Weaknesses of type CWE-434
2,792 resultsCVE-2022-0687—Amelia < 1.0.46 - Manager+ RCEEPSS 1.4%CVE-2013-10066CRITICALKordil EDMS v2.2.60rc3 Unauthenticated Arbitrary File UploadEPSS 1.4%CVE-2022-42189HIGHEmlog Pro 1.6.0 plugins upload suffers from a remote code execution (RCE) vulnerability.EPSS 1.4%CVE-2024-43657CRITICALWhen uploading new firmware, a shell script inside a firmware file is executed during its processing. This can be used to craft a custom firmware file with a custom script with arbitrary code, which will then be executed on the charging station.EPSS 1.4%CVE-2021-25119—AGIL <= 1.0 - Admin+ Arbitrary File UploadEPSS 1.4%CVE-2022-1409—VikBooking Hotel Booking Engine & PMS < 1.5.8 - Admin+ PHP File UploadEPSS 1.4%CVE-2024-8525CRITICALAutomated Logic WebCTRL and Carrier i-Vu Unrestricted File UploadEPSS 1.4%CVE-2022-25277HIGHDrupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots froEPSS 1.4%CVE-2023-1728CRITICALUnrestricted Upload of File with Dangerous Type in Fernus LMSEPSS 1.4%CVE-2022-0440—Catch Themes Demo Import < 2.1.1 - Admin+ Remote Code ExecutionEPSS 1.4%CVE-2020-26286HIGHArbitary file uploadEPSS 1.4%CVE-2022-0242HIGHUnrestricted Upload of File with Dangerous Type in crater-invoice/craterEPSS 1.4%CVE-1999-0036HIGHIRIX login program with a nonzero LOCKOUT parameter allows creation or damage to files.EPSS 1.4%CVE-2023-33508CRITICALKramerAV VIA GO² < 4.0.1.1326 is vulnerable to unauthenticated file upload resulting in Remote Code Execution (RCE).EPSS 1.4%CVE-2024-22426HIGHDell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains an OS Command injection vulnerability. An unauthenticated remote attacker couEPSS 1.4%CVE-2023-6220HIGHPiotnet Forms <= 1.0.28 - Unauthenticated Arbitrary File UploadEPSS 1.4%CVE-2022-1939—Allow SVG Files < 1.1 - Admin+ Arbitrary File UploadEPSS 1.4%CVE-2024-54262CRITICALWordPress Import Export For WooCommerce plugin <= 1.6.2 - Arbitrary File Upload vulnerabilityEPSS 1.4%CVE-2025-66480CRITICALWildfire has Arbitrary File Upload via Directory Traversal in UploadFileActionEPSS 1.4%CVE-2012-10038CRITICALAuxilium RateMyPet Arbitrary File Upload RCEEPSS 1.4%