Weaknesses of type CWE-434

2,800 results
CVE-2023-0918MEDIUMcodeprojects Pharmacy Management System Avatar Image add.php unrestricted uploadEPSS 0.7%CVE-2026-54414CRITICALFileRise shared-folder upload path traversal allows arbitrary file write and admin takeoverEPSS 0.7%CVE-2024-4825CRITICALUnrestricted Upload of File with Dangerous Type vulnerability on Cockpit CMS from AgentejoEPSS 0.7%CVE-2021-34619HIGHCross-Site Request Forgery in WooCommerce Stock Manager WordPress PluginEPSS 0.7%CVE-2023-41788HIGHRemote Code Execution via File UploaderEPSS 0.7%CVE-2024-35527CRITICALAn arbitrary file upload vulnerability in /fileupload/upload.cfm in Daemon PTY Limited FarCry Core framework before 7.2.14 allows attackers EPSS 0.7%CVE-2022-34482HIGHAn attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contaEPSS 0.7%CVE-2022-1811CRITICALUnrestricted Upload of File with Dangerous Type in publify/publifyEPSS 0.7%CVE-2023-5796MEDIUMCodeAstro POS System Logo setting unrestricted uploadEPSS 0.7%CVE-2024-5145MEDIUMSourceCodester Vehicle Management System HTTP POST Request newdriver.php unrestricted uploadEPSS 0.7%CVE-2024-4923MEDIUMCodezips E-Commerce Site addproduct.php unrestricted uploadEPSS 0.7%CVE-2023-32628HIGH In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify thEPSS 0.7%CVE-2024-31615CRITICALThinkCMF 6.0.9 is vulnerable to File upload via UeditorController.php.EPSS 0.7%CVE-2023-26686CRITICALFile Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when custEPSS 0.7%CVE-2024-40425CRITICALFile Upload vulnerability in Nanjin Xingyuantu Technology Co Sparkshop (Spark Mall B2C Mall v.1.1.6 and before allows a remote attacker to eEPSS 0.7%CVE-2022-3575CRITICALFrauscher Sensortechnik Diagnostic System FDS102 for FAdC R2 and FAdCi R2 configuration upload vulnerabilityEPSS 0.7%CVE-2025-22133CRITICALWeGIA Allows Arbitrary File Upload with Remote Code Execution (RCE)EPSS 0.7%CVE-2026-35164HIGHBrave CMS Sffected by Unrestricted File Upload via CKEditor EndpointEPSS 0.7%CVE-2026-33435HIGHWeblate: Remote code execution during backup restorationEPSS 0.7%CVE-2024-28890MEDIUMForminator prior to 1.29.0 contains an unrestricted upload of file with dangerous type vulnerability. If this vulnerability is exploited, a EPSS 0.7%