Falhas do tipo CWE-434

2.804 resultados
CVE-2026-45053CRITICALCubeCart: Authenticated Arbitrary File Upload to RCE in REST Files APIEPSS 0.6%CVE-2024-11211MEDIUMEyouCMS Website Logo unrestricted uploadEPSS 0.6%CVE-2025-12974HIGHGravity Forms <= 2.9.21.1 - Unauthenticated Arbitrary File Upload via Legacy Chunked UploadEPSS 0.6%CVE-2023-46149CRITICALWordPress Themify Ultra Theme <= 7.3.5 is vulnerable to Arbitrary File UploadEPSS 0.6%CVE-2024-35079CRITICALAn arbitrary file upload vulnerability in the uploadAudio method of inxedu v2024.4 allows attackers to execute arbitrary code via uploading EPSS 0.6%CVE-2024-35080CRITICALAn arbitrary file upload vulnerability in the gok4 method of inxedu v2024.4 allows attackers to execute arbitrary code via uploading a craftEPSS 0.6%CVE-2025-1818MEDIUMzj1983 zz ZfileAction.upload unrestricted uploadEPSS 0.6%CVE-2025-7065CRITICALRemote Code Execution via Unrestricted File Upload in PAD CMSEPSS 0.6%CVE-2025-7063CRITICALRemote Code Execution via Unrestricted File Upload in PAD CMSEPSS 0.6%CVE-2024-33556HIGHWordPress XStore Core plugin <= 5.3.8 - Limited Arbitrary File Upload vulnerabilityEPSS 0.6%CVE-2025-8323HIGHVentem|e-School - Arbitrary File UploadEPSS 0.6%CVE-2025-11724HIGHEM Beer Manager <= 3.2.3 - Authenticated (Subscriber+) Arbitrary File UploadEPSS 0.6%CVE-2021-4096HIGHFancy Product Designer <= 4.7.5 - Cross-Site Request Forgery to Arbitrary File UploadEPSS 0.6%CVE-2024-44220MEDIUMThe issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2. Parsing a maliciouslyEPSS 0.6%CVE-2025-2494HIGHUnrestricted file upload vulnerability in Softdial Contact CenterEPSS 0.6%CVE-2024-0933MEDIUMNiushop B2B2C Upload.php unrestricted uploadEPSS 0.6%CVE-2025-6222CRITICALWooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet <= 3.2.6 - Unauthenticated Arbitrary File UploadEPSS 0.6%CVE-2025-10412CRITICALProduct Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) <= 4.9.55 - Unauthenticated Arbitrary File Upload via 'uni_cpo_upload_file'EPSS 0.6%CVE-2023-6675CRITICALMalicious File Upload in National Keep's CyberMathEPSS 0.6%CVE-2024-42767HIGHKashipara Hotel Management System v1.0 is vulnerable to Unrestricted File Upload RCE via /admin/add_room_controller.php.EPSS 0.6%