Weaknesses of type CWE-434
2,799 resultsCVE-2026-32756HIGHAdmidio: Unrestricted File Upload via CSRF Token Validation Bypass in Documents & Files ModuleEPSS 1.0%CVE-2022-40924HIGHZoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_animal" file of the "Animals"EPSS 1.0%CVE-2023-26968CRITICALIn Atrocore 1.5.25, the Create Import Feed option with glyphicon-glyphicon-paperclip function is vulnerable to Unauthenticated File upload.EPSS 1.0%CVE-2022-45476CRITICALTiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for downloadEPSS 1.0%CVE-2022-43146HIGHAn arbitrary file upload vulnerability in the image upload function of Canteen Management System v1.0 allows attackers to execute arbitrary EPSS 1.0%CVE-2022-34154HIGHWordPress Enable SVG, WebP & ICO Upload plugin <= 1.0.1 - Authenticated Arbitrary File Upload vulnerabilityEPSS 1.0%CVE-2022-42198HIGHIn Simple Exam Reviewer Management System v1.0 the User List function suffers from insecure file upload.EPSS 1.0%CVE-2026-6555CRITICALProSolution WP Client <= 2.0.0 - Unauthenticated Arbitrary File Upload via 'files'EPSS 1.0%CVE-2025-0520CRITICALShowDoc < 2.8.7 Unauthenticated File Upload Remote Code ExecutionEPSS 1.0%CVE-2024-4681MEDIUMCampcodes Legal Case Management System Setting general-setting unrestricted uploadEPSS 1.0%CVE-2025-11499CRITICALTablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent <= 1.1.32 - Unauthenticated Arbitrary File UploadEPSS 1.0%CVE-2021-27280HIGHOS Command injection vulnerability in mblog 3.5.0 allows attackers to execute arbitrary code via crafted theme when it gets selected.EPSS 1.0%CVE-2022-42201HIGHSimple Exam Reviewer Management System v1.0 is vulnerable to Insecure file upload.EPSS 1.0%CVE-2014-125113CRITICALDell/Quest KACE K1000 Unauthenticated File Upload RCEEPSS 1.0%CVE-2022-45968HIGHAlist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder (even a password protecEPSS 1.0%CVE-2023-6902MEDIUMcodelyfe Stupid Simple CMS upload.php unrestricted uploadEPSS 1.0%CVE-2022-43306HIGHThe d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code eEPSS 1.0%CVE-2023-1731HIGHImproper Input Validation in Meinberg LTOSEPSS 1.0%CVE-2024-6315HIGHBlox Page Builder <= 1.0.65 - Authenticated (Contributor+) Arbitrary File UploadEPSS 1.0%CVE-2023-53952HIGHDotclear 2.25.3 Authenticated Remote Code Execution via File UploadEPSS 1.0%