Weaknesses of type CWE-434
2,809 resultsCVE-2025-3324MEDIUMgodcheese/code-projects Nimrod FileRestController.java unrestricted uploadEPSS 0.5%CVE-2025-3565MEDIUMhuanfenz/code-projects StudentManager Announcement Management Section uploadArticle.do unrestricted uploadEPSS 0.5%CVE-2014-0468CRITICALVulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that
the users would have uploadEPSS 0.5%CVE-2025-54447HIGHUnrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affEPSS 0.5%CVE-2025-23171HIGHThe Versa Director SD-WAN orchestration platform provides an option to upload various types of files. The Versa Director does not correctly EPSS 0.5%CVE-2025-39401CRITICALWordPress WPAMS plugin <= 44.0 (17-08-2023) - Arbitrary File Upload vulnerabilityEPSS 0.5%CVE-2022-2746MEDIUMSourceCodester Simple Online Book Store System Admin_ add.php unrestricted uploadEPSS 0.5%CVE-2025-46068HIGHAn issue in Automai Director v.25.2.0 allows a remote attacker to execute arbitrary code via the update mechanismEPSS 0.5%CVE-2023-40731MEDIUMA vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application allows users to upload arbitrary filEPSS 0.5%CVE-2025-22723CRITICALWordPress Barcode Scanner and Inventory manager plugin <= 1.6.7 - Arbitrary File Upload vulnerabilityEPSS 0.5%CVE-2024-9504HIGHBooking calendar, Appointment Booking System <= 3.2.15 - Unauthenticated Stored Cross-Site Scripting via SVG File UploadEPSS 0.5%CVE-2022-42443LOWTrusteer for mobile file uploadEPSS 0.5%CVE-2024-53982HIGHArbitrary file download in Zoo-Project Echo ExampleEPSS 0.5%CVE-2024-41454MEDIUMAn arbitrary file upload vulnerability in the UI login page logo upload function of Process Maker pm4core-docker 4.1.21-RC7 allows attackersEPSS 0.5%CVE-2025-59710HIGHAn issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the loading a DLL file. EPSS 0.5%CVE-2023-28814CRITICALSome versions of Hikvision's iSecure Center Product have an improper file upload control vulnerability. Due to the improper verification of EPSS 0.5%CVE-2023-30791HIGHPlane 0.7.1 - Insecure file uploadEPSS 0.5%CVE-2023-3796MEDIUMBug Finder Foody Friend Profile Picture profile unrestricted uploadEPSS 0.5%CVE-2025-6327CRITICALWordPress King Addons for Elementor plugin <= 51.1.36 - Arbitrary File Upload vulnerabilityEPSS 0.5%CVE-2025-6843MEDIUMcode-projects Simple Photo Gallery upload-photo.php unrestricted uploadEPSS 0.5%