Weaknesses of type CWE-434
2,795 resultsCVE-2022-50939HIGHe107 CMS v3.2.1 - Upload Restriction Bypass with Path Traversal File OverrideEPSS 1.1%CVE-2022-36386CRITICALWordPress Import any XML or CSV File to WordPress plugin <= 3.6.7 - Authenticated Arbitrary Code Execution vulnerabilityEPSS 1.1%CVE-2021-3745HIGHUnrestricted Upload of File with Dangerous Type in flatcore/flatcore-cmsEPSS 1.1%CVE-2019-6839—A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6EPSS 1.1%CVE-2024-42676HIGHFile Upload vulnerability in Huizhi enterprise resource management system v.1.0 and before allows a remote attacker to execute arbitrary codEPSS 1.1%CVE-2023-42017HIGHIBM Planning Analytics file uploadEPSS 1.1%CVE-2022-42971CRITICALA CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uplEPSS 1.1%CVE-2023-24646CRITICALAn arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allows attackers to execute arbitraEPSS 1.1%CVE-2022-2418HIGHURVE Web Manager img_upload.php unrestricted uploadEPSS 1.1%CVE-2024-7770HIGHBit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.5.5 - Authenticated (Subscriber+) Arbitrary File UploadEPSS 1.1%CVE-2021-33698CRITICALSAP Business One, version - 10.0, allows an attacker with business authorization to upload any files (including script files) without the prEPSS 1.1%CVE-2012-10045CRITICALXODA 0.4.5 Arbitrary PHP File UploadEPSS 1.1%CVE-2012-10049CRITICALWebPageTest Arbitrary PHP File Upload RCEEPSS 1.1%CVE-2021-39222MEDIUMXSS in TalkEPSS 1.1%CVE-2024-3437MEDIUMSourceCodester Prison Management System Avatar add-admin.php unrestricted uploadEPSS 1.1%CVE-2023-31576HIGHAn arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript EPSS 1.1%CVE-2025-0357CRITICALWPBookit <= 1.6.9 - Unauthenticated Arbitrary File UploadEPSS 1.1%CVE-2026-5364HIGHDrag and Drop File Upload for Contact Form 7 <= 1.1.3 - Unauthenticated Arbitrary File Upload via sanitize_file_name BypassEPSS 1.1%CVE-2024-22824CRITICALAn issue in Timo v.2.0.3 allows a remote attacker to execute arbitrary code via the filetype restrictions in the UploadController.java compoEPSS 1.1%CVE-2022-39305CRITICALGin-vue-admin vulnerable to Unrestricted Upload of File with Dangerous TypeEPSS 1.1%