Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: cwe-434 Clear
ID Title
CVE-2026-58654 Unrestricted File Upload in path-traversal (CVE-2026-58654)
vulnerability in path-traversal (CVE-2026-58654). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.0.1` or later.
CVE-2026-58480 Unrestricted File Upload in wordpress (CVE-2026-58480)
vulnerability in wordpress (CVE-2026-58480). Successful exploitation can lead to full system takeover.
CVE-2026-14489 Unrestricted File Upload in wordpress (CVE-2026-14489)
vulnerability in wordpress (CVE-2026-14489). Successful exploitation can lead to full system takeover.
CVE-2026-14158 Unrestricted File Upload in wordpress (CVE-2026-14158)
vulnerability in wordpress (CVE-2026-14158). Successful exploitation can lead to full system takeover.
CVE-2026-55633 Unrestricted File Upload in CVE-2026-55633 (CVE-2026-55633)
vulnerability in CVE-2026-55633 (CVE-2026-55633). Risk of unauthorized operations or information disclosure.
CVE-2026-23698 Unrestricted File Upload in apache (CVE-2026-23698)
vulnerability in apache (CVE-2026-23698). Successful exploitation can lead to full system takeover.
CVE-2026-23697 Unrestricted File Upload in apache (CVE-2026-23697)
vulnerability in apache (CVE-2026-23697). Successful exploitation can lead to full system takeover.
CVE-2026-14345 Unrestricted File Upload in wordpress (CVE-2026-14345)
vulnerability in wordpress (CVE-2026-14345). Successful exploitation can lead to full system takeover.
CVE-2026-42145 Unrestricted File Upload in CVE-2026-42145 (CVE-2026-42145)
vulnerability in CVE-2026-42145 (CVE-2026-42145). Risk of unauthorized operations or information disclosure.
CVE-2026-9182 Unrestricted File Upload in esri (CVE-2026-9182)
vulnerability in esri (CVE-2026-9182). Successful exploitation can lead to full system takeover.
CVE-2026-24014 Vulnerability in apache (CVE-2026-24014)
vulnerability in apache (CVE-2026-24014). Successful exploitation can lead to full system takeover.
CVE-2026-14775 Vulnerability in CVE-2026-14775 (CVE-2026-14775)
vulnerability in CVE-2026-14775 (CVE-2026-14775). Risk of unauthorized operations or information disclosure.
CVE-2026-14776 Vulnerability in c (CVE-2026-14776)
vulnerability in c (CVE-2026-14776). Risk of unauthorized operations or information disclosure.
CVE-2026-14777 Vulnerability in CVE-2026-14777 (CVE-2026-14777)
vulnerability in CVE-2026-14777 (CVE-2026-14777). Risk of unauthorized operations or information disclosure.
CVE-2026-14736 Vulnerability in CVE-2026-14736 (CVE-2026-14736)
vulnerability in CVE-2026-14736 (CVE-2026-14736). Risk of unauthorized operations or information disclosure.
CVE-2026-14698 Vulnerability in CVE-2026-14698 (CVE-2026-14698)
vulnerability in CVE-2026-14698 (CVE-2026-14698). Risk of unauthorized operations or information disclosure.
CVE-2024-14037 Unrestricted File Upload in CVE-2024-14037 (CVE-2024-14037)
vulnerability in CVE-2024-14037 (CVE-2024-14037). Successful exploitation can lead to full system takeover.
CVE-2022-50973 Unrestricted File Upload in CVE-2022-50973 (CVE-2022-50973)
vulnerability in CVE-2022-50973 (CVE-2022-50973). Successful exploitation can lead to full system takeover.
CVE-2026-5524 Unrestricted File Upload in wordpress (CVE-2026-5524)
vulnerability in wordpress (CVE-2026-5524). Successful exploitation can lead to full system takeover.
CVE-2026-27419 Subscriber Arbitrary File Upload in Zegen <= 1.1.9 versions.
Subscriber Arbitrary File Upload in Zegen <= 1.1.9 versions.
CVE-2026-53909 Unrestricted File Upload in mycomplianceoffice (CVE-2026-53909)
vulnerability in mycomplianceoffice (CVE-2026-53909). Data can be tampered with by attackers.
CVE-2026-48283 Unrestricted File Upload in adobe (CVE-2026-48283)
vulnerability in adobe (CVE-2026-48283). Successful exploitation can lead to full system takeover.
CVE-2026-48276 Unrestricted File Upload in adobe (CVE-2026-48276)
vulnerability in adobe (CVE-2026-48276). Successful exploitation can lead to full system takeover.
CVE-2026-53691 Unrestricted File Upload in CVE-2026-53691 (CVE-2026-53691)
vulnerability in CVE-2026-53691 (CVE-2026-53691). Risk of unauthorized operations or information disclosure.
CVE-2025-24815 Unrestricted File Upload in CVE-2025-24815 (CVE-2025-24815)
vulnerability in CVE-2025-24815 (CVE-2025-24815). Successful exploitation can lead to full system takeover.
CVE-2026-56290 KEV [KEV] Unrestricted File Upload in Joomlack page-builder-ck (CVE-2026-56290)
vulnerability in Joomlack page-builder-ck (CVE-2026-56290). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-13165 Unrestricted File Upload in CVE-2026-13165 (CVE-2026-13165)
vulnerability in CVE-2026-13165 (CVE-2026-13165). Risk of unauthorized operations or information disclosure.
CVE-2026-13553 Vulnerability in CVE-2026-13553 (CVE-2026-13553)
vulnerability in CVE-2026-13553 (CVE-2026-13553). Risk of unauthorized operations or information disclosure.
CVE-2026-13547 Vulnerability in CVE-2026-13547 (CVE-2026-13547)
vulnerability in CVE-2026-13547 (CVE-2026-13547). Risk of unauthorized operations or information disclosure.
CVE-2026-56414 Unrestricted File Upload in CVE-2026-56414 (CVE-2026-56414)
vulnerability in CVE-2026-56414 (CVE-2026-56414). Successful exploitation can lead to full system takeover.
CVE-2026-33560 Unrestricted File Upload in daktronics (CVE-2026-33560)
vulnerability in daktronics (CVE-2026-33560). Data can be tampered with by attackers.
CVE-2026-57658 Administrator Arbitrary File Upload in TemplateSpare <= 4.2.0 versions.
Administrator Arbitrary File Upload in TemplateSpare <= 4.2.0 versions.
CVE-2026-56059 Subscriber Arbitrary File Upload in Travel Booking <= 2.2.5 versions.
Subscriber Arbitrary File Upload in Travel Booking <= 2.2.5 versions.
CVE-2026-56058 Subscriber Arbitrary File Upload in Quform <= 2.23.0 versions.
Subscriber Arbitrary File Upload in Quform <= 2.23.0 versions.
CVE-2026-56027 Customer Arbitrary File Upload in Booster for WooCommerce <= 8.0.1 versions.
Customer Arbitrary File Upload in Booster for WooCommerce <= 8.0.1 versions.
CVE-2026-57700 Unrestricted File Upload in CVE-2026-57700 (CVE-2026-57700)
vulnerability in CVE-2026-57700 (CVE-2026-57700). Successful exploitation can lead to full system takeover.
CVE-2026-48945 Unrestricted File Upload in joomlaworks (CVE-2026-48945)
vulnerability in joomlaworks (CVE-2026-48945). Risk of unauthorized operations or information disclosure.
CVE-2026-48946 Unrestricted File Upload in apache (CVE-2026-48946)
vulnerability in apache (CVE-2026-48946). Risk of unauthorized operations or information disclosure. Exploitable via ``shell.php``.
CVE-2026-53948 Unrestricted File Upload in CVE-2026-53948 (CVE-2026-53948)
vulnerability in CVE-2026-53948 (CVE-2026-53948). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.21.1` or later.
CVE-2026-48939 Unrestricted File Upload in joomlic (CVE-2026-48939)
vulnerability in joomlic (CVE-2026-48939). Successful exploitation can lead to full system takeover.
CVE-2026-48908 KEV [KEV] Unrestricted File Upload in Joomshaper ollyo (CVE-2026-48908)
vulnerability in Joomshaper ollyo (CVE-2026-48908). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2019-25758 Unrestricted File Upload in CVE-2019-25758 (CVE-2019-25758)
vulnerability in CVE-2019-25758 (CVE-2019-25758). Successful exploitation can lead to full system takeover.
CVE-2026-54414 Path Traversal in path-traversal (CVE-2026-54414)
path traversal in path-traversal (CVE-2026-54414). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.16.0` or later.
CVE-2026-9860 Unrestricted File Upload in wordpress (CVE-2026-9860)
vulnerability in wordpress (CVE-2026-9860). Successful exploitation can lead to full system takeover.
CVE-2026-52705 Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms <= 1.4.5 versions.
Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms <= 1.4.5 versions.
CVE-2026-40749 Subscriber Arbitrary File Upload in Charity Zone <= 1.1.1 versions.
Subscriber Arbitrary File Upload in Charity Zone <= 1.1.1 versions.
CVE-2026-40748 Subscriber Arbitrary File Upload in Kids Gift Shop <= 0.5.4 versions.
Subscriber Arbitrary File Upload in Kids Gift Shop <= 0.5.4 versions.
CVE-2026-40746 Subscriber Arbitrary File Upload in Restaurant Zone <= 0.7.8 versions.
Subscriber Arbitrary File Upload in Restaurant Zone <= 0.7.8 versions.
CVE-2026-40747 Subscriber Arbitrary File Upload in Ecommerce Zone <= 0.9.7 versions.
Subscriber Arbitrary File Upload in Ecommerce Zone <= 0.9.7 versions.
CVE-2026-39598 Unrestricted File Upload in CVE-2026-39598 (CVE-2026-39598)
vulnerability in CVE-2026-39598 (CVE-2026-39598). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →