Weaknesses of type CWE-434
2,792 resultsCVE-2026-32985CRITICALXerte Online Toolkits <= 3.14 Unauthenticated Template Import Arbitrary File Upload Leading to Remote Code ExecutionEPSS 1.5%CVE-2024-28105HIGHphpMyFAQ's File Upload Bypass at Category Image Leads to RCEEPSS 1.5%CVE-2021-4080HIGHUnrestricted Upload of File with Dangerous Type in crater-invoice/craterEPSS 1.5%CVE-2020-26255MEDIUMPHP Phar archives could be uploaded and executed in KirbyEPSS 1.5%CVE-2022-1273—Import WP < 2.4.6 - Admin+ Arbitrary File Upload to RCEEPSS 1.5%CVE-2023-26578HIGHArbitrary File Upload to Web Root In IDAttend’s IDWeb ApplicationEPSS 1.5%CVE-2024-27311MEDIUMArbitrary file writingEPSS 1.5%CVE-2022-1034CRITICALThere is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in star7th/showdocEPSS 1.5%CVE-2024-51788CRITICALWordPress The Novel Design Store Directory plugin <= 4.3.0 - Arbitrary File Upload vulnerabilityEPSS 1.5%CVE-2024-37762CRITICALMachForm up to version 21 is affected by an authenticated unrestricted file upload which leads to a remote code execution.EPSS 1.5%CVE-2024-49668CRITICALWordPress Verbalize WP plugin <= 1.0 - Arbitrary File Upload vulnerabilityEPSS 1.5%CVE-2023-3342CRITICALUser Registration <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File UploadEPSS 1.5%CVE-2024-43656CRITICALA backup can be manipulated and then restored to create arbitrary files inside the <redacted> directory. A CGI script can be added to the web directory this way, allowing for full remote code execution.EPSS 1.5%CVE-2022-28700CRITICALWordPress GiveWP plugin <= 2.20.2 - Authenticated Arbitrary File Creation via Export function vulnerabilityEPSS 1.5%CVE-2025-55912HIGHAn issue in ClipBucket 5.5.0 and prior versions allows an unauthenticated attacker can exploit the plupload endpoint in photo_uploader.php tEPSS 1.4%CVE-2023-6316CRITICALMW WP Form <= 5.0.1 - Unauthenticated Arbitrary File UploadEPSS 1.4%CVE-2026-26975HIGHMusic Assistant Server Path Traversal in Playlist Update API Allows Remote Code ExecutionEPSS 1.4%CVE-2024-4345CRITICALStartklar Elementor Addons <= 1.7.13 - Unauthenticated Arbitrary File UploadEPSS 1.4%CVE-2021-24663—Simple School Staff Directory <= 1.1 - Admin+ Arbitrary File UploadEPSS 1.4%CVE-2023-48031CRITICALOpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the comment function, an attacker can bypass securEPSS 1.4%