Fallos del tipo CWE-434
2812 resultadosCVE-2025-1890MEDIUMshishuocms ManageUpLoadAction.java handleRequest unrestricted uploadEPSS 0.5%CVE-2026-14736MEDIUMRuijie RG-UAC user_auth_commit.php unrestricted uploadEPSS 0.5%CVE-2026-2164MEDIUMdetronetdip E-commerce addadhar.php unrestricted uploadEPSS 0.5%CVE-2022-39301HIGHsra-admin is vulnerable to storage cross-site scripting (XSS) via unrestricted file uploadEPSS 0.5%CVE-2025-65471HIGHAn arbitrary file upload vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arEPSS 0.4%CVE-2024-2334MEDIUMTemplate Kit – Import <= 1.0.14 - Authenticated(Author+) Stored Cross-Site Scripting via template uploadEPSS 0.4%CVE-2025-67164CRITICALAn authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arEPSS 0.4%CVE-2025-47559CRITICALWordPress MapSVG plugin < 8.7.4 - Arbitrary File Upload vulnerabilityEPSS 0.4%CVE-2026-5411HIGHWP Captcha PRO <= 5.38 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File UploadEPSS 0.4%CVE-2025-52239CRITICALAn arbitrary file upload vulnerability in ZKEACMS v4.1 allows attackers to execute arbitrary code via a crafted file.EPSS 0.4%CVE-2024-1531HIGHA vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor couEPSS 0.4%CVE-2025-49071CRITICALWordPress Flozen < 1.5.1 - Arbitrary File Upload VulnerabilityEPSS 0.4%CVE-2024-31610MEDIUMFile Upload vulnerability in the function for employees to upload avatars in Code-Projects Simple School Management System v1.0 allows attacEPSS 0.4%CVE-2025-68553CRITICALWordPress Lendiz theme < 2.0.1 - Arbitrary File Upload vulnerabilityEPSS 0.4%CVE-2025-5131MEDIUMTmall Demo uploadCategoryImage unrestricted uploadEPSS 0.4%CVE-2024-39865HIGHA vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to uploEPSS 0.4%CVE-2025-32682CRITICALWordPress MapSVG Lite plugin <= 8.6.4 - Arbitrary File Upload VulnerabilityEPSS 0.4%CVE-2025-60218CRITICALWordPress PT Luxa Addons Plugin <= 1.2.2 - Arbitrary File Upload VulnerabilityEPSS 0.4%CVE-2025-6206HIGHAiomatic - AI Content Writer, Editor, ChatBot & AI Toolkit <= 2.5.0 - Authenticated (Subscriber+) Arbitrary File UploadEPSS 0.4%CVE-2026-9009HIGHCrawlomatic Multipage Scraper Post Generator <= 2.7.2 - Authenticated (Author+) Remote Code Execution via 'callback_raw' Shortcode AttributeEPSS 0.4%