CWE-434
Medium likelihoodUnrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
3,879 vulnerabilities with CWE-434
CVE-2026-3800
MEDIUM
janobe Resort Reservation System 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2026-3797
MEDIUM
Tiandy Video Surveillance System 7.17.0 - Unrestricted Upload
CVSS 6.3
CVE-2026-3749
MEDIUM
Bytedesk <=1.3.9 - Unrestricted Upload
CVSS 6.3
CVE-2026-3748
MEDIUM
Bytedesk <=1.3.9 - Unrestricted Upload
CVSS 6.3
CVE-2026-29186
HIGH
Backstage <1.14.3 - Code Injection
CVSS 7.7
CVE-2026-30821
Flowise <3.0.13 - Auth Bypass
CVE-2018-25171
HIGH
EdTv 2 - SQL Injection
CVSS 8.2
CVE-2018-25168
MEDIUM
Precurio Intranet Portal 2.0 - CSRF
CVSS 4.3
CVE-2018-25162
MEDIUM
2-Plan Team 1.0.4 - Authenticated RCE
CVSS 6.5
CVE-2026-28800
MEDIUM
Natro Macro <1.1.0 - Unauthenticated RCE
CVSS 6.4
CVE-2026-27605
MEDIUM
Chartbrew <4.8.4 - XSS
CVSS 6.3
CVE-2026-29041
HIGH
Chamilo <1.11.34 - Authenticated RCE
CVSS 8.8
CVE-2026-28502
WWBN AVideo <24.0 - Authenticated RCE
CVE-2026-21536
CRITICAL
Microsoft Devices Pricing Program - RCE
CVSS 9.8
CVE-2026-3459
HIGH
Drag and Drop Multiple File Upload - Contact Form 7 <=1.3.7.3 - RCE
CVSS 8.1
CVE-2026-21628
File Management Feature - Unauthenticated RCE
CVE-2026-2743
SeppMail <=15.0.2.1 - Path Traversal to RCE
CVE-2026-28133
WP Chill Filr <=1.2.12 - File Upload
CVE-2026-28114
CRITICAL
WooCommerce License Manager <=7.0.6 - RCE
CVSS 9.1
CVE-2026-24960
Charety <2.0.2 - Unrestricted File Upload
CVE-2026-23802
Jordy Meow AI Engine <=3.3.2 - File Upload
CVE-2025-68555
CRITICAL
zozothemes Nutrie <2.0.1 - File Upload
CVSS 9.9
CVE-2025-68554
Keenarch <2.0.1 - File Upload
CVE-2025-68553
CRITICAL
Lendiz <2.0.1 - File Upload
CVSS 9.9
CVE-2026-28289
CRITICAL
FreeScout <=1.8.206 - Authenticated RCE
CVSS 10.0
Details
Vulnerabilities
3,879
Exploit Likelihood
Medium