Falhas do tipo CWE-434
2.805 resultadosCVE-2025-8120CRITICALRemote Code Execution via Unrestricted File Upload in PAD CMSEPSS 0.5%CVE-2025-57794CRITICALUnrestricted File Upload Vulnerability in Explorance BlueEPSS 0.5%CVE-2026-11419CRITICALPath Traversal in Altium Enterprise Server Vault UploadController Allows Arbitrary File WriteEPSS 0.5%CVE-2024-32809CRITICALWordPress ActiveDEMAND plugin <= 0.2.41 - Arbitrary File Upload vulnerabilityEPSS 0.5%CVE-2024-8164MEDIUMChengdu Everbrite Network Technology BeikeShop FileManagerController.php rename unrestricted uploadEPSS 0.5%CVE-2024-45076CRITICALIBM webMethods Integration code executionEPSS 0.5%CVE-2025-7917HIGHSimopro Technology|WinMatrix3 Web package - Arbitrary File UploadEPSS 0.5%CVE-2024-8940CRITICALUnrestricted Upload of File with Dangerous Type vulnerability on ScriptcaseEPSS 0.5%CVE-2024-56829CRITICALHuang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a .asp filename in the fileName element of theEPSS 0.5%CVE-2025-61417HIGHCross-Site Scripting (XSS) vulnerability exists in TastyIgniter 3.7.7, affecting the /admin/media_manager component. Attackers can upload a EPSS 0.5%CVE-2025-4413HIGHPixabay Images <= 3.4 - Authenticated (Author+) Arbitrary File UploadEPSS 0.5%CVE-2024-53619MEDIUMAn authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3 allows attackers to execute arbitrary code via uEPSS 0.5%CVE-2026-1565HIGHUser Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.2.8 - Authenticated (Author+) Arbitrary File UploadEPSS 0.5%CVE-2022-2872LOWUnrestricted Upload of File with Dangerous Type in octoprint/octoprintEPSS 0.5%CVE-2025-10907HIGHAuthenticated Arbitrary File Upload in Multiple WSO2 Products via SOAP Admin Services Leading to Remote Code ExecutionEPSS 0.5%CVE-2025-29009CRITICALWordPress Medical Prescription Attachment Plugin for WooCommerce <= 1.2.3 - Arbitrary File Upload VulnerabilityEPSS 0.5%CVE-2025-13689HIGHDataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environmentEPSS 0.5%CVE-2026-5524CRITICALDivi Form Builder <= 5.1.8 - Unauthenticated Arbitrary File Upload Leading to Remote Code Execution via 'acceptFileTypes' ParameterEPSS 0.5%CVE-2026-0911HIGHHustle <= 7.8.9.2 - Authenticated (Subscriber+) Arbitrary File Upoload via Module ImportEPSS 0.5%CVE-2025-3123MEDIUMWonderCMS Theme Installation/Plugin Installation installUpdateModuleAction unrestricted uploadEPSS 0.5%