Weaknesses of type CWE-434
2,792 resultsCVE-2023-6449MEDIUMContact Form 7 <= 5.8.3 - Authenticated (Editor+) Arbitrary File UploadEPSS 1.7%CVE-2021-41178HIGHFile Traversal affecting SVG files on Nextcloud ServerEPSS 1.7%CVE-2024-9698HIGHCrafthemes Demo Import <= 3.3 - Authenticated (Admin+) Arbitrary File Upload in process_uploaded_filesEPSS 1.7%CVE-2023-5491MEDIUMByzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform updatelib.php unrestricted uploadEPSS 1.7%CVE-2023-5489MEDIUMByzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform uploadfile.php unrestricted uploadEPSS 1.7%CVE-2023-5490MEDIUMByzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform userattestation.php unrestricted uploadEPSS 1.7%CVE-2023-5493MEDIUMByzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform web.php unrestricted uploadEPSS 1.7%CVE-2021-4225—SP Project & Document Manager < 4.24 - Subscriber+ Shell UploadEPSS 1.7%CVE-2024-1253MEDIUMByzoro Smart S40 Management Platform Import web.php unrestricted uploadEPSS 1.7%CVE-2005-0254LOWBibORB 1.3.2, and possibly earlier versions, does not properly enforce a restriction for uploading only PDF and PS files, which allows remotEPSS 1.7%CVE-2021-24216—All-in-One WP Migration < 7.41 - Admin+ Arbitrary File Upload to RCEEPSS 1.7%CVE-2025-34121CRITICALIdera Up.Time ≤ 7.2 post2file.php Arbitrary File Upload RCEEPSS 1.7%CVE-2023-5636CRITICALMalicious File Upload in ArslanSoft's Education PortalEPSS 1.7%CVE-2021-24252—Event Banner <= 1.3 - Arbitrary File Upload to RCEEPSS 1.7%CVE-2022-1008—One Click Demo Import < 3.1.0 - Admin+ Arbitrary File UploadEPSS 1.7%CVE-2023-26262HIGHAn issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists EPSS 1.7%CVE-2021-39317HIGHAccessPress Themes - Authenticated Malicious File UploadEPSS 1.7%CVE-2021-35002HIGHBMC Track-It! Unrestricted File Upload Remote Code Execution VulnerabilityEPSS 1.7%CVE-2021-24123—PowerPress < 8.3.8 - Authenticated Arbitrary File Upload leading to RCEEPSS 1.6%CVE-2022-27862CRITICALWordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 - Arbitrary File Upload leading to RCEEPSS 1.6%