Falhas do tipo CWE-434

2.800 resultados
CVE-2025-9216HIGHStoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More <= 1.5.0 - Authenticated (Subscriber+) Arbitrary File UploadEPSS 0.8%CVE-2024-29859CRITICALIn MISP before 2.4.187, add_misp_export in app/Controller/EventsController.php does not properly check for a valid file upload.EPSS 0.8%CVE-2026-6692HIGHSlider Revolution 7.0.0 - 7.0.10 - Authenticated (Subscriber+) Arbitrary File Upload via _get_media_urlEPSS 0.8%CVE-2024-13091CRITICALWPBot Pro Wordpress Chatbot <= 13.5.4 - Unauthenticated Arbitrary File UploadEPSS 0.8%CVE-2023-33318CRITICALWordPress WooCommerce Follow-Up Emails Plugin <= 4.9.40 is vulnerable to Arbitrary File UploadEPSS 0.8%CVE-2020-37084HIGHSchool ERP Pro 1.0 Admin Profile Photo Upload Remote Code Execution VulnerabilityEPSS 0.8%CVE-2023-53980HIGHProjectSend r1605 Remote Code Execution via File Extension ManipulationEPSS 0.8%CVE-2024-40400HIGHAn arbitrary file upload vulnerability in the image upload function of Automad v2.0.0 allows attackers to execute arbitrary code via a craftEPSS 0.8%CVE-2024-3863CRITICALThe executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only affected Windows operating systems. OEPSS 0.8%CVE-2025-26350MEDIUMA CWE-434 "Unrestricted Upload of File with Dangerous Type" in the template file uploads in Q-Free MaxTime less than or equal to version 2.1EPSS 0.8%CVE-2024-10590HIGHOpt-In Downloads <= 4.07 - Authenticated (Subscriber+) Arbitrary File UploadEPSS 0.8%CVE-2021-24981Directorist – Business Directory Plugin < 7.0.6.2 - CSRF to Remote File UploadEPSS 0.8%CVE-2026-4883CRITICALPiotnet Forms <= 2.1.40 - Unauthenticated Arbitrary File Upload via Form File UploadEPSS 0.8%CVE-2023-23656CRITICALWordPress MainWP File Uploader Extension Plugin <= 4.1 - Unauthenticated Arbitrary File Upload VulnerabilityEPSS 0.8%CVE-2024-11661MEDIUMCodezips Free Exam Hall Seating Management System Profile Image profile.php unrestricted uploadEPSS 0.8%CVE-2021-35261CRITICALFile Upload Vulnerability in Yupoxion BearAdmin before commit 10176153528b0a914eb4d726e200fd506b73b075 allows attacker to execute arbitrary EPSS 0.8%CVE-2022-46493CRITICALDefault version of nbnbk was discovered to contain an arbitrary file upload vulnerability via the component /api/User/download_img.EPSS 0.8%CVE-2023-53921HIGHSitemagicCMS 4.4.3 Remote Code Execution via Unrestricted File UploadEPSS 0.8%CVE-2026-37748HIGHVisitor Management System 1.0 by sanjay1313 is vulnerable to Unrestricted File Upload in vms/php/admin_user_insert.php and vms/php/update_1.EPSS 0.8%CVE-2024-42991HIGHMCMS v5.4.1 has front-end file upload vulnerability which can lead to remote command execution.EPSS 0.8%