Upload of File with Dangerous Type vulnerability in PMB platformEPSS 0.6%CVE-2024-51792CRITICALWordPress Audio Record plugin <= 1.0 - Arbitrary File Upload vulnerabilityEPSS 0.6%CVE-2026-35174CRITICALChyrp Lite has a Path Traversal to Remote Code ExecutionEPSS 0.6%CVE-2023-53950CRITICALInnovaStudio WYSIWYG Editor 5.4 Unrestricted File Upload via Filename ManipulationEPSS 0.6%CVE-2024-11122MEDIUM上海灵当信息科技有限公司 Lingdang CRM index.php unrestricted uploadEPSS 0.6%CVE-2025-0722MEDIUMneedyamin image_gallery Cover Image gallery.php unrestricted uploadEPSS 0.6%CVE-2024-51789CRITICALWordPress Image Classify plugin <= 1.0.0 - Arbitrary File Upload vulnerabilityEPSS 0.6%CVE-2025-61506CRITICALAn issue was discovered in MediaCrush thru 1.0.1 allowing remote unauthenticated attackers to upload arbitrary files of any size to the /uplEPSS 0.6%CVE-2023-40051CRITICALProgress Application Server (PAS) for OpenEdge File Upload via Directory TraversalEPSS 0.6%CVE-2023-51475CRITICALWordPress WP MLM Unilevel Plugin <= 4.0 is vulnerable to Arbitrary File UploadEPSS 0.6%