Weaknesses of type CWE-434
2,792 resultsCVE-2021-4382HIGHRecently <= 3.0.4 - Arbitrary File Upload to Remote Code ExectutionEPSS 1.6%CVE-2021-21355HIGHUnrestricted File Upload in Form FrameworkEPSS 1.6%CVE-2012-10027CRITICALWordPress Plugin WP-Property <= 1.35.0 PHP File UploadEPSS 1.6%CVE-2024-31351CRITICALWordPress Copymatic plugin <= 1.6 - Unauthenticated Arbitrary File Upload vulnerabilityEPSS 1.6%CVE-2024-13986HIGHNagios XI < 2024R1.3.2 Authenticated Arbitrary File Upload Path Traversal RCEEPSS 1.6%CVE-2024-9659CRITICALSchool Management <= 91.5.0 - Unauthenticated Arbitrary File UploadEPSS 1.6%CVE-2023-23607CRITICALUnrestricted file upload leads to Remote Code Execution in erohtar/DasherrEPSS 1.6%CVE-2025-7340CRITICALHT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. <= 2.2.1 - Unauthenticated Arbitrary File UploadEPSS 1.6%CVE-2025-67506CRITICALPipesHub Vulnerable to Path Traversal through Unauthenticated Arbitrary File UploadEPSS 1.6%CVE-2024-25414CRITICALAn arbitrary file upload vulnerability in /admin/upgrade of CSZ CMS v1.3.0 allows attackers to execute arbitrary code via uploading a crafteEPSS 1.6%CVE-2026-28270MEDIUMKiteworks Core has an Unrestricted Upload of File with Dangerous TypeEPSS 1.6%CVE-2021-21357HIGHBroken Access Control in Form FrameworkEPSS 1.6%CVE-2024-20272HIGHA vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arEPSS 1.6%CVE-2014-125116CRITICALHybridAuth 2.0.9 - 2.2.2 Unauthenticated RCE via install.php Configuration InjectionEPSS 1.6%CVE-2023-0265HIGHUvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. This is possible because the application doeEPSS 1.6%CVE-2013-10054CRITICALLibrettoCMS File Manager Arbitrary File UploadEPSS 1.6%CVE-2026-21536CRITICALMicrosoft Devices Pricing Program Remote Code Execution VulnerabilityEPSS 1.6%CVE-2013-10038CRITICALFlashChat Arbitrary File Upload RCEEPSS 1.6%CVE-2020-10621—Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2).EPSS 1.6%CVE-2012-10044CRITICALMobileCartly 1.0 savepage.php Arbitrary File CreationEPSS 1.6%