Weaknesses of type CWE-434
2,795 resultsCVE-2022-42037CRITICALThe d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdooEPSS 1.2%CVE-2022-41383CRITICALThe d8s-archives package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The bacEPSS 1.2%CVE-2022-42044CRITICALThe d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdooEPSS 1.2%CVE-2022-42039CRITICALThe d8s-lists package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoEPSS 1.2%CVE-2022-41382CRITICALThe d8s-json package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdooEPSS 1.2%CVE-2022-42038CRITICALThe d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. TheEPSS 1.2%CVE-2025-21624CRITICALClipBucket V5 Playlist Cover File Upload to Remote Code ExecutionEPSS 1.2%CVE-2024-24393CRITICALFile Upload vulnerability index.php in Pichome v.1.1.01 allows a remote attacker to execute arbitrary code via crafted POST request.EPSS 1.2%CVE-2024-10820CRITICALWooCommerce Upload Files <= 84.3 - Unauthenticated Arbitrary File UploadEPSS 1.2%CVE-2024-29515HIGHFile Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP fiEPSS 1.2%CVE-2024-11082CRITICALTumult Hype Animations <= 1.9.15 - Authenticated (Author+) Arbitrary File Upload via hypeanimations_panel FunctionEPSS 1.2%CVE-2021-27428CRITICALGE UR family Unrestricted Upload of File with Dangerous TypeEPSS 1.2%CVE-2021-26642HIGHXpressEngine file upload vulnerabilityEPSS 1.2%CVE-2024-1468HIGHAvada | Website Builder For WordPress & WooCommerce <= 7.11.4 - Authenticated (Contributor+) Arbitrary File UploadEPSS 1.2%CVE-2020-22151—Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests paramEPSS 1.2%CVE-2023-31505HIGHAn arbitrary file upload vulnerability in Schlix CMS v2.2.8-1, allows remote authenticated attackers to execute arbitrary code and obtain seEPSS 1.2%CVE-2022-47769CRITICALAn arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious fileEPSS 1.2%CVE-2025-6085HIGHMake Connector <= 1.5.10 - Authenticated (Administrator+) Arbitrary File UploadEPSS 1.2%CVE-2024-4809MEDIUMSourceCodester Open Source Clinic Management System setting.php unrestricted uploadEPSS 1.2%CVE-2024-31012CRITICALAn issue was discovered in SEMCMS v.4.8, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive informEPSS 1.2%