Fallos del tipo CWE-434

2804 resultados
CVE-2023-6091HIGHWordPress Theme Editor plugin <= 2.7.1 - Arbitrary File Upload vulnerabilityEPSS 0.6%CVE-2024-27951CRITICALWordPress Multiple Page Generator Plugin <= 3.4.0 - Auth. Remote Code Execution (RCE) vulnerabilityEPSS 0.6%CVE-2025-12138HIGHURL Image Importer <= 1.0.6 - Authenticated (Author+) Arbitrary File UploadEPSS 0.6%CVE-2024-10161MEDIUMPHPGurukul Boat Booking System Update Boat Image Page change-image.php unrestricted uploadEPSS 0.6%CVE-2021-47888HIGHTextpattern 4.8.3 - Remote code executionEPSS 0.6%CVE-2025-46616CRITICALQuantum StorNext Web GUI API before 7.2.4 allows potential Arbitrary Remote Code Execution (RCE) via upload of a file. This affects StorNextEPSS 0.6%CVE-2020-37023HIGHKoken CMS 0.22.24 - Arbitrary File UploadEPSS 0.6%CVE-2024-13744HIGHBooster for WooCommerce 4.0.1 - 7.2.4 - Unauthenticated Arbitrary File UploadEPSS 0.6%CVE-2025-13156HIGHVitepos – Point of Sale (POS) for WooCommerce <= 3.3.0 - Authenticated (Subscriber+) Arbitrary File Upload to Remote Code ExecutionEPSS 0.6%CVE-2024-37555CRITICALWordPress Generate PDF using Contact Form 7 plugin <= 4.1.2 - CSRF to Arbitrary File Upload vulnerabilityEPSS 0.6%CVE-2023-50729HIGHAn unrestricted file upload vulnerability in traccar leads to RCEEPSS 0.6%CVE-2023-7147MEDIUMgopeak MasterLab User.php base64ImageContent unrestricted uploadEPSS 0.6%CVE-2025-11889HIGHAIO Forms <= 1.3.18 - Authenticated (Admin+) Arbitrary File Upload via Zip ImportEPSS 0.6%CVE-2022-45377MEDIUMWordPress Drag and Drop Multiple File Upload for WooCommerce Plugin <= 1.0.8 is vulnerable to Multiple VulnerabilitiesEPSS 0.6%CVE-2011-10004MEDIUMreciply Plugin uploadImage.php unrestricted uploadEPSS 0.6%CVE-2024-40071CRITICALSourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/SystEPSS 0.6%CVE-2025-12957HIGHAll-in-One Video Gallery <= 4.5.7 - Authenticated (Author+) Arbitrary File Upload via VTT Upload BypassEPSS 0.6%CVE-2025-30131CRITICALAn issue was discovered on IROAD Dashcam FX2 devices. An unauthenticated file upload endpoint can be leveraged to execute arbitrary commandsEPSS 0.6%CVE-2024-9816MEDIUMCodezips Tourist Management System change-image.php unrestricted uploadEPSS 0.6%CVE-2024-9904MEDIUM07FLYCMS/07FLY-CMS/07FlyCRM pictureUpload unrestricted uploadEPSS 0.6%