Weaknesses of type CWE-434
2,821 resultsCVE-2026-27146HIGHGetSimple CMS: Cross-Site Request Forgery (CSRF) in File Upload Allows Arbitrary UploadsEPSS 0.2%CVE-2025-51736MEDIUMFile upload vulnerability in HCL Technologies Ltd. Unica 12.0.0.EPSS 0.2%CVE-2024-28520MEDIUMFile Upload vulnerability in Byzoro Networks Smart multi-service security gateway intelligent management platform version S210, allows an atEPSS 0.2%CVE-2024-47151MEDIUMSome Honor products are affected by file writing vulnerability, successful exploitation could cause code executionEPSS 0.2%CVE-2023-31428MEDIUMCLI allows upload or transfer files of dangerous typesEPSS 0.2%CVE-2026-48946MEDIUMJoomla Extension - getk2.org - Privileged RCE vulnerability in K2 extension for Joomla < 2.26EPSS 0.2%CVE-2025-13462LOWtarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handlingEPSS 0.2%CVE-2025-48953MEDIUMUmbraco Vulnerable to By-Pass of Configured Allowed Extensions for File UploadsEPSS 0.2%CVE-2025-47939MEDIUMTYPO3 CMS Vulnerable to Unrestricted File Upload in File Abstraction LayerEPSS 0.2%CVE-2025-24815HIGHAn unrestricted file upload vulnerability in Nokia MantaRay NMEPSS 0.2%CVE-2026-30280MEDIUMAn arbitrary file overwrite vulnerability in RAREPROB SOLUTIONS PRIVATE LIMITED Video player Play All Videos v1.0.135 allows attackers to ovEPSS 0.1%CVE-2026-3219MEDIUMpip doesn't reject concatenated ZIP and tar archivesEPSS 0.1%CVE-2019-25616MEDIUMAnMing MP3 CD Burner 2.0 Local Denial of ServiceEPSS 0.1%CVE-2026-53948MEDIUMGhost: File Upload Content-Type SpoofingEPSS 0.1%CVE-2025-15067HIGHUnrestricted File Upload and RCE in Innorix WPEPSS 0.1%CVE-2026-9157HIGHRemote Code Execution in Gmission Web FAXEPSS 0.1%CVE-2026-14489HIGHWHMCS Bridge <= 6.9 - Unauthenticated Arbitrary File Upload via 'ccce' ParameterEPSS —CVE-2026-23698HIGHVtiger CRM 8.4.0 Authenticated RCE via Module Import File UploadEPSS —CVE-2026-23697HIGHVtiger CRM < 8.4.0 Authenticated File Upload RCE via Documents ModuleEPSS —CVE-2026-14158HIGHWidget Logic Visual <= 1.52 - Authenticated (Subscriber+) Remote Code Execution via 'nwlv[cod-tag]' ParameterEPSS —