Weaknesses of type CWE-434
2,795 resultsCVE-2023-22851HIGHTiki before 24.2 allows lib/importer/tikiimporter_blog_wordpress.php PHP Object Injection by an admin because of an unserialize call.EPSS 1.0%CVE-2022-41406HIGHAn arbitrary file upload vulnerability in the /admin/admin_pic.php component of Church Management System v1.0 allows attackers to execute arEPSS 1.0%CVE-2022-2420HIGHURVE Web Manager uploader.php unrestricted uploadEPSS 1.0%CVE-2024-2690MEDIUMSourceCodester Online Discussion Forum Site uupdate.php unrestricted uploadEPSS 1.0%CVE-2024-37868HIGHFile Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "EPSS 1.0%CVE-2024-37869HIGHFile Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "EPSS 1.0%CVE-2025-9846CRITICALUnrestricted File Upload in TaletSys Inka.NetEPSS 1.0%CVE-2022-41539HIGHWedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /admin/users_add.php. This vulnerabilEPSS 1.0%CVE-2021-38471CRITICALAUVESY VersiondogEPSS 1.0%CVE-2017-20224CRITICALTelesquare SKT LTE Router SDT-CS3B1 WebDAV Arbitrary File UploadEPSS 1.0%CVE-2024-4349HIGHSourceCodester Pisay Online E-Learning System controller.php unrestricted uploadEPSS 1.0%CVE-2022-41504HIGHAn arbitrary file upload vulnerability in the component /php_action/editProductImage.php of Billing System Project v1.0 allows attackers to EPSS 1.0%CVE-2022-45009HIGHOnline Leave Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /leave_system/classes/SystemSettingsEPSS 1.0%CVE-2022-45039HIGHAn arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a craEPSS 1.0%CVE-2023-23135HIGHAn arbitrary file upload vulnerability in Ftdms v3.1.6 allows attackers to execute arbitrary code via uploading a crafted JPG file.EPSS 1.0%CVE-2024-0800HIGHAuthentication Bypass via wizardLogin in Arcserve Unified Data ProtectionEPSS 1.0%CVE-2024-50493CRITICALWordPress Automatic Translation plugin <= 1.0.4 - Arbitrary File Upload vulnerabilityEPSS 1.0%CVE-2024-50482CRITICALWordPress Woocommerce Product Design plugin <= 1.0.0 - Arbitrary File Upload vulnerabilityEPSS 1.0%CVE-2024-50473CRITICALWordPress Ajar in5 Embed plugin <= 3.1.3 - Arbitrary File Upload vulnerabilityEPSS 1.0%CVE-2023-29268CRITICALTIBCO Spotfire Statistics Services Unrestricted File Upload VulnerabilityEPSS 1.0%