Fallos del tipo CWE-434
2786 resultadosCVE-2024-7855HIGHWP Hotel Booking <= 2.1.2 - Authenticated (Subscriber+) Arbitrary File UploadEPSS 15.0%CVE-2025-48148CRITICALWordPress StoreKeeper for WooCommerce Plugin <= 14.4.4 - Arbitrary File Upload VulnerabilityEPSS 14.9%CVE-2021-21347MEDIUMXStream is vulnerable to an Arbitrary Code Execution attackEPSS 14.7%CVE-2024-56064CRITICALWordPress WP SuperBackup plugin <= 2.3.3 - Unauthenticated Arbitrary File Upload vulnerabilityEPSS 14.5%CVE-2021-39146HIGHXStream is vulnerable to an Arbitrary Code Execution attackEPSS 14.4%CVE-2025-34040CRITICALSeeyon Zhiyuan OA System Path Traversal File UploadEPSS 14.4%CVE-2022-1103—Advanced Uploader <= 4.2 - Subscriber+ Arbitrary File UploadEPSS 14.3%CVE-2017-11154—Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attaEPSS 14.2%CVE-2022-45359CRITICALWordPress YITH WooCommerce Gift Cards Premium Plugin <= 3.19.0 is vulnerable to Arbitrary File UploadEPSS 13.5%CVE-2025-9872HIGHInsufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker toEPSS 13.5%CVE-2024-10392CRITICALAI Power: Complete AI Pack <= 1.8.89 - Unauthenticated Arbitrary File UploadEPSS 13.1%CVE-2024-8232HIGHiniNet Solutions SpiderControl SCADA Web Server Unrestricted Upload of File with Dangerous TypeEPSS 13.1%CVE-2024-25832HIGHF-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could allow an authenticated malicious actor to upload a file of danEPSS 12.8%CVE-2022-2419HIGHURVE Web Manager upload.php unrestricted uploadEPSS 12.8%CVE-2023-4596CRITICALForminator <= 1.24.6 - Unauthenticated Arbitrary File UploadEPSS 12.7%CVE-2020-36847CRITICALSimple File List < 4.2.3 - Remote Code ExecutionEPSS 12.6%CVE-2013-1916—In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on thEPSS 12.1%CVE-2024-55417MEDIUMDevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /aEPSS 11.8%CVE-2025-40599CRITICALAn authenticated arbitrary file upload vulnerability exists in the SMA 100 series web management interface. A remote attacker with administrEPSS 11.6%CVE-2025-3914HIGHAeropage Sync for Airtable <= 3.2.0 - Authenticated (Subscriber+) Arbitrary File UploadEPSS 11.4%