Falhas do tipo CWE-434

2.804 resultados
CVE-2023-7036MEDIUMautomad Content Type FileCollectionController.php upload unrestricted uploadEPSS 0.6%CVE-2023-6675CRITICALMalicious File Upload in National Keep's CyberMathEPSS 0.6%CVE-2026-2942CRITICALProSolution WP Client <= 1.9.9 - Unauthenticated Arbitrary File Upload via proSol_fileUploadProcessEPSS 0.6%CVE-2026-9860HIGHOffload, AI & Optimize with Cloudflare Images <= 1.10.2 - Authenticated (Author+) Remote Code Execution via 'api-key' / 'account-id' Parameters in cf_images_do_setup AJAX ActionEPSS 0.6%CVE-2022-2750MEDIUMSourceCodester Company Website CMS Add Service add-service.php unrestricted uploadEPSS 0.6%CVE-2022-2751MEDIUMSourceCodester Company Website CMS add-portfolio.php unrestricted uploadEPSS 0.6%CVE-2022-2736MEDIUMSourceCodester Company Website CMS Background Upload Logo Icon updatelogo.php unrestricted uploadEPSS 0.6%CVE-2025-32957HIGHbaserCMS: unsafe File Upload Leading to Remote Code Execution (RCE)EPSS 0.6%CVE-2022-2740MEDIUMSourceCodester Company Website CMS Add Blog add-blog.php unrestricted uploadEPSS 0.6%CVE-2021-47965CRITICALWordPress Plugin WP Super Edit 2.5.4 Unrestricted File UploadEPSS 0.6%CVE-2024-5911HIGHPAN-OS: File Upload Vulnerability in the Panorama Web InterfaceEPSS 0.6%CVE-2025-3040MEDIUMProject Worlds Online Time Table Generator add_student.php unrestricted uploadEPSS 0.6%CVE-2025-12399HIGHAlex Reservations: Smart Restaurant Booking <= 2.2.3 - Authenticated (Admin+) Arbitrary File UploadEPSS 0.6%CVE-2024-12700HIGHTibbo AggreGate Network Manager Unrestricted Upload of File with Dangerous TypeEPSS 0.6%CVE-2026-26746HIGHOpenSourcePOS 3.4.1 contains a Local File Inclusion (LFI) vulnerability in the Sales.php::getInvoice() function. An attacker can read arbitrEPSS 0.6%CVE-2023-50717MEDIUMNocoDB Allows Preview of File with Dangerous ContentEPSS 0.6%CVE-2025-12528HIGHPie Forms for WP <= 1.6 - Unauthenticated Arbitrary File UploadEPSS 0.6%CVE-2024-22550MEDIUMAn arbitrary file upload vulnerability in the component /alsdemo/ss/mediam.cgi of ShopSite v14.0 allows attackers to execute arbitrary code EPSS 0.6%CVE-2025-9113CRITICALDoccure Core <= 1.5.3 - Unauthenticated Arbitrary File UploadEPSS 0.6%CVE-2023-41812MEDIUMUploading executables via the file managerEPSS 0.6%