Fallos del tipo CWE-434
2795 resultadosCVE-2023-24610HIGHNOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo" upload feature. The client-side checks EPSS 2.1%CVE-2026-27636HIGHFreeScout: Missing .htaccess in Restricted File Extensions Allows Remote Code Execution on ApacheEPSS 2.1%CVE-2015-10144HIGHResponsive Thumbnail Slider < 1.0.1 - Authenticated (Subscriber+) Arbitrary File UploadEPSS 2.1%CVE-2021-34623CRITICALProfilePress 3.0 - 3.1.3 - Arbitrary File Upload in Image Uploader ComponentEPSS 2.1%CVE-2024-13869HIGHMigration, Backup, Staging – WPvivid <= 0.9.112 - Authenticated (Admin+) Arbitrary File Upload via wpvivid_upload_fileEPSS 2.1%CVE-2023-31903CRITICALGuppY CMS 6.00.10 is vulnerable to Unrestricted File Upload which allows remote attackers to execute arbitrary code by uploading a php file.EPSS 2.1%CVE-2020-26252HIGHLayout XML RCE Vulnerability in OpenMageEPSS 2.1%CVE-2021-44164CRITICALChain Sea Information Integration Co., Ltd ai chatbot system - Arbitrary File UploadEPSS 2.1%CVE-2023-32526—Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary fileEPSS 2.0%CVE-2023-32525—Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary fileEPSS 2.0%CVE-2025-3616HIGHGreenshift 11.4 - 11.4.5 - Authenticated (Subscriber+) Arbitrary File UploadEPSS 2.0%CVE-2023-29930HIGHAn issue was found in Genesys CIC Polycom phone provisioning TFTP Server all version allows a remote attacker to execute arbitrary code via EPSS 2.0%CVE-2021-32538CRITICALARTWARE CMS - Unrestricted Upload of FileEPSS 2.0%CVE-2023-46808CRITICALAn file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. SuccessEPSS 2.0%CVE-2023-27602CRITICALApache Linkis publicsercice module unrestricted upload of fileEPSS 2.0%CVE-2023-26852HIGHAn arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by upEPSS 2.0%CVE-2013-10043CRITICALAstium VOIP PBX <= 2.1 SQL Injection File Upload RCEEPSS 2.0%CVE-2021-41566CRITICALTad TadTools - Arbitrary File UploadEPSS 1.9%CVE-2023-33480HIGHRemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to EPSS 1.9%CVE-2025-3835CRITICALRemote Code ExecutionEPSS 1.9%