Weaknesses of type CWE-434
2,804 resultsCVE-2025-31002CRITICALWordPress Squeeze plugin <= 1.6 - Arbitrary File Upload vulnerabilityEPSS 0.6%CVE-2024-1262MEDIUMJuanpao JPShop API MaterialController.php actionUpdate unrestricted uploadEPSS 0.6%CVE-2024-0468MEDIUMcode-projects Fighting Cock Information System new-father.php unrestricted uploadEPSS 0.6%CVE-2024-1264MEDIUMJuanpao JPShop UploadsController.php actionUpdate unrestricted uploadEPSS 0.6%CVE-2024-1268MEDIUMCodeAstro Restaurant POS System update_product.php unrestricted uploadEPSS 0.6%CVE-2024-1260MEDIUMJuanpao JPShop API ComboController.php actionIndex unrestricted uploadEPSS 0.6%CVE-2024-5278MEDIUMUnrestricted File Upload leading to RCE in gaizhenbiao/chuanhuchatgptEPSS 0.6%CVE-2021-47937HIGHe107 CMS 2.3.0 Authenticated Remote Code Execution via Theme UploadEPSS 0.6%CVE-2026-28673HIGHxiaoheiFS Vulnerable to RCE via Unrestricted Plugin Installation (Manifest Manipulation)EPSS 0.6%CVE-2023-7212MEDIUMDeDeCMS Backend file_class.php unrestricted uploadEPSS 0.6%CVE-2025-70151HIGHcode-projects Scholars Tracking System 1.0 allows an authenticated attacker to achieve remote code execution via unrestricted file upload. TEPSS 0.6%CVE-2023-25402HIGHCleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. There is no restriction on the suffix of the uploaded file, resulting in any filEPSS 0.6%CVE-2025-40625CRITICALMultiple vulnerabilities in TCMAN's GIMEPSS 0.6%CVE-2025-9561HIGHAP Background 3.8.1 - 3.8.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload via advParallaxBackAdminSaveSlider FunctionEPSS 0.6%CVE-2024-7917MEDIUMDouPHP Favicon system.php unrestricted uploadEPSS 0.6%CVE-2025-32118CRITICALWordPress CMP – Coming Soon & Maintenance plugin <= 4.1.14 - Remote Code Execution (RCE) vulnerabilityEPSS 0.6%CVE-2024-43662MEDIUMAuthenticated arbitrary file upload to /tmp/ and /tmp/upload/EPSS 0.6%CVE-2023-36809HIGHKiwi TCMS's misconfigured HTTP headers allow stored XSS execution with FirefoxEPSS 0.6%CVE-2024-6945MEDIUMFlute CMS Avatar Upload Page ImagesController.php unrestricted uploadEPSS 0.6%CVE-2026-45053CRITICALCubeCart: Authenticated Arbitrary File Upload to RCE in REST Files APIEPSS 0.6%