Weaknesses of type CWE-434
2,786 resultsCVE-2021-39352HIGHCatch Themes Demo Import <= 1.7 Admin+ Arbitrary File UploadEPSS 56.6%CVE-2024-24809HIGHTraccar vulnerable to Path Traversal: 'dir/../../filename' and Unrestricted Upload of File with Dangerous TypeEPSS 54.4%CVE-2026-0740CRITICALNinja Forms - File Upload <= 3.3.26 - Unauthenticated Arbitrary File UploadEPSS 54.3%CVE-2023-6187HIGHPaid Memberships Pro <= 2.12.3 - Authenticated (Subscriber+) Arbitrary File UploadEPSS 51.5%CVE-2024-5084CRITICALHash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated Arbitrary File Upload to Remote Code ExecutionEPSS 50.9%CVE-2025-26319CRITICALFlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments.EPSS 50.8%CVE-2025-61678HIGHFreePBX Endpoint Manager vulnerable to authenticated arbitrary file upload via fwbrand parameterEPSS 50.2%CVE-2026-2701CRITICALRCE vulnerability in Progress ShareFile Storage Zones Controller (SZC)EPSS 48.8%CVE-2021-24370—Fancy Product Designer < 4.6.9 - Unauthenticated Arbitrary File Upload and RCEEPSS 47.1%CVE-2024-44849CRITICALQualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php.EPSS 46.3%CVE-2024-48760CRITICALAn issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacker can upload a malicEPSS 45.1%CVE-2025-64095CRITICALDNN Insufficient Access Control - Image Upload allows for Site Content OverwriteEPSS 44.7%CVE-2022-3552HIGHUnrestricted Upload of File with Dangerous Type in boxbilling/boxbillingEPSS 44.0%CVE-2024-0939MEDIUMByzoro Smart S210 Management Platform uploadfile.php unrestricted uploadEPSS 43.8%CVE-2024-42640CRITICALangular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerabiEPSS 43.7%CVE-2021-24284—Kaswara Modern VC Addons <= 3.0.1 - Unauthenticated Arbitrary File UploadEPSS 42.1%CVE-2021-27860CRITICALArbitrary file upload vulnerability in FatPipe softwareEPSS 39.8%KEVCVE-2022-0888CRITICALNinja Forms - File Uploads Extension <= 3.3.0 - Arbitrary File UploadEPSS 39.4%CVE-2021-26828HIGHOpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP fEPSS 39.4%KEVCVE-2022-46020CRITICALWBCE CMS v1.5.4 can implement getshell by modifying the upload file type.EPSS 39.0%