CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,102 vulnerabilities with CWE-434

CVE-2026-0911 HIGH

Hustle - Email Marketing - File Upload

CVSS 7.5

CVE-2026-1331 CRITICAL

HAMASTAR MeetingHub - Unauthenticated Web Shell Upload Code Execution

CVSS 9.8

CVE-2026-24034 MEDIUM

horilla < 1.5.0 - Stored Cross-Site Scripting via Profile Photo Upload

CVSS 5.4

CVE-2026-24010 HIGH

horilla < 1.5.0 - Authenticated File Upload via Profile Picture

CVSS 8.0

CVE-2026-23499 MEDIUM

Saleor <3.20.108-3.22.27 - Code Injection

CVSS 5.4

CVE-2026-1222 HIGH

PrismX MX100 AP controller < 1.03.23.01 - Authenticated Arbitrary File Upload

CVSS 7.2

CVE-2026-1152 MEDIUM

technical-laohu mpay < 1.2.4 - Unrestricted File Upload via QR Code Image Handler

CVSS 4.7

CVE-2026-1126 MEDIUM

LWJ Flow - Unrestricted File Upload in SVG File Handler

CVSS 6.3

CVE-2026-1107 MEDIUM

EyouCMS <1.7.1/5.0 - Unrestricted Upload

CVSS 6.3

CVE-2026-1061 MEDIUM

xiweicheng TMS <2.28.0 - Unrestricted Upload

CVSS 6.3

CVE-2026-21625 HIGH

Stackideas Easydiscuss < 5.0.15 - Unrestricted File Upload

CVSS 8.8

CVE-2026-1021 CRITICAL

Gotac Police Statistics Database System < 1.0.2 - Unauthenticated Arbitrary File Upload and Remote Code Execution

CVSS 9.8

CVE-2026-0496 MEDIUM

SAP Fiori App Intercompany Balance Reconciliation - File Upload

CVSS 6.6

CVE-2026-22799 HIGH

emlog < 2.6.1 - Authenticated Arbitrary File Upload via REST API Endpoint

CVSS 8.8

CVE-2026-22789 MEDIUM

Wem - Unrestricted File Upload

CVSS 5.4

CVE-2026-22786 HIGH

gin-vue-admin <= 2.8.7 - Path Traversal and Arbitrary File Write via Breakpoint Resume Upload

CVSS 7.2

CVE-2026-22783 CRITICAL

Iris <2.4.24 - Privilege Escalation

CVSS 9.6

CVE-2026-22241 HIGH

Openeclass < 4.1 - Unrestricted File Upload

CVSS 7.2

CVE-2026-21877 CRITICAL

n8n 0.123.0-1.121.2 - Authenticated Remote Code Execution via Git Node

CVSS 9.9

CVE-2026-0643 HIGH

projectworlds House Rental and Property Listing 1.0 - Unrestricted File Upload via Signup Image Parameter

CVSS 7.3

CVE-2026-0577 MEDIUM

Online Product Reservation System 1.0 - Unrestricted File Upload in prod.php

CVSS 6.3

CVE-2026-0566 MEDIUM

code-projects Content Management System 1.0 - Unrestricted File Upload via Image Argument

CVSS 4.7

CVE-2026-0547 MEDIUM

Online Course Registration < 3.1 - Unrestricted File Upload via Student Registration Page

CVSS 6.3

CVE-2025-40808 MEDIUM

Siemens Siprotec 5 6MD84 (CP300) - Unrestricted Upload of File with Dangerous Type

CVSS 6.1

CVE-2025-65416 MEDIUM

docuFORM Managed Print Service Client 11.11c - Arbitrary File Upload

CVSS 6.3

Details

Vulnerabilities 4,102

Exploit Likelihood Medium

Links