CWE-434: Unrestricted File Upload

This vulnerability allows unauthenticated attackers to upload arbitrary files to Mozart FM Transmitter devices via the patch_contents.php endpoint. At...

This vulnerability allows unauthenticated attackers to upload arbitrary files to DB Electronica Telecomunicazioni's Mozart FM Transmitter devices via ...

The CIBELES AI WordPress plugin has an unauthenticated arbitrary file upload vulnerability that allows attackers to download GitHub repositories and o...

The ELEX WordPress HelpDesk plugin has a critical vulnerability allowing unauthenticated attackers to upload arbitrary files due to missing file type ...

This critical vulnerability allows unauthenticated remote attackers to upload arbitrary files and execute code as SYSTEM on AudioCodes Fax Server and ...

AudioCodes Fax Server and Auto-Attendant IVR appliances up to version 2.6.23 expose an unauthenticated backup upload endpoint that allows remote attac...

The WavePlayer WordPress plugin before version 3.8.0 contains an unauthenticated arbitrary file upload vulnerability that leads to remote code executi...

The Mozart FM Transmitter web management interface contains an unauthenticated file upload vulnerability that allows attackers to upload malicious fil...

An arbitrary file upload vulnerability in RichFilemanager v2.7.6 allows attackers to upload malicious files to the server, potentially leading to remo...

DzzOffice v2.3.7 and earlier contains an arbitrary file upload vulnerability in the UEditor component that allows attackers to upload malicious files ...

This vulnerability allows unauthenticated attackers to upload dangerous files (like webshells) to WinPlus Portal servers via a specific API endpoint. ...

The WP移行専用プラグイン for CPI WordPress plugin allows unauthenticated attackers to upload arbitrary files due to missing file type validat...

CVE-2021-4462 is an unrestricted file upload vulnerability in Employee Records System version 1.0 that allows remote unauthenticated attackers to uplo...

CVE-2025-34299 is an unauthenticated arbitrary file upload vulnerability in Monsta FTP versions 2.11 and earlier. Attackers can exploit this by connec...

The Gravity Forms WordPress plugin allows unauthenticated attackers to upload arbitrary files due to missing file type validation in the copy_post_ima...

This critical vulnerability in Cisco Unified CCX allows unauthenticated remote attackers to upload arbitrary files and execute commands with root priv...

The KiotViet Sync WordPress plugin allows unauthenticated attackers to upload arbitrary files to affected servers due to missing file type validation....

The Easy Upload Files During Checkout WordPress plugin allows unauthenticated attackers to upload arbitrary JavaScript files due to missing file type ...

The WooCommerce Designer Pro plugin for WordPress has an unauthenticated arbitrary file upload vulnerability that allows attackers to upload malicious...

CVE-2025-11948 is an unauthenticated arbitrary file upload vulnerability in Excellent Infotek's Document Management System. Attackers can upload malic...

The PPOM – Product Addons & Custom Fields for WooCommerce WordPress plugin has an arbitrary file upload vulnerability in its image cropper functiona...

Hikvision iSecure Center software has an improper file upload vulnerability that allows attackers to upload malicious files to the server due to insuf...

The Flex QR Code Generator WordPress plugin allows unauthenticated attackers to upload arbitrary files due to missing file type validation. This vulne...

The Ovatheme Events Manager WordPress plugin allows unauthenticated attackers to upload arbitrary files due to missing file type validation. This vuln...

CVE-2025-8120 is an unauthenticated remote code execution vulnerability in PAD CMS's photo upload functionality. An attacker can upload arbitrary file...

CVE-2025-7063 is an unauthenticated remote code execution vulnerability in PAD CMS's file upload functionality. Attackers can upload arbitrary files w...

This vulnerability allows unauthenticated attackers to upload arbitrary files to WordPress servers running the Uni CPO plugin. Attackers can potential...

This vulnerability allows remote code execution on Windows systems running vulnerable versions of Vasion Print (formerly PrinterLogic). Attackers can ...

The Doccure WordPress theme allows unauthenticated attackers to upload arbitrary files due to missing file type validation. This vulnerability affects...

This vulnerability allows remote attackers to upload malicious files to SUNNET Corporate Training Management System, potentially leading to arbitrary ...

This critical vulnerability in SS1 Ver.16.0.0.10 and earlier allows remote unauthenticated attackers to upload arbitrary files and execute operating s...

This vulnerability allows authenticated attackers to upload malicious files containing PHP code to Badaso CMS, bypassing content-type validation. When...

This vulnerability allows attackers to upload unrestricted files through Liferay's style books component, which are then processed within the environm...

The StoryChief WordPress plugin has an unauthenticated arbitrary file upload vulnerability in its REST API endpoint. Attackers can upload malicious fi...

The Bit Form builder plugin for WordPress allows unauthenticated attackers to upload arbitrary files due to missing file type validation. This affects...

This vulnerability allows attackers to upload malicious Lua script files to affected SATO CL4/6NX Plus printers and execute them with root privileges....

CVE-2025-52239 is an arbitrary file upload vulnerability in ZKEACMS v4.1 that allows attackers to upload malicious files and execute arbitrary code on...

CVE-2013-10040 is an unauthenticated arbitrary file upload vulnerability in ClipBucket versions 2.6 and earlier. Attackers can upload PHP scripts via ...

The Ebook Store WordPress plugin allows unauthenticated attackers to upload arbitrary files due to missing file type validation. This vulnerability af...

This vulnerability allows attackers to upload malicious files to Samsung MagicINFO 9 Server, leading to code injection and potential remote code execu...

This vulnerability allows attackers to upload malicious files to Samsung MagicINFO 9 Server, which can lead to remote code execution. It affects all M...

This vulnerability allows attackers to upload malicious files to Samsung MagicINFO 9 Server, leading to code injection and potential remote code execu...

This vulnerability allows attackers to upload malicious files to Samsung MagicINFO 9 Server, which can lead to code execution on the server. It affect...

The FoxyPress WordPress plugin versions up to 0.4.2.1 allow unauthenticated attackers to upload arbitrary files due to missing file type validation in...

This vulnerability allows attackers to upload malicious scripts with non-.php extensions that the Netgear RAX30 router's PHP-FPM configuration incorre...

The Work The Flow File Upload WordPress plugin has an unauthenticated arbitrary file upload vulnerability due to missing file type validation. This al...

The WPshop 2 E-Commerce plugin for WordPress versions before 1.3.9.6 allows unauthenticated attackers to upload arbitrary files due to missing file ty...

The WP Mobile Detector WordPress plugin allows unauthenticated attackers to upload arbitrary files due to missing file type validation in the resize.p...

The Front End Editor WordPress plugin before version 2.3 allows unauthenticated attackers to upload arbitrary files due to missing file type validatio...

An arbitrary file upload vulnerability in Filemanager v2.3.0 allows attackers to upload malicious PHP files by bypassing the is_allowed_file_type() fu...