Falhas do tipo CWE-434

2.816 resultados
CVE-2026-22789MEDIUMWebErpMesv2 has a File Upload Validation Bypass Leading to RCEEPSS 0.2%CVE-2025-61181MEDIUMdaicuocms V1.3.13 contains an arbitrary file upload vulnerability in the image upload feature.EPSS 0.2%CVE-2026-33273MEDIUMUnrestricted upload of file with dangerous type issue exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is exploited, an arbEPSS 0.2%CVE-2026-23499HIGHSaleor vulnerable to stored XSS via Unrestricted File UploadEPSS 0.2%CVE-2026-7238MEDIUMcode-projects Online Music Site AdminUpdateAlbum.php unrestricted uploadEPSS 0.2%CVE-2025-61681MEDIUMKuno is Vulnerable to Stored XSS Attack via SVG File UploadEPSS 0.2%CVE-2021-35485HIGHThe Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload sEPSS 0.2%CVE-2025-55135MEDIUMIn Agora Foundation Agora fall23-Alpha1 before 690ce56, there is XSS via a profile picture to server/controller/userController.js. Formats oEPSS 0.2%CVE-2026-7696MEDIUMAcrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform uploadH5Files unrestricted uploadEPSS 0.2%CVE-2026-40487HIGHPostiz Has Unrestricted File Upload via MIME Type Spoofing that Leads to Stored XSSEPSS 0.2%CVE-2023-39538HIGHFailure when uploading a Logo image fileEPSS 0.2%CVE-2026-1126MEDIUMlwj flow SVG File FormResource.java uploadFile unrestricted uploadEPSS 0.2%CVE-2025-4648HIGHA user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request.EPSS 0.2%CVE-2026-7673MEDIUMcrmeb_java Admin Upload UploadServiceImpl.java unrestricted uploadEPSS 0.2%CVE-2026-1445MEDIUMiJason-Liu Books_Manager upload_bookCover.php unrestricted uploadEPSS 0.2%CVE-2025-8764MEDIUMlinlinjava litemall upload unrestricted uploadEPSS 0.2%CVE-2026-46392HIGHHAX CMS PHP Has a Stored XSS via Case-Sensitivity Mismatch in HTML Upload ValidationEPSS 0.2%CVE-2022-45338HIGHAn arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact SynerEPSS 0.2%CVE-2026-4875MEDIUMitsourcecode Free Hotel Reservation System index.php unrestricted uploadEPSS 0.2%CVE-2025-42883LOWInsecure File Operations vulnerability in SAP NetWeaver Application Server for ABAP (Migration Workbench)EPSS 0.2%