Falhas do tipo CWE-434
2.804 resultadosCVE-2025-65897HIGHzdh_web is a data collection, processing, monitoring, scheduling, and management platform. In zdh_web thru 5.6.17, insufficient validation oEPSS 0.6%CVE-2023-49814CRITICALWordPress Symbiostock Lite Plugin <= 6.0.0 is vulnerable to Arbitrary File UploadEPSS 0.6%CVE-2023-41357HIGHGalaxy Software Services Vitals ESP - Arbitrary File UploadEPSS 0.6%CVE-2023-34207CRITICALUnrestricted Upload of File with Dangerous Type in EasyUse MailHunter UltimateEPSS 0.6%CVE-2025-54944MEDIUMSUNNET Corporate Training Management System - Unrestricted Upload of File with Dangerous TypeEPSS 0.6%CVE-2023-5034MEDIUMSourceCodester My Food Recipe Image Upload index.php unrestricted uploadEPSS 0.6%CVE-2023-22890HIGHSmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, caEPSS 0.6%CVE-2024-29100CRITICALWordPress AI Engine plugin <= 2.1.4 - Arbitrary File Upload vulnerabilityEPSS 0.6%CVE-2024-57668HIGHIn Code-projects Shopping Portal v1.0, the insert-product.php page has an arbitrary file upload vulnerability.EPSS 0.6%CVE-2023-31215CRITICALWordPress Dropshipping & Affiliation with Amazon Plugin <= 2.1.2 is vulnerable to Arbitrary File UploadEPSS 0.6%CVE-2024-8342MEDIUMSourceCodester Petshop Management System add_client.php unrestricted uploadEPSS 0.6%CVE-2025-5395HIGHWordPress Automatic Plugin - AI content generator and auto poster plugin <= 3.115.0 - Authenticated (Author+) Arbitrary File UploadEPSS 0.6%CVE-2024-30500CRITICALWordPress CubeWP plugin <= 1.1.12 - Arbitrary File Upload vulnerabilityEPSS 0.6%CVE-2024-25909CRITICALWordPress WP Media folder Plugin <= 5.7.2 is vulnerable to Arbitrary File UploadEPSS 0.6%CVE-2025-6057HIGHWPBookit <= 1.0.4 - Authenticated (Subscriber+) Arbitrary File UploadEPSS 0.6%CVE-2025-11456CRITICALELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Unauthenticated Arbitrary File UploadEPSS 0.6%CVE-2025-46001CRITICALAn arbitrary file upload vulnerability in the is_allowed_file_type() function of Filemanager v2.3.0 allows attackers to execute arbitrary coEPSS 0.6%CVE-2024-3778HIGHAi3 QbiBot - Unrestricted File UploadEPSS 0.6%CVE-2025-7443HIGHBerqWP <= 2.2.42 - Unauthenticated Arbitrary File UploadEPSS 0.6%CVE-2024-24000CRITICALjshERP v3.3 is vulnerable to Arbitrary File Upload. The jshERP-boot/systemConfig/upload interface does not check the uploaded file type, andEPSS 0.6%