Weaknesses of type CWE-434
2,786 resultsCVE-2020-13671HIGHDrupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extenEPSS 4.3%KEVCVE-2021-34997HIGHThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authEPSS 4.2%CVE-2021-21014CRITICALMagento Commerce Arbitrary Folder Empty Could Lead To Arbitrary Code ExecutionEPSS 4.2%CVE-2026-5718HIGHDrag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist BypassEPSS 4.2%CVE-2023-52324HIGHAn unrestricted file upload vulnerability in Trend Micro Apex Central could allow a remote attacker to create arbitrary files on affected inEPSS 4.1%CVE-2023-48777CRITICALWordPress Elementor plugin 3.3.0-3.18.1 - Arbitrary File Upload vulnerabilityEPSS 4.1%CVE-2021-39145HIGHXStream is vulnerable to an Arbitrary Code Execution attackEPSS 4.1%CVE-2019-3940—Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. An unauthenticated, remote attacker can use thiEPSS 4.1%CVE-2019-18288—A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with valid authentiEPSS 4.0%CVE-2024-39717MEDIUMThe Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logEPSS 4.0%KEVCVE-2021-24220—All Thrive Themes Legacy Themes < 2.0.0 - Unauthenticated Arbitrary File Upload and Option DeletionEPSS 3.9%CVE-2022-20743MEDIUMCisco Firepower Management Center File Upload Security Bypass VulnerabilityEPSS 3.9%CVE-2021-22698—A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 aEPSS 3.9%CVE-2024-8425CRITICALWooCommerce Ultimate Gift Card <= 2.9.2 - Unauthenticated Arbitrary File UploadEPSS 3.9%CVE-2025-2749HIGHKentico Xperience <= 13.0.178 Staging Media File Upload Authenticated RCEEPSS 3.9%KEVCVE-2024-31777CRITICALFile Upload vulnerability in openeclass v.3.15 and before allows an attacker to execute arbitrary code via a crafted file to the certbadge.pEPSS 3.8%CVE-2020-6008—LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to arbitrary file write leading to remote code executionEPSS 3.8%CVE-2018-11091CRITICALAn issue was discovered in MyBiz MyProcureNet 5.0.0. A malicious file can be uploaded to the webserver by an attacker. It is possible for anEPSS 3.8%CVE-2021-24376—Autoptimize < 2.7.8 - Arbitrary File Upload via "Import Settings"EPSS 3.7%CVE-2023-3049CRITICALFile Upload in TMT's LockcellEPSS 3.7%