Weaknesses of type CWE-434
2,792 resultsCVE-2023-4223HIGHChamilo LMS File Upload Functionality Remote Code ExecutionEPSS 1.8%CVE-2023-4224HIGHChamilo LMS File Upload Functionality Remote Code ExecutionEPSS 1.8%CVE-2025-4403CRITICALDrag and Drop Multiple File Upload for WooCommerce <= 1.1.6 - Unauthenticated Arbitrary File Upload via upload FunctionEPSS 1.8%CVE-2020-36706CRITICALSimple:Press – WordPress Forum Plugin <= 6.6.0 - Arbitrary File UploadEPSS 1.8%CVE-2021-4354HIGHPWA for WP & AMP <= 1.7.32 - Arbitrary File UploadEPSS 1.8%CVE-2017-16736—An Unrestricted Upload Of File With Dangerous Type issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows a remEPSS 1.8%CVE-2022-41705CRITICALBadaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because thEPSS 1.8%CVE-2019-1010062—PluckCMS 4.7.4 and earlier is affected by: CWE-434 Unrestricted Upload of File with Dangerous Type. The impact is: get webshell. The componeEPSS 1.8%CVE-2024-7694HIGHTeamT5 ThreatSonar Anti-Ransomware - Arbitrary File UploadEPSS 1.8%KEVCVE-2024-51793CRITICALWordPress RepairBuddy plugin <= 3.8115 - Arbitrary File Upload vulnerabilityEPSS 1.8%CVE-2023-5822HIGHDrag and Drop Multiple File Upload - Contact Form 7 <= 1.3.7.3 - Unauthenticated Arbitrary File UploadEPSS 1.8%CVE-2020-26295HIGHCMS Editor code executionEPSS 1.8%CVE-2023-28731CRITICALUnauthenticated RCE affecting the AcyMailing plugin for JoomlaEPSS 1.8%CVE-2023-31541CRITICALA unrestricted file upload vulnerability was discovered in the ‘Browse and upload images’ feature of the CKEditor v1.2.3 plugin for Redmine,EPSS 1.8%CVE-2021-24311—External Media < 1.0.34 - Authenticated Arbitrary File UploadEPSS 1.8%CVE-2022-40037CRITICALAn issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to escalate privileges and execute arbitrary commands via the component EPSS 1.8%CVE-2021-27459—A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The webserver of the affected products alloEPSS 1.8%CVE-2022-45771HIGHAn issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escalate privileges and execute arbitrary code via uploading a crEPSS 1.8%CVE-2020-14488HIGHOpenClinic GAEPSS 1.7%CVE-2021-29092HIGHUnrestricted upload of file with dangerous type vulnerability in file management component in Synology Photo Station before 6.8.14-3500 alloEPSS 1.7%