Weaknesses of type CWE-434
2,792 resultsCVE-2021-28173CRITICALVangene deltaFlow E-platform - Arbitrary File UploadEPSS 1.6%CVE-2021-24248—Business Directory Plugin < 5.11.1 - Authenticated PHP4 Upload to RCEEPSS 1.6%CVE-2025-32028CRITICALHAX CMS PHP allows Insecure File Upload to Lead to Remote Code ExecutionEPSS 1.6%CVE-2023-6574MEDIUMByzoro Smart S20 HTTP POST Request updateos.php unrestricted uploadEPSS 1.6%CVE-2022-36066CRITICALDiscourse vulnerable to RCE via admins uploading maliciously zipped fileEPSS 1.6%CVE-2025-59118HIGHApache OFBiz: Critical Remote Command Execution via Unrestricted File UploadEPSS 1.6%CVE-2023-25828HIGHAuthenticate Remote Code Execution in Pluck CMSEPSS 1.6%CVE-2024-3022HIGHBookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.0.87 - Authenticated (Admin+) Arbitrary File UploadEPSS 1.6%CVE-2021-32630CRITICALVariousEPSS 1.6%CVE-2024-4033HIGHAll-in-One Video Gallery <= 3.6.4 - Authenticated (Contributor+) Arbitrary File Upload via featured imageEPSS 1.6%CVE-2022-41711CRITICALBadaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because thEPSS 1.6%CVE-2015-1784—In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the weEPSS 1.6%CVE-2023-6635HIGHEditorsKit <= 1.40.3 - Authenticated (Administrator+) Arbitrary File UploadEPSS 1.6%CVE-2022-34965HIGHOpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an arbitrary file upload vulnerability via the component /EPSS 1.5%CVE-2025-5243CRITICALArbitrary File Upload in SMG Software's Information PortalEPSS 1.5%CVE-2024-28713CRITICALAn issue in Mblog Blog system v.3.5.0 allows an attacker to execute arbitrary code via a crafted file to the theme management feature.EPSS 1.5%CVE-2024-52380CRITICALWordPress Picsmize plugin <= 1.0.0 - Arbitrary File Upload vulnerabilityEPSS 1.5%CVE-2023-25654CRITICALbaserCMS File Uploader Remote Code Execution (RCE) vulnerabilityEPSS 1.5%CVE-2020-36701HIGHPage Builder: KingComposer < 2.9.4 - Arbitrary File UploadEPSS 1.5%CVE-2018-25019—LearnDash < 2.5.4 - Unauthenticated Arbitrary File UploadEPSS 1.5%