Falhas do tipo CWE-434

2.804 resultados
CVE-2023-47846CRITICALWordPress WP Githuber MD plugin <= 1.16.2 - Arbitrary File Upload vulnerabilityEPSS 0.6%CVE-2023-6090CRITICALWordPress Mollie Payments for WooCommerce Plugin <= 7.3.11 is vulnerable to Arbitrary File UploadEPSS 0.6%CVE-2023-6091HIGHWordPress Theme Editor plugin <= 2.7.1 - Arbitrary File Upload vulnerabilityEPSS 0.6%CVE-2024-10161MEDIUMPHPGurukul Boat Booking System Update Boat Image Page change-image.php unrestricted uploadEPSS 0.6%CVE-2021-47888HIGHTextpattern 4.8.3 - Remote code executionEPSS 0.6%CVE-2025-46616CRITICALQuantum StorNext Web GUI API before 7.2.4 allows potential Arbitrary Remote Code Execution (RCE) via upload of a file. This affects StorNextEPSS 0.6%CVE-2024-13744HIGHBooster for WooCommerce 4.0.1 - 7.2.4 - Unauthenticated Arbitrary File UploadEPSS 0.6%CVE-2020-37023HIGHKoken CMS 0.22.24 - Arbitrary File UploadEPSS 0.6%CVE-2025-13156HIGHVitepos – Point of Sale (POS) for WooCommerce <= 3.3.0 - Authenticated (Subscriber+) Arbitrary File Upload to Remote Code ExecutionEPSS 0.6%CVE-2024-37555CRITICALWordPress Generate PDF using Contact Form 7 plugin <= 4.1.2 - CSRF to Arbitrary File Upload vulnerabilityEPSS 0.6%CVE-2023-50729HIGHAn unrestricted file upload vulnerability in traccar leads to RCEEPSS 0.6%CVE-2023-7147MEDIUMgopeak MasterLab User.php base64ImageContent unrestricted uploadEPSS 0.6%CVE-2011-10004MEDIUMreciply Plugin uploadImage.php unrestricted uploadEPSS 0.6%CVE-2025-11889HIGHAIO Forms <= 1.3.18 - Authenticated (Admin+) Arbitrary File Upload via Zip ImportEPSS 0.6%CVE-2022-45377MEDIUMWordPress Drag and Drop Multiple File Upload for WooCommerce Plugin <= 1.0.8 is vulnerable to Multiple VulnerabilitiesEPSS 0.6%CVE-2024-40071CRITICALSourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/SystEPSS 0.6%CVE-2025-12957HIGHAll-in-One Video Gallery <= 4.5.7 - Authenticated (Author+) Arbitrary File Upload via VTT Upload BypassEPSS 0.6%CVE-2025-30131CRITICALAn issue was discovered on IROAD Dashcam FX2 devices. An unauthenticated file upload endpoint can be leveraged to execute arbitrary commandsEPSS 0.6%CVE-2024-9855MEDIUM07FLYCMS/07FLY-CMS/07FlyCRM Module Plug-In sysmodule_1 uploadFile unrestricted uploadEPSS 0.6%CVE-2025-54448CRITICALUnrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affEPSS 0.6%