Weaknesses of type CWE-434
2,804 resultsCVE-2025-41735HIGHPossible arbitrary file uploadEPSS 0.5%CVE-2024-25623HIGHLack of media type verification of Activity Streams objects allows impersonation of remote accountsEPSS 0.5%CVE-2024-34990CRITICALIn the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop, a customer caEPSS 0.5%CVE-2025-11318MEDIUMTipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 uploadWxFile.do unrestricted uploadEPSS 0.5%CVE-2025-12201MEDIUMajayrandhawa User-Management-PHP-MYSQL User Management edit-user.php unrestricted uploadEPSS 0.5%CVE-2024-8463CRITICALFile upload restriction bypass vulnerability in Job PortalEPSS 0.5%CVE-2025-5299MEDIUMSourceCodester Client Database Management System user_order_customer_update.php unrestricted uploadEPSS 0.5%CVE-2023-7054MEDIUMPHPGurukul Online Notes Sharing System add-notes.php unrestricted uploadEPSS 0.5%CVE-2024-0192MEDIUMRRJ Nueva Ecija Engineer Online Portal Add Downloadable downloadable.php unrestricted uploadEPSS 0.5%CVE-2024-11054MEDIUMSourceCodester Simple Music Cloud Community System ajax.php unrestricted uploadEPSS 0.5%CVE-2024-35746CRITICALWordPress BuddyPress Cover plugin <= 2.1.4.2 - Arbitrary File Upload vulnerabilityEPSS 0.5%CVE-2025-29093HIGHFile Upload vulnerability in Motivian Content Mangment System v.41.0.0 allows a remote attacker to execute arbitrary code via the Content/GaEPSS 0.5%CVE-2026-29859CRITICALAn arbitrary file upload vulnerability in aaPanel v7.57.0 allows attackers to execute arbitrary code via uploading a crafted file.EPSS 0.5%CVE-2024-42523HIGHpubliccms V4.0.202302.e and before is vulnerable to Any File Upload via publiccms/admin/cmsTemplate/saveMetaDataEPSS 0.5%CVE-2025-12181HIGHContentStudio <= 1.3.7 - Authenticated (Author+) Arbitrary File UploadEPSS 0.5%CVE-2024-49652CRITICALWordPress 3D Work In Progress plugin <= 1.0.3 - Arbitrary File Upload vulnerabilityEPSS 0.5%CVE-2026-10071CRITICALInterinfo|DreamMaker - Arbitrary File UploadEPSS 0.5%CVE-2024-49671CRITICALWordPress AI Postpix plugin <= 1.1.8 - Arbitrary File Upload vulnerabilityEPSS 0.5%CVE-2025-15228CRITICALWELLTEND TECHNOLOGY| BPMFlowWebkit - Arbitrary File UploadEPSS 0.5%CVE-2025-15226CRITICALSunnet|WMPro - Arbitrary File UploadEPSS 0.5%