CWE-434: Unrestricted File Upload

This CVE describes a patch bypass vulnerability in FreeScout help desk software that allows authenticated users with file upload permissions to achiev...

A critical file upload vulnerability in TMS Global Software TMS Management Console allows remote attackers to upload malicious files through the Logo ...

This critical vulnerability allows unauthenticated attackers to upload arbitrary files to any location on vulnerable SmarterMail servers, potentially ...

An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to upload malicious PDF files that can lead to remote code execution. T...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WooCommerce websites using the affected plugin. Attackers can ...

This vulnerability allows attackers to upload malicious files to WooCommerce sites using the Helpdesk Support Ticket System plugin. Attackers can uplo...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the vulnerable Drop Uploader for CF7...

This vulnerability allows unauthenticated attackers to upload and overwrite files in DNN CMS systems. It enables website defacement and can be combine...

This vulnerability allows attackers to upload arbitrary files, including web shells, to servers running the vulnerable Wastia WordPress theme. Attacke...

This vulnerability allows attackers to upload malicious files to websites using the Clanora WordPress theme, potentially leading to complete system co...

This vulnerability allows attackers to upload arbitrary files, including web shells, to servers running vulnerable versions of the WooCommerce Designe...

This critical vulnerability in Inka.Net allows attackers to upload malicious files and execute arbitrary commands on the server. It affects all Talent...

This vulnerability allows attackers to upload arbitrary files, including web shells, to websites using the Drag and Drop File Upload for Elementor For...

This vulnerability allows attackers to upload malicious files to WordPress sites using the StoreKeeper for WooCommerce plugin. Any WordPress site with...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WooCommerce websites using the Medical Prescription Attachment...

This vulnerability allows attackers to upload malicious files to WordPress sites running FW Gallery plugin. Attackers can upload dangerous file types ...

This vulnerability allows unauthenticated attackers to upload arbitrary files, including web shells, to WordPress sites using the Drag and Drop Multip...

This vulnerability allows attackers to upload arbitrary files including web shells to WordPress sites using the vulnerable Reformer for Elementor plug...

This critical vulnerability in the NasaTheme Flozen WordPress theme allows attackers to upload arbitrary files, including web shells, to the web serve...

This vulnerability allows attackers to upload malicious files to WordPress sites running the SUMO Affiliates Pro plugin. Attackers can exploit this to...

This vulnerability allows attackers to upload arbitrary files, including web shells, to the Hospital Management System web server. This affects all ve...

CVE-2025-31324 is an unauthenticated remote code execution vulnerability in SAP NetWeaver Visual Composer Metadata Uploader that allows attackers to u...

This critical vulnerability in the EPC AI Hub WordPress plugin allows attackers to upload arbitrary files, including web shells, to the web server. An...

This vulnerability allows attackers to upload malicious files to WordPress sites using the Simplified plugin. It affects all WordPress installations r...

This vulnerability allows attackers to upload arbitrary files, including web shells, to web servers running the Innovative Solutions user files WordPr...

This vulnerability allows attackers to upload arbitrary files, including web shells, to servers running the vulnerable 4ECPS Web Forms WordPress plugi...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the vulnerable JobBoard Job Listing ...

CVE-2024-56064 is an unauthenticated arbitrary file upload vulnerability in the WP SuperBackup WordPress plugin. Attackers can upload malicious files ...

This vulnerability allows unauthenticated attackers to upload arbitrary files to WordPress sites using the Pie Register Premium plugin. Attackers can ...

CVE-2024-54214 is an unauthenticated arbitrary file upload vulnerability in the WordPress Revy plugin. Attackers can upload malicious files (including...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the Fediverse Embeds plugin. Attacke...

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation servers due to insufficient file type validation. ...

This vulnerability allows attackers to upload arbitrary files, including web shells, to servers running the kineticPay for WooCommerce plugin. Attacke...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the vulnerable Boat Rental Plugin. A...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the DoThatTask plugin. Attackers can...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the Easy CSV Importer BETA plugin. A...

This vulnerability allows attackers to upload arbitrary files, including web shells, to servers running the vulnerable Audio Record WordPress plugin. ...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the HB AUDIO GALLERY plugin. Attacke...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the Novel Design Store Directory plu...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress sites running the RSVPMaker for Toastmasters plugin....

This vulnerability allows unauthenticated attackers to upload arbitrary files, including web shells, to WordPress servers running the vulnerable Multi...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the All Post Contact Form plugin. At...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the AR For Woocommerce plugin. Attac...

This vulnerability allows attackers to upload arbitrary files, including web shells, to web servers running the vulnerable aDirectory WordPress plugin...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the Multi Purpose Mail Form plugin. ...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the vulnerable Sudan Payment Gateway...

This vulnerability allows unauthenticated attackers to upload arbitrary files, including web shells, to WordPress servers running the vulnerable Plugi...

This vulnerability allows attackers to upload arbitrary files, including web shells, to web servers running the vulnerable photokit WordPress plugin. ...

This vulnerability allows unauthenticated attackers to upload arbitrary files, including web shells, to WordPress servers running the Nice Backgrounds...

This vulnerability allows unauthenticated attackers to upload arbitrary files, including web shells, to WordPress servers running the vulnerable Woost...