Falhas do tipo CWE-434

2.816 resultados
CVE-2026-2665MEDIUMhuanzi-qch base-admin JSP Parser SysFileController.java upload unrestricted uploadEPSS 0.3%CVE-2025-64759HIGHHomarr is Vulnerable to Stored Cross-Site Scripting (XSS) and Possible Privilege Escalation via Malicious SVG UploadEPSS 0.3%CVE-2025-64231CRITICALWordPress WordPress Contact Form 7 PDF, Google Sheet & Database plugin <= 3.0.0 - Arbitrary File Upload vulnerabilityEPSS 0.3%CVE-2025-59525HIGHHorilla has Improper Input Sanitization Leading to XSS and Admin Account TakeoverEPSS 0.3%CVE-2022-43283MEDIUMwasm2c v1.0.29 was discovered to contain an abort in CWriter::Write.EPSS 0.3%CVE-2025-27127MEDIUMA vulnerability has been identified in TIA Project-Server (All versions < V2.1.1), TIA Project-Server V17 (All versions), Totally IntegratedEPSS 0.3%CVE-2024-11390MEDIUMKibana Unrestricted Upload of File with Dangerous Type Can Lead to XSSEPSS 0.3%CVE-2025-13061MEDIUMitsourcecode Online Voting System index.php unrestricted uploadEPSS 0.3%CVE-2025-5873MEDIUMeCharge Hardy Barth Salia PLCC Web UI firmware.php unrestricted uploadEPSS 0.3%CVE-2026-7393MEDIUMSourceCodester Pizzafy Ecommerce System File Extension admin_class_novo.php save_menu unrestricted uploadEPSS 0.3%CVE-2025-40678MEDIUMUnrestricted upload vulnerability for dangerous file types on Summar Software´s Portal del EmpleadoEPSS 0.3%CVE-2025-4768MEDIUMfeng_ha_ha/megagao ssm-erp/production_ssm PictureServiceImpl.java uploadPicture unrestricted uploadEPSS 0.3%CVE-2026-42748CRITICALWordPress WPify Woo Czech plugin <= 5.4.1 - Arbitrary File Upload vulnerabilityEPSS 0.3%CVE-2025-65416MEDIUMdocuFORM Managed Print Service Client 11.11c is vulnerable to arbitrary file upload via pmupdate.php.EPSS 0.3%CVE-2025-55383HIGHMoss before v0.15 has a file upload vulnerability. The "upload" function configuration allows attackers to upload files of any extension to EPSS 0.3%CVE-2024-13708HIGHBooster for WooCommerce 4.0.1 - 7.2.4 - Unauthenticated Stored Cross-Site ScriptingEPSS 0.3%CVE-2025-31048CRITICALWordPress Shopo <= 1.1.4 - Arbitrary File Upload VulnerabilityEPSS 0.3%CVE-2025-11221CRITICALRemote Code Execution in GTONE ChangeFlowEPSS 0.3%CVE-2024-45263HIGHAn issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allowsEPSS 0.3%CVE-2025-65806MEDIUMThe E-POINT CMS eagle.gsam-1169.1 file upload feature improperly handles nested archive files. An attacker can upload a nested ZIP (a ZIP coEPSS 0.3%