Weaknesses of type CWE-434
2,795 resultsCVE-2023-22726HIGHUnrestricted file upload leading to privilege escalation in actEPSS 1.3%CVE-2023-35808HIGHAn issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. An Unrestricted File Upload vulnerability has been idenEPSS 1.3%CVE-2024-0783MEDIUMProject Worlds Online Admission System documents.php unrestricted uploadEPSS 1.2%CVE-2024-9920MEDIUMUnrestricted File Upload and Execution in parisneo/lollms-webuiEPSS 1.2%CVE-2019-17325—ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker to upload arbitrary local file via the ActiveX method in RexViewerCtrlEPSS 1.2%CVE-2025-3455HIGH1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File UploadEPSS 1.2%CVE-2024-3521MEDIUMByzoro Smart S80 Management Platform userattestation.php unrestricted uploadEPSS 1.2%CVE-2024-29387HIGHprojeqtor up to 11.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /view/print.php.EPSS 1.2%CVE-2024-28441CRITICALFile Upload vulnerability in magicflue v.7.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the messEPSS 1.2%CVE-2022-0403—Library File Manager < 5.2.3 - Subscriber+ Arbitrary File Creation/Upload/DeletionEPSS 1.2%CVE-2023-6219HIGHBookingPress <= 1.0.76 - Authenticated (Administrator+) Arbitrary File UploadEPSS 1.2%CVE-2023-1713HIGHBitrix24 Remote Command Execution (RCE) via Insecure Temporary File CreationEPSS 1.2%CVE-2022-40407HIGHA zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file.EPSS 1.2%CVE-2024-34555CRITICALWordPress Z-Downloads plugin <= 1.11.3 - Auth. Arbitrary File Upload vulnerabilityEPSS 1.2%CVE-2021-26634CRITICALMaxboard multiple vulnerabilitiesEPSS 1.2%CVE-2023-28409CRITICALUnrestricted upload of file with dangerous type exists in MW WP Form versions v4.4.2 and earlier, which may allow a remote unauthenticated aEPSS 1.2%CVE-2022-22375HIGHIBM Security Verify Privilege command executionEPSS 1.2%CVE-2025-3444MEDIUMLocal File InclusionEPSS 1.2%CVE-2024-1069HIGHContact Form Entries <= 1.3.2 - Authenticated (Administrator+) Arbitrary File UploadEPSS 1.2%CVE-2020-20588HIGHFile upload vulnerability in function upload in action/Core.class.php in zhimengzhe iBarn 1.5 allows remote attackers to run arbitrary code EPSS 1.2%