Weaknesses of type CWE-434

2,820 results
CVE-2025-13249MEDIUMJiusi OA OfficeServer unrestricted uploadEPSS 0.2%CVE-2026-11333MEDIUMtittuvarghese CollegeManagementSystem Student Data Upload Endpoint upload_student_data.php unrestricted uploadEPSS 0.2%CVE-2026-14775MEDIUMSourceCodester Onlne Examination & Learning Management System process_lesson.php unrestricted uploadEPSS 0.2%CVE-2026-14777MEDIUMSourceCodester Onlne Examination & Learning Management System announcements.php unrestricted uploadEPSS 0.2%CVE-2025-62802MEDIUMDNN CKEditor Provider allows unauthenticated upload out-of-the-boxEPSS 0.2%CVE-2023-26098HIGHAn issue was discovered in the Open Document feature in Telindus Apsal 3.14.2022.235 b. An attacker may upload a crafted file to execute arbEPSS 0.2%CVE-2026-28800MEDIUMNatro Macro: Malicious actions allowed through Discord RC Commands by any userEPSS 0.2%CVE-2026-28133HIGHWordPress Filr plugin <= 1.2.14 - Arbitrary File Upload vulnerabilityEPSS 0.2%CVE-2024-41340HIGHAn issue in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862EPSS 0.2%CVE-2025-54757MEDIUMMultiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malicious file uploaded byEPSS 0.2%CVE-2026-27605MEDIUMChartbrew: Stored Cross-Site Scripting (XSS) via File Upload APIEPSS 0.2%CVE-2025-12048HIGHAn arbitrary file upload vulnerability was reported in the Lenovo Scanner Pro client during an internal security assessment that could allowEPSS 0.2%CVE-2026-6211HIGHArbitrary File Upload in Global IT's WEOLLEPSS 0.2%CVE-2026-10807MEDIUMmjperpinosa stumasy change_profile_image.php unrestricted uploadEPSS 0.2%CVE-2026-10806MEDIUMmjperpinosa stumasy add_post.php unrestricted uploadEPSS 0.2%CVE-2025-13949MEDIUMProudMuBai GoFilm FileController.go SingleUpload unrestricted uploadEPSS 0.2%CVE-2026-14698MEDIUMSourceCodester Syllabus-Aligned Learning Management and Examination System upload_files.php unrestricted uploadEPSS 0.2%CVE-2026-6835MEDIUMaEnrich|a+HCM - Arbitrary File UploadEPSS 0.2%CVE-2025-14632MEDIUMFilr – Secure document library <= 1.2.11 - Authenticated (Administrator+) Stored Cross-Site Scripting via HTML UploadEPSS 0.2%CVE-2026-10172MEDIUMBdtask Multi-Store Inventory Management System Component Module.php upload unrestricted uploadEPSS 0.2%