Fallos del tipo CWE-434

2824 resultados
CVE-2025-4648HIGHA user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request.EPSS 0.2%CVE-2026-40487HIGHPostiz Has Unrestricted File Upload via MIME Type Spoofing that Leads to Stored XSSEPSS 0.2%CVE-2026-7673MEDIUMcrmeb_java Admin Upload UploadServiceImpl.java unrestricted uploadEPSS 0.2%CVE-2026-6650MEDIUMZ-BlogPHP ZBA File app_upload.php UnPack unrestricted uploadEPSS 0.2%CVE-2025-8764MEDIUMlinlinjava litemall upload unrestricted uploadEPSS 0.2%CVE-2026-46392HIGHHAX CMS PHP Has a Stored XSS via Case-Sensitivity Mismatch in HTML Upload ValidationEPSS 0.2%CVE-2026-4875MEDIUMitsourcecode Free Hotel Reservation System index.php unrestricted uploadEPSS 0.2%CVE-2025-42883LOWInsecure File Operations vulnerability in SAP NetWeaver Application Server for ABAP (Migration Workbench)EPSS 0.2%CVE-2022-45338HIGHAn arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact SynerEPSS 0.2%CVE-2026-1445MEDIUMiJason-Liu Books_Manager upload_bookCover.php unrestricted uploadEPSS 0.2%CVE-2026-24034MEDIUMHorilla has File Upload XSSEPSS 0.2%CVE-2024-55514MEDIUMA vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_sfmig.phEPSS 0.2%CVE-2026-39598HIGHWordPress Academy LMS Pro plugin < 3.5.2 - Arbitrary File Upload vulnerabilityEPSS 0.2%CVE-2026-4586MEDIUMCodePhiliaX Chat2DB JDBC Driver Upload JdbcDriverController.java upload unrestricted uploadEPSS 0.2%CVE-2024-35593MEDIUMAn arbitrary file upload vulnerability in the File preview function of Raingad IM v4.1.4 allows attackers to execute arbitrary code via uploEPSS 0.2%CVE-2022-27562MEDIUMHCL Domino Volt is affected by an unrestricted upload of a dangerous file typeEPSS 0.2%CVE-2022-42449MEDIUMHCL Domino Volt is affected by an unrestricted upload of a dangerous file typeEPSS 0.2%CVE-2026-11621MEDIUMDcat-Admin User Setting upload editorMDUpload unrestricted uploadEPSS 0.2%CVE-2026-7133MEDIUMcode-projects Online Lot Reservation System activity.php unrestricted uploadEPSS 0.2%CVE-2022-44760MEDIUMHCL Leap is affected by an unrestricted upload of file with dangerous type vulnerabilityEPSS 0.2%