CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,100 vulnerabilities with CWE-434
CVE-2026-10807 MEDIUM
mjperpinosa stumasy change_profile_image.php unrestricted upload
CVSS 6.3
CVE-2026-10806 MEDIUM
mjperpinosa stumasy add_post.php unrestricted upload
CVSS 6.3
CVE-2026-40548 MEDIUM
Unrestricted Upload of File with Dangerous Type in SOPlanning
CVE-2026-10205 MEDIUM
Metasoft 美特软件 MetaCRM upload.jsp unrestricted upload
CVSS 6.3
CVE-2026-10172 MEDIUM
Bdtask Multi-Store Inventory Management System Component Module.php upload unrestricted upload
CVSS 6.3
CVE-2026-39292 HIGH
Falco Solutions PHPPageBuilder 0.31.0 - Unauthenticated Remote Code Execution via Unrestricted File Upload
CVSS 7.3
CVE-2026-10072 HIGH
Interinfo|DreamMaker - Arbitrary File Upload
CVSS 7.2
CVE-2026-10071 CRITICAL
Interinfo|DreamMaker - Arbitrary File Upload
CVSS 9.8
CVE-2026-30761 HIGH
SourceBans Material Admin 1.1.6 - Arbitrary File Upload and Remote Code Execution via Admin Upload Map Image
CVSS 7.3
CVE-2026-9227 HIGH
GutenBee <= 2.20.1 - Authenticated (Author+) Arbitrary File Upload via wp_check_filetype_and_ext Filter
CVSS 8.8
CVE-2026-9009 HIGH
Crawlomatic Multipage Scraper Post Generator <= 2.7.2 - Authenticated (Author+) Remote Code Execution via 'callback_raw' Shortcode Attribute
CVSS 8.8
CVE-2026-42879 MEDIUM
FacturaScripts: Authenticated Remote Code Execution (RCE) via GIF Image Upload in Product Images
CVSS 6.3
CVE-2026-46426 HIGH
Budibase: Unrestricted Upload of File with Dangerous Type
CVSS 7.6
CVE-2026-45089 HIGH
Dalfox: Unauthenticated Arbitrary File Create/Append via `output` Option in Dalfox Server Mode
CVSS 8.2
CVE-2026-42748 CRITICAL
WordPress WPify Woo Czech plugin <= 5.4.1 - Arbitrary File Upload vulnerability
CVSS 9.9
CVE-2026-9445 MEDIUM
SourceCodester Simple POS and Inventory System File Extension addproduct.php unrestricted upload
CVSS 6.3
CVE-2026-9421 HIGH
KLiK SocialMediaWebsite File upload.inc.php uniqid unrestricted upload
CVSS 7.3
CVE-2026-9374 MEDIUM
yangzongzhuan RuoYi-Vue Common Upload Endpoint upload FileUploadUtils.upload unrestricted upload
CVSS 6.3
CVE-2026-40412 CRITICAL
Azure Orbital Spatio Remote Code Execution Vulnerability
CVSS 10.0
CVE-2026-9053 MEDIUM
9front - Arbitrary File Overwrite via HTML File Upload Form Default Path
CVE-2026-6960 CRITICAL
BookingPress Pro <= 5.6 - Unauthenticated Arbitrary File Upload via Signature Custom Field
CVSS 9.8
CVE-2026-8134 HIGH
Concrete CMS 9.5.0 and below is vulnerable to Authenticated RCE via Composer customTemplate Path Traversal leading to PHP File Inclusion
CVSS 7.2
CVE-2026-9157 HIGH
Remote Code Execution in Gmission Web FAX
CVSS 8.4
CVE-2026-9102 CRITICAL
Path Traversal in Altium Enterprise Server ComparisonService Allows Arbitrary File Write
CVE-2026-45444 CRITICAL
WordPress Gift Cards For WooCommerce Pro plugin <= 4.2.6 - Arbitrary File Upload vulnerability
CVSS 10.0
Details
Vulnerabilities 4,100
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits