Falhas do tipo CWE-434

2.800 resultados
CVE-2026-25510CRITICALCI4MS Vulnerable to Remote Code Execution (RCE) via Arbitrary File Creation and Save in File EditorEPSS 0.8%CVE-2024-46479CRITICALVenki Supravizio BPM through 18.0.1 was discovered to contain an arbitrary file upload vulnerability. An authenticated attacker may upload aEPSS 0.8%CVE-2025-10647HIGHEmbed PDF for WPForms <= 1.1.5 - Authenticated (Subscriber+) Arbitrary File UploadEPSS 0.8%CVE-2022-50916HIGHe107 CMS v3.2.1 - Upload restriction bypass (Authenticated [Admin])+ Server file overrideEPSS 0.8%CVE-2024-11018CRITICALGrand Vice info Webopac - Arbitrary File UploadEPSS 0.8%CVE-2020-19786HIGHFile upload vulnerability in CSKaza CSZ CMS v.1.2.2 fixed in v1.2.4 allows attacker to execute aritrary commands and code via crafted PHP fiEPSS 0.8%CVE-2024-12854HIGHGarden Gnome Package <= 2.3.0 - Authenticated (Author+) Arbitrary File UploadEPSS 0.8%CVE-2024-0185MEDIUMRRJ Nueva Ecija Engineer Online Portal Avatar dasboard_teacher.php unrestricted uploadEPSS 0.8%CVE-2022-47766HIGHPopojiCMS v2.0.1 backend plugin function has a file upload vulnerability.EPSS 0.8%CVE-2024-42780HIGHAn Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_genre" in Kashipara Music Management System v1.0. This aEPSS 0.8%CVE-2025-43946CRITICALTCPWave DDI 11.34P1C2 allows Remote Code Execution via Unrestricted File Upload (combined with Path Traversal).EPSS 0.8%CVE-2024-6110MEDIUMitsourcecode Magbanua Beach Resort Online Reservation System controller.php unrestricted uploadEPSS 0.8%CVE-2024-6115MEDIUMitsourcecode Simple Online Hotel Reservation System add_room.php unrestricted uploadEPSS 0.8%CVE-2024-3369MEDIUMcode-projects Car Rental add-vehicle.php unrestricted uploadEPSS 0.8%CVE-2024-6116MEDIUMitsourcecode Simple Online Hotel Reservation System edit_room.php unrestricted uploadEPSS 0.8%CVE-2023-27246HIGHAn arbitrary file upload vulnerability in the Virtual Disk of MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a cEPSS 0.8%CVE-2011-10041CRITICALUploadify <= 1.0 Unauthenticated Arbitrary File UploadEPSS 0.8%CVE-2024-33786CRITICALAn arbitrary file upload vulnerability in Zhongcheng Kexin Ticketing Management Platform 20.04 allows attackers to execute arbitrary code viEPSS 0.8%CVE-2024-32836CRITICALWordPress WP-Lister Lite for eBay plugin <= 3.5.11 - Arbitrary File Upload vulnerabilityEPSS 0.8%CVE-2025-2006HIGHInline Image Upload for BBPress <= 1.1.19 - Authenticated (Subscriber+) Arbitrary File UploadEPSS 0.8%