Weaknesses of type CWE-434
2,795 resultsCVE-2021-33009HIGHmySCADA myPRO Unrestricted Upload of File with Dangerous TypeEPSS 1.1%CVE-2022-31366HIGHAn arbitrary file upload vulnerability in the apiImportLabs function in api_labs.php of EVE-NG 2.0.3-112 Community allows attackers to execuEPSS 1.1%CVE-2025-4336HIGHeMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Upload via set_file()EPSS 1.1%CVE-2025-55835CRITICALFile Upload vulnerability in SueamCMS v.0.1.2 allows a remote attacker to execute arbitrary code via the lack of filtering.EPSS 1.1%CVE-2022-38877HIGHGarage Management System v1.0 is vulnerable to Arbitrary code execution via ip/garage/php_action/editProductImage.php?id=1.EPSS 1.1%CVE-2023-47129HIGHStatamic CMS remote code execution via front-end form uploadsEPSS 1.1%CVE-2010-1433—Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-suEPSS 1.1%CVE-2020-19802CRITICALFile Upload vulnerability found in Milken DoyoCMS v.2.3 allows a remote attacker to execute arbitrary code via the upload file type parameteEPSS 1.1%CVE-2023-25132CRITICALUnrestricted upload of file with dangerous type vulnerability in CyberPower PowerPanel BusinessEPSS 1.1%CVE-2020-36842HIGHMigration, Backup, Staging – WPvivid <= 0.9.35 - Authenticated (Subscriber+) Arbitrary File UploadEPSS 1.1%CVE-2024-5441HIGHModern Events Calendar <= 7.11.0 - Authenticated (Subscriber+) Arbitrary File UploadEPSS 1.1%CVE-2024-33438HIGHFile Upload vulnerability in CubeCart before 6.5.5 allows an authenticated user to execute arbitrary code via a crafted .phar file.EPSS 1.1%CVE-2024-22060HIGHAn unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user tEPSS 1.1%CVE-2025-0394HIGHGroundhogg <= 3.7.3.5 - Authenticated (Author+) Arbitrary File Upload via gh_big_file_upload FunctionEPSS 1.1%CVE-2024-47946HIGHOS Command Execution through Arbitrary File UploadEPSS 1.1%CVE-2022-0263MEDIUMUnrestricted Upload of File with Dangerous Type in pimcore/pimcoreEPSS 1.1%CVE-2024-8066HIGHFile Manager Pro – Filester <= 1.8.6- Authenticated (Subscriber+) Arbitrary File UploadEPSS 1.1%CVE-2024-22641HIGHTCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted SVG file.EPSS 1.1%CVE-2022-3125—Frontend File Manager < 21.3 - Subscriber+ Arbitrary File UploadEPSS 1.1%CVE-2023-33569HIGHSourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via ip/eval/ajax.php?action=update_user.EPSS 1.1%