Weaknesses of type CWE-434

2,819 results
CVE-2025-24489MEDIUMINFINITT Healthcare INFINITT PACS Unrestricted Upload of File with Dangerous TypeEPSS 0.3%CVE-2026-36387MEDIUMA Remote Code Execution vulnerability was found in CODEASTRO Membership Management System v1.0 in /add_members.php. This vulnerability affecEPSS 0.3%CVE-2025-26497HIGHUnrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Editor modules) allows AbEPSS 0.3%CVE-2025-26498HIGHUnrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (establish-connection-no-undo mEPSS 0.3%CVE-2025-27411MEDIUMREDAXO allows Arbitrary File Upload in the mediapool pageEPSS 0.3%CVE-2025-10741MEDIUMSelleo Mentingo Profile Picture unrestricted uploadEPSS 0.3%CVE-2025-11655MEDIUMTotal.js Flow SVG File unrestricted uploadEPSS 0.3%CVE-2025-66837MEDIUMA file upload vulnerability in ARIS 10.0.23.0.3587512 allows attackers to execute arbitrary code via uploading a crafted PDF file/MalwareEPSS 0.3%CVE-2025-13275MEDIUMIqbolshoh php-business-website about.php unrestricted uploadEPSS 0.3%CVE-2025-50897MEDIUMA vulnerability exists in riscv-boom SonicBOOM 1.2 (BOOMv1.2) processor implementation, where valid virtual-to-physical address translationsEPSS 0.3%CVE-2026-53909MEDIUMArbitrary File Upload in MCOEPSS 0.2%CVE-2024-42180LOWHCL MyXalytics is affected by a malicious file upload vulnerabilityEPSS 0.2%CVE-2025-62182MEDIUMPega Customer Service Framework versions 8.7.0 through 25.1.0 are affected by a Unrestricted file upload vulnerability, where a privileged user could potentially upload a malicious file.EPSS 0.2%CVE-2025-52449HIGHUnrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Extensible Protocol Service moEPSS 0.2%CVE-2025-67707MEDIUMUnvalidated File Upload vulnerability in ArcGIS Server.EPSS 0.2%CVE-2025-70849MEDIUMArbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /storEPSS 0.2%CVE-2026-45089HIGHDalfox: Unauthenticated Arbitrary File Create/Append via `output` Option in Dalfox Server ModeEPSS 0.2%CVE-2025-1500MEDIUMIBM Maximo Application Suite file uploadEPSS 0.2%CVE-2025-7487MEDIUMJoeyBling SpringBoot_MyBatisPlus upload SysFileController unrestricted uploadEPSS 0.2%CVE-2019-25626HIGHRiver Past Cam Do 3.7.6 Local Buffer Overflow in Activation CodeEPSS 0.2%