Weaknesses of type CWE-434

2,800 results
CVE-2023-38029CRITICALSaho ADM100&ADM-100FP - Arbitrary File UploadEPSS 0.8%CVE-2021-24960WordPress File Upload < 4.16.3 - Contributor+ Stored Cross-Site Scripting via Malicious SVGEPSS 0.8%CVE-2024-25674CRITICALAn issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and EPSS 0.8%CVE-2024-1116HIGHopenBI Upload.php index unrestricted uploadEPSS 0.8%CVE-2023-52044CRITICALStudio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution (RCE) as there is no restriction for uploading files with the .php8 extensiEPSS 0.8%CVE-2024-22895HIGHDedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php.EPSS 0.8%CVE-2024-3705HIGHUnrestricted Upload of File with Dangerous Type vulnerability in OpenGnsysEPSS 0.8%CVE-2025-34506HIGHWBCE CMS 1.6.3 Authenticated Remote Code Execution via Module UploadEPSS 0.8%CVE-2026-35573CRITICALChurchCRM has a Path traversal leads to RCEEPSS 0.8%CVE-2024-8614CRITICALWP JobSearch <= 2.6.7 - Authenticated (Subscriber+) Arbitrary File UploadEPSS 0.8%CVE-2022-2046Directorist - Business Directory Plugin < 7.2.3 - Admin+ Arbitrary File UploadEPSS 0.8%CVE-2024-1034HIGHopenBI File.php uploadFile unrestricted uploadEPSS 0.8%CVE-2024-47169HIGHAgnai vulnerable to Remote Code Execution via JS Upload using Directory TraversalEPSS 0.8%CVE-2023-5795MEDIUMCodeAstro POS System Profile Picture profil unrestricted uploadEPSS 0.8%CVE-2023-4409MEDIUMNBS&HappySoftWeChat unrestricted uploadEPSS 0.8%CVE-2023-5829MEDIUMcode-projects Admission Management System student_avatar.php unrestricted uploadEPSS 0.8%CVE-2023-3806MEDIUMSourceCodester House Rental and Property Listing System btn_functions.php unrestricted uploadEPSS 0.8%CVE-2021-47757HIGHChikitsa Patient Management System 2.0.2 - 'plugin' Remote Code Execution (RCE) (Authenticated)EPSS 0.8%CVE-2024-29891HIGHZITADEL Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP BypassEPSS 0.8%CVE-2024-29368MEDIUMAn arbitrary file upload vulnerability in the file handling module of moziloCMS v2.0 allows attackers to bypass extension restrictions via fEPSS 0.8%