Falhas do tipo CWE-434
2.804 resultadosCVE-2024-25636HIGHLack of media type verification of Activity Streams objects allows impersonation and takeover of remote accountsEPSS 0.7%CVE-2021-4443CRITICALWordPress Mega Menu <= 2.0.6 - Arbitrary File CreationEPSS 0.7%CVE-2026-2269HIGHUncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 7.0.0.3 - Authenticated (Administrator+) Server-Side Request Forgery to Arbitrary File UploadEPSS 0.7%CVE-2024-46088CRITICALAn arbitrary file upload vulnerability in the ProductAction.entphone interface of Zhejiang University Entersoft Customer Resource ManagementEPSS 0.7%CVE-2024-24025CRITICALAn arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload(). EPSS 0.7%CVE-2024-24024CRITICALAn arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownEPSS 0.7%CVE-2019-25714CRITICALSeeyon Office Anywhere (OA) A8 Unauthenticated Arbitrary File Write via htmlofficeservletEPSS 0.7%CVE-2026-4882CRITICALUser Registration Advanced Fields <= 1.6.20 - Unauthenticated Arbitrary File UploadEPSS 0.7%CVE-2023-31231CRITICALWordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.65 is vulnerable to Arbitrary File UploadEPSS 0.7%CVE-2024-40394CRITICALSimple Library Management System Project Using PHP/MySQL v1.0 was discovered to contain an arbitrary file upload vulnerability via the compoEPSS 0.7%CVE-2024-7329MEDIUMYouDianCMS image_upload.php unrestricted uploadEPSS 0.7%CVE-2026-1756HIGHWP FOFT Loader <= 2.1.39 - Authenticated (Author+) Arbitrary File UploadEPSS 0.7%CVE-2023-45188MEDIUMIBM Engineering Lifecycle Optimization Publishing file uploadEPSS 0.7%CVE-2024-32514CRITICALWordPress WP Poll Maker plugin <= 3.4 - Authenticated Arbitrary File Upload vulnerabilityEPSS 0.7%CVE-2025-1555MEDIUMhzmanyun Education and Training System saveImage unrestricted uploadEPSS 0.7%CVE-2025-25361CRITICALAn arbitrary file upload vulnerability in the component /cms/CmsWebFileAdminController.java of PublicCMS v4.0.202406 allows attackers to exeEPSS 0.6%CVE-2025-26411HIGHAuthenticated Arbitrary Python File Upload via Plugin ManagerEPSS 0.6%CVE-2025-0702MEDIUMJoeyBling bootplus SysFileController.java unrestricted uploadEPSS 0.6%CVE-2024-10994MEDIUMCodezips Online Institute Management System edit_user.php unrestricted uploadEPSS 0.6%CVE-2023-49814CRITICALWordPress Symbiostock Lite Plugin <= 6.0.0 is vulnerable to Arbitrary File UploadEPSS 0.6%