Weaknesses of type CWE-434
2,799 resultsCVE-2023-1797MEDIUMOTCMS unrestricted uploadEPSS 0.9%CVE-2021-23280HIGHArbitrary File uploadEPSS 0.9%CVE-2022-45527CRITICALFile upload vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows unauthorized attackers to directly upload malicEPSS 0.9%CVE-2025-1093CRITICALAIHub <= 1.3.7 - Unauthenticated Arbitrary File Upload in generate_imageEPSS 0.9%CVE-2022-0951HIGHFile Upload Restriction Bypass leading to Stored XSS Vulnerability in star7th/showdocEPSS 0.9%CVE-2024-4945MEDIUMSourceCodester Best Courier Management System view_parcel.php unrestricted uploadEPSS 0.9%CVE-2023-1433MEDIUMSourceCodester Gadget Works Online Ordering System Products unrestricted uploadEPSS 0.9%CVE-2025-4389CRITICALCrawlomatic Multipage Scraper Post Generator <= 2.6.8.1 - Unauthenticated Arbitrary File UploadEPSS 0.9%CVE-2021-47788HIGHWebsiteBaker 2.13.0 - Remote Code Execution (RCE) (Authenticated)EPSS 0.9%CVE-2022-40200CRITICALWordPress wpForo Forum plugin <= 2.0.9 - Auth. Arbitrary File Upload vulnerabilityEPSS 0.9%CVE-2024-5745MEDIUMitsourcecode Bakery Online Ordering System unrestricted uploadEPSS 0.9%CVE-2024-6373MEDIUMitsourcecode Online Food Ordering System addproduct.php unrestricted uploadEPSS 0.9%CVE-2026-40484CRITICALChurchCRM: Authenticated Remote Code Execution via Unrestricted PHP File Write in Database Restore FunctionEPSS 0.9%CVE-2026-6518HIGHCMP – Coming Soon & Maintenance Plugin by NiteoThemes <= 4.1.16 - Missing Authorization to Authenticated (Administrator+) Arbitrary File Upload and Remote Code ExecutionEPSS 0.9%CVE-2023-2738MEDIUMTongda OA GatewayController.php actionGetdata unrestricted uploadEPSS 0.9%CVE-2023-6133MEDIUMForminator <= 1.27.0 - Authenticated (Administrator+) Arbitrary File UploadEPSS 0.9%CVE-2023-1328MEDIUMGuizhou 115cms index unrestricted uploadEPSS 0.9%CVE-2021-34076HIGHFile Upload vulnerability in PHPOK 5.7.140 allows remote attackers to run arbitrary code and gain escalated privileges via crafted zip file EPSS 0.9%CVE-2022-42925CRITICALUnrestricted Upload of File with Dangerous Type in Forma LMSEPSS 0.9%CVE-2022-43436HIGHHWA JIUH DIGITAL TECHNOLOGY LTD. EasyTest - Arbitrary File UploadEPSS 0.9%