Falhas do tipo CWE-434
2.802 resultadosCVE-2024-1818MEDIUMCodeAstro Membership Management System Logo unrestricted uploadEPSS 0.7%CVE-2024-1819MEDIUMCodeAstro Membership Management System Add Members Tab unrestricted uploadEPSS 0.7%CVE-2026-6960CRITICALBookingPress Pro <= 5.6 - Unauthenticated Arbitrary File Upload via Signature Custom FieldEPSS 0.7%CVE-2024-51364HIGHAn arbitrary file upload vulnerability in ModbusMechanic v3.0 allows attackers to execute arbitrary code via uploading a crafted .xml file.EPSS 0.7%CVE-2021-47753CRITICALphpKF CMS 3.00 Beta y6 - Remote Code Execution (RCE) (Unauthenticated)EPSS 0.7%CVE-2023-29631CRITICALPrestaShop jmsslider 1.6.0 is vulnerable to Incorrect Access Control via ajax_jmsslider.php.EPSS 0.7%CVE-2024-54214CRITICALWordPress Revy plugin <= 1.18 - Unauthenticated Arbitrary File Upload vulnerabilityEPSS 0.7%CVE-2019-25758HIGHJoomla! Component vBizz 1.0.7 Remote Code ExecutionEPSS 0.7%CVE-2024-0643CRITICALUnrestricted upload of dangerous file types in C21 Live Encoder and Live MosaicEPSS 0.7%CVE-2024-0648HIGHYunyou CMS Common.php unrestricted uploadEPSS 0.7%CVE-2024-29135CRITICALWordPress Tourfic plugin <= 2.11.15 - Arbitrary File Upload vulnerabilityEPSS 0.7%CVE-2025-13646HIGHModula 2.13.1 - 2.13.2 - Authenticated (Author+) Arbitrary File Upload via Race ConditionEPSS 0.7%CVE-2021-27771HIGHHCL Sametime is susceptible a file transfer service vulnerabilityEPSS 0.7%CVE-2023-25444CRITICALWordPress JS Help Desk – Best Help Desk & Support Plugin plugin <= 2.7.7 - Arbitrary File Upload vulnerabilityEPSS 0.7%CVE-2023-34136—Vulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a restricted location not controlled by the EPSS 0.7%CVE-2024-30510CRITICALWordPress Salon booking system plugin <= 9.5 - Arbitrary File Upload vulnerabilityEPSS 0.7%CVE-2026-1400HIGHAI Engine <= 3.3.2 - Authenticated (Editor+) Arbitrary File Upload via 'filename' Parameter in update_media_metadata EndpointEPSS 0.7%CVE-2024-40549HIGHAn arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlace of PublicCMS v4.0.202302.e allows attackers to execute EPSS 0.7%CVE-2024-40548HIGHAn arbitrary file upload vulnerability in the component /admin/cmsTemplate/save of PublicCMS v4.0.202302.e allows attackers to execute arbitEPSS 0.7%CVE-2025-63228CRITICALThe Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unauthenticated file upload vulnerability in the /EPSS 0.7%