Weaknesses of type CWE-434
2,801 resultsCVE-2024-2890CRITICALWordPress Tumult Hype Animations plugin <= 1.9.12 - Arbitrary File Upload vulnerabilityEPSS 0.7%CVE-2024-27283HIGHA vulnerability was discovered in Veritas eDiscovery Platform before 10.2.5. The application administrator can upload potentially malicious EPSS 0.7%CVE-2024-13882HIGHAiomatic - AI Content Writer, Editor, ChatBot & AI Toolkit <= 2.3.8 - Missing Authorization to Authenticated (Contributor+) Arbitrary File UploadEPSS 0.7%CVE-2012-10064CRITICALOmni Secure Files < 0.1.14 Unauthenticated Arbitrary File UploadEPSS 0.7%CVE-2024-8166MEDIUMRuijie EG2000K index.php unrestricted uploadEPSS 0.7%CVE-2026-26984HIGHLORIS media module vulnerable to remote code executionEPSS 0.7%CVE-2025-13590CRITICALAuthenticated arbitrary file upload via a System REST API requiring administrator permission.EPSS 0.7%CVE-2024-6439MEDIUMSourceCodester Home Owners Collection Management System unrestricted uploadEPSS 0.7%CVE-2026-3533HIGHJupiterX Core <= 4.14.1 - Authenticated (Subscriber+) Missing Authorization To Limited File Upload via Popup Template ImportEPSS 0.7%CVE-2024-55078CRITICALAn arbitrary file upload vulnerability in the component /adminUser/updateImg of WukongCRM-11.0-JAVA v11.3.3 allows attackers to execute arbiEPSS 0.7%CVE-2025-12352CRITICALGravity Forms <= 2.9.20 - Unauthenticated Arbitrary File Upload via 'copy_post_image'EPSS 0.7%CVE-2024-7500MEDIUMitsourcecode Airline Reservation System admin_class.php save_settings unrestricted uploadEPSS 0.7%CVE-2025-44139HIGHEmlog Pro V2.5.7 is vulnerable to Unrestricted Upload of File with Dangerous Type via /emlog/admin/plugin.php?action=upload_zipEPSS 0.7%CVE-2024-58349CRITICALWordPress Theme Travelscape 1.0.3 Arbitrary File UploadEPSS 0.7%CVE-2024-4921MEDIUMSourceCodester Employee and Visitor Gate Pass Logging System unrestricted uploadEPSS 0.7%CVE-2024-29661CRITICALA File Upload vulnerability in DedeCMS v5.7 allows a local attacker to execute arbitrary code via a crafted payload.EPSS 0.7%CVE-2025-66449HIGHConvertX has Path Traversal that leads to Arbitrary File Write and Arbitrary Code ExecutionEPSS 0.7%CVE-2024-12951MEDIUM1000 Projects Portfolio Management System MCA add_personal_details.php unrestricted uploadEPSS 0.7%CVE-2026-28502CRITICALWWBN AVideo: Authenticated Remote Code Execution via Unsafe Plugin ZIP ExtractionEPSS 0.7%CVE-2024-4946MEDIUMSourceCodester Online Art Gallery Management System adminHome.php unrestricted uploadEPSS 0.7%