Falhas do tipo CWE-434
2.824 resultadosCVE-2026-48945MEDIUMJoomla Extension - getk2.org - Privileged RCE vulnerability in K2 extension for Joomla < 2.26EPSS 0.2%CVE-2026-22707MEDIUMStrapi Upload Plugin MIME Validation Bypass via Content APIEPSS 0.2%CVE-2026-9374MEDIUMyangzongzhuan RuoYi-Vue Common Upload Endpoint upload FileUploadUtils.upload unrestricted uploadEPSS 0.2%CVE-2025-31979MEDIUMA File Upload Validation Bypass vulnerability has been identified in the HCL BigFix Service Management (SM)EPSS 0.2%CVE-2025-1725MEDIUMBit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File UploadsEPSS 0.2%CVE-2024-9648MEDIUMWP ULike Pro <= 1.9.3 - Unauthenticated Limited Arbitrary File UploadEPSS 0.2%CVE-2026-0496MEDIUMMultiple vulnerabilities in SAP Fiori App (Intercompany Balance Reconciliation)EPSS 0.2%CVE-2025-52546MEDIUMStored XSS by uploading a specially crafted floor plan fileEPSS 0.2%CVE-2025-32215MEDIUMWordPress Accessibility Suite plugin <= 4.18 - Arbitrary File Upload vulnerabilityEPSS 0.2%CVE-2018-25258HIGHRGui 3.5.0 Local Buffer Overflow SEH DEP BypassEPSS 0.2%CVE-2025-40808MEDIUMA vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CEPSS 0.2%CVE-2025-36183LOWPrivileged User File Upload Vulnerability Leading to Limited Server-Side Execution affects watsonx.dataEPSS 0.2%CVE-2022-0517HIGHMozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage thEPSS 0.2%CVE-2022-2791MEDIUMEmerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestricted Upload of File with Dangerous Type, EPSS 0.2%CVE-2024-34692LOW[CVE-2024-34692] Unrestricted File upload vulnerability in SAP Enable NowEPSS 0.2%CVE-2026-45315HIGHOpen WebUI: Stored XSS via attacker-controlled file extension in /api/v1/audio/transcriptionsEPSS 0.2%CVE-2025-24862LOWUnrestricted upload of file with dangerous type for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User ApplicEPSS 0.2%CVE-2025-55251LOWHCL AION is affected by an Unrestricted File Upload vulnerabilityEPSS 0.2%CVE-2026-42538MEDIUMIRIS has an Insecure File UploadEPSS 0.2%CVE-2026-46426HIGHBudibase: Unrestricted Upload of File with Dangerous TypeEPSS 0.2%