Fallos del tipo CWE-434

2805 resultados
CVE-2025-8120CRITICALRemote Code Execution via Unrestricted File Upload in PAD CMSEPSS 0.5%CVE-2025-57794CRITICALUnrestricted File Upload Vulnerability in Explorance BlueEPSS 0.5%CVE-2026-11419CRITICALPath Traversal in Altium Enterprise Server Vault UploadController Allows Arbitrary File WriteEPSS 0.5%CVE-2024-32809CRITICALWordPress ActiveDEMAND plugin <= 0.2.41 - Arbitrary File Upload vulnerabilityEPSS 0.5%CVE-2024-8164MEDIUMChengdu Everbrite Network Technology BeikeShop FileManagerController.php rename unrestricted uploadEPSS 0.5%CVE-2025-7917HIGHSimopro Technology|WinMatrix3 Web package - Arbitrary File UploadEPSS 0.5%CVE-2024-45076CRITICALIBM webMethods Integration code executionEPSS 0.5%CVE-2025-61417HIGHCross-Site Scripting (XSS) vulnerability exists in TastyIgniter 3.7.7, affecting the /admin/media_manager component. Attackers can upload a EPSS 0.5%CVE-2024-56829CRITICALHuang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a .asp filename in the fileName element of theEPSS 0.5%CVE-2024-8940CRITICALUnrestricted Upload of File with Dangerous Type vulnerability on ScriptcaseEPSS 0.5%CVE-2025-4413HIGHPixabay Images <= 3.4 - Authenticated (Author+) Arbitrary File UploadEPSS 0.5%CVE-2024-53619MEDIUMAn authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3 allows attackers to execute arbitrary code via uEPSS 0.5%CVE-2026-1565HIGHUser Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.2.8 - Authenticated (Author+) Arbitrary File UploadEPSS 0.5%CVE-2022-2872LOWUnrestricted Upload of File with Dangerous Type in octoprint/octoprintEPSS 0.5%CVE-2025-29009CRITICALWordPress Medical Prescription Attachment Plugin for WooCommerce <= 1.2.3 - Arbitrary File Upload VulnerabilityEPSS 0.5%CVE-2025-10907HIGHAuthenticated Arbitrary File Upload in Multiple WSO2 Products via SOAP Admin Services Leading to Remote Code ExecutionEPSS 0.5%CVE-2024-47259LOWGirishunawane, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi did not have a sufficient input valEPSS 0.5%CVE-2026-5524CRITICALDivi Form Builder <= 5.1.8 - Unauthenticated Arbitrary File Upload Leading to Remote Code Execution via 'acceptFileTypes' ParameterEPSS 0.5%CVE-2023-0257MEDIUMSourceCodester Online Food Ordering System Menu Form unrestricted uploadEPSS 0.5%CVE-2025-13689HIGHDataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environmentEPSS 0.5%