Fallos del tipo CWE-434
2812 resultadosCVE-2024-9278MEDIUMHuankeMao SCRM Administrator Backend WxkConfig.php upload_domain_verification_file unrestricted uploadEPSS 0.5%CVE-2026-22327CRITICALWordPress Restaurt theme <= 1.0.4 - Arbitrary File Upload vulnerabilityEPSS 0.5%CVE-2025-54447HIGHUnrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affEPSS 0.5%CVE-2025-3324MEDIUMgodcheese/code-projects Nimrod FileRestController.java unrestricted uploadEPSS 0.5%CVE-2025-46099HIGHIn Pluck CMS 4.7.20-dev, an authenticated attacker can upload or create a crafted PHP file under the albums module directory and access it vEPSS 0.5%CVE-2014-0468CRITICALVulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that
the users would have uploadEPSS 0.5%CVE-2025-39401CRITICALWordPress WPAMS plugin <= 44.0 (17-08-2023) - Arbitrary File Upload vulnerabilityEPSS 0.5%CVE-2022-2746MEDIUMSourceCodester Simple Online Book Store System Admin_ add.php unrestricted uploadEPSS 0.5%CVE-2025-23171HIGHThe Versa Director SD-WAN orchestration platform provides an option to upload various types of files. The Versa Director does not correctly EPSS 0.5%CVE-2025-46068HIGHAn issue in Automai Director v.25.2.0 allows a remote attacker to execute arbitrary code via the update mechanismEPSS 0.5%CVE-2023-40731MEDIUMA vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application allows users to upload arbitrary filEPSS 0.5%CVE-2025-22723CRITICALWordPress Barcode Scanner and Inventory manager plugin <= 1.6.7 - Arbitrary File Upload vulnerabilityEPSS 0.5%CVE-2022-42443LOWTrusteer for mobile file uploadEPSS 0.5%CVE-2024-53982HIGHArbitrary file download in Zoo-Project Echo ExampleEPSS 0.5%CVE-2025-65783CRITICALAn arbitrary file upload vulnerability in the /utils/uploadFile component of Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows attaEPSS 0.5%CVE-2024-9504HIGHBooking calendar, Appointment Booking System <= 3.2.15 - Unauthenticated Stored Cross-Site Scripting via SVG File UploadEPSS 0.5%CVE-2025-59710HIGHAn issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the loading a DLL file. EPSS 0.5%CVE-2024-41454MEDIUMAn arbitrary file upload vulnerability in the UI login page logo upload function of Process Maker pm4core-docker 4.1.21-RC7 allows attackersEPSS 0.5%CVE-2023-28814CRITICALSome versions of Hikvision's iSecure Center Product have an improper file upload control vulnerability. Due to the improper verification of EPSS 0.5%CVE-2023-30791HIGHPlane 0.7.1 - Insecure file uploadEPSS 0.5%