Falhas do tipo CWE-434

2.804 resultados
CVE-2026-10071CRITICALInterinfo|DreamMaker - Arbitrary File UploadEPSS 0.5%CVE-2024-6948MEDIUMGargaj wuhu Slide Editor slideeditor.php unrestricted uploadEPSS 0.5%CVE-2025-15226CRITICALSunnet|WMPro - Arbitrary File UploadEPSS 0.5%CVE-2020-7847HIGHThe ipTIME NAS product allows an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain EPSS 0.5%CVE-2024-9036MEDIUMitsourcecode Online Bookstore admin_add.php unrestricted uploadEPSS 0.5%CVE-2025-50002CRITICALWordPress Energia theme <= 1.1.2 - Arbitrary File Upload vulnerabilityEPSS 0.5%CVE-2024-10413MEDIUMSourceCodester Online Hotel Reservation System update.php upload unrestricted uploadEPSS 0.5%CVE-2025-0335MEDIUMcode-projects Online Bike Rental System Change Image unrestricted uploadEPSS 0.5%CVE-2026-33687HIGHSharp has Unrestricted File Upload via Client-Controlled Validation RulesEPSS 0.5%CVE-2024-50511CRITICALWordPress WP donimedia carousel plugin <= 1.0.1 - Arbitrary File Upload vulnerabilityEPSS 0.5%CVE-2024-51919CRITICALWordPress Fancy Product Designer plugin <= 6.4.3 - Unauthenticated Arbitrary File Upload vulnerabilityEPSS 0.5%CVE-2024-43243CRITICALWordPress JobBoard Job listing plugin <= 1.2.6 - Arbitrary File Upload vulnerabilityEPSS 0.5%CVE-2025-3123MEDIUMWonderCMS Theme Installation/Plugin Installation installUpdateModuleAction unrestricted uploadEPSS 0.5%CVE-2025-46099HIGHIn Pluck CMS 4.7.20-dev, an authenticated attacker can upload or create a crafted PHP file under the albums module directory and access it vEPSS 0.5%CVE-2025-13062HIGHSupreme Modules Lite <= 2.5.62 - Authenticated (Author+) Arbitrary File Upload via JSON Upload BypassEPSS 0.5%CVE-2021-39221MEDIUMXSS in ContactsEPSS 0.5%CVE-2025-67288CRITICALAn arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code by uploading a crafted PDF file. NOEPSS 0.5%CVE-2025-2035MEDIUMs-a-zhd Ecommerce-Website-using-PHP customer_register.php unrestricted uploadEPSS 0.5%CVE-2025-34336MEDIUMeGovFramework <= 4.3.1 Unauthenticated File Upload via Web Editor Image Upload EndpointsEPSS 0.5%CVE-2024-8338MEDIUMHFO4 shudong-share File Extension fileReceive.php unrestricted uploadEPSS 0.5%