Fallos del tipo CWE-434

2809 resultados
CVE-2025-1388HIGHLearning Digital Orca HCM - Arbitrary File UploadEPSS 0.5%CVE-2024-10292MEDIUMZZCMS ChangeTable.php unrestricted uploadEPSS 0.5%CVE-2025-52239CRITICALAn arbitrary file upload vulnerability in ZKEACMS v4.1 allows attackers to execute arbitrary code via a crafted file.EPSS 0.5%CVE-2024-50530CRITICALWordPress Stars SMTP Mailer plugin <= 2.2.1 - Arbitrary File Upload vulnerabilityEPSS 0.5%CVE-2025-60500HIGHQDocs Smart School Management System 7.1 allows authenticated users with roles such as "accountant" or "admin" to bypass file type restrictiEPSS 0.5%CVE-2023-40460HIGHImproper input leads to DoSEPSS 0.5%CVE-2024-50529CRITICALWordPress Training – Courses plugin <= 2.0.1 - Arbitrary File Upload vulnerabilityEPSS 0.5%CVE-2024-48035CRITICALWordPress ACF Images Search And Insert plugin <= 1.1.4 - Arbitrary File Upload vulnerabilityEPSS 0.5%CVE-2024-48027CRITICALWordPress External featured image from bing plugin <= 1.0.2 - Remote Code Execution (RCE) vulnerabilityEPSS 0.5%CVE-2025-13066HIGHDemo Importer Plus <= 2.0.6 - Authenticated (Author+) Arbitrary File Upload via WXR Upload BypassEPSS 0.5%CVE-2026-3748MEDIUMBytedesk SVG File UploadRestController.java uploadFile unrestricted uploadEPSS 0.5%CVE-2024-48034CRITICALWordPress Creates 3D Flipbook, PDF Flipbook plugin <= 1.2 - Arbitrary File Upload vulnerabilityEPSS 0.5%CVE-2024-49260CRITICALWordPress Limb Gallery plugin <= 1.5.7 - Arbitrary File Upload vulnerabilityEPSS 0.5%CVE-2025-56515HIGHFile upload vulnerability in Fiora chat application 1.0.0 through user avatar upload functionality. The application fails to validate SVG fiEPSS 0.5%CVE-2025-7878MEDIUMMetasoft 美特软件 MetaCRM upload2.jsp unrestricted uploadEPSS 0.5%CVE-2025-12153HIGHFeatured Image via URL <= 0.1 - Authenticated (Contributor+) Arbitrary FIle UploadEPSS 0.5%CVE-2026-33582MEDIUMApache Answer: Uploading specially crafted TIFF files causes an Out-of-Memory errorEPSS 0.5%CVE-2025-12378MEDIUMcode-projects Simple Food Ordering System addproduct.php unrestricted uploadEPSS 0.5%CVE-2025-12301MEDIUMcode-projects Simple Food Ordering System editproduct.php unrestricted uploadEPSS 0.5%CVE-2024-47649CRITICALWordPress Iconize plugin <= 1.2.4 - Remote Code Execution (RCE) vulnerabilityEPSS 0.5%