Weaknesses of type CWE-434

2,799 results
CVE-2024-40125CRITICALAn arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execuEPSS 0.9%CVE-2023-2424MEDIUMDedeCMS config.php UpDateMemberModCache unrestricted uploadEPSS 0.9%CVE-2025-10147CRITICALPodlove Podcast Publisher <= 4.2.6 - Unauthenticated Arbitrary File UploadEPSS 0.9%CVE-2024-36415CRITICALSuiteCRM Improper Control of Filename for Include Statement in PHP and Unrestricted Upload of File with Dangerous content leads to authenticated remote code executionEPSS 0.9%CVE-2023-41506CRITICALAn arbitrary file upload vulnerability in the Update/Edit Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackEPSS 0.9%CVE-2024-13448CRITICALThemeREX Addons <= 2.32.3 - Unauthenticated Arbitrary File Upload in trx_addons_uploads_save_dataEPSS 0.9%CVE-2024-37847CRITICALAn arbitrary file upload vulnerability in MangoOS before 5.1.4 and Mango API before 4.5.5 allows attackers to execute arbitrary code via a cEPSS 0.9%CVE-2024-13333HIGHAdvanced File Manager 5.2.12 - 5.2.13 - Authenticated (Subscriber+) Arbitrary File UploadEPSS 0.9%CVE-2025-10041CRITICALFlex QR Code Generator <= 1.2.5 - Unauthenticated Arbitrary File UploadEPSS 0.9%CVE-2023-39970Extension - acymailing.com - RCE in AcyMailing component for Joomla 6.7.0-8.5.0EPSS 0.9%CVE-2015-0796MEDIUMopen build service source server symlink exploitation via source patchEPSS 0.9%CVE-2023-0783MEDIUMEcShop PHP File template.php unrestricted uploadEPSS 0.9%CVE-2021-38397CRITICALHoneywell Experion PKS and ACE Controllers Unrestricted Upload of File with Dangerous TypeEPSS 0.9%CVE-2024-4966MEDIUMSourceCodester SchoolWebTech home.php unrestricted uploadEPSS 0.9%CVE-2024-48454HIGHAn issue in SourceCodester Purchase Order Management System v1.0 allows a remote attacker to execute arbitrary code via the /admin?page=userEPSS 0.9%CVE-2024-6084MEDIUMitsourcecode Pool of Bethesda Online Reservation System uploadImage unrestricted uploadEPSS 0.9%CVE-2023-53933HIGHSerendipity 2.4.0 Authenticated Remote Code Execution via File UploadEPSS 0.9%CVE-2023-1797MEDIUMOTCMS unrestricted uploadEPSS 0.9%CVE-2023-1479MEDIUMSourceCodester Simple Music Player save_music.php unrestricted uploadEPSS 0.9%CVE-2024-13714HIGHAll-Images.ai – IA Image Bank and Custom Image creation <= 1.0.4 - Authenticated (Subscriber+) Arbitrary File UploadEPSS 0.9%