CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,101 vulnerabilities with CWE-434
CVE-2026-7696 MEDIUM
Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform uploadH5Files unrestricted upload
CVSS 6.3
CVE-2026-7673 MEDIUM
crmeb_java Admin Upload UploadServiceImpl.java unrestricted upload
CVSS 4.7
CVE-2026-7490 HIGH
Sunnet|CTMS and CPAS - Arbitrary File Upload
CVSS 7.2
CVE-2026-4882 CRITICAL
User Registration Advanced Fields <= 1.6.20 - Unauthenticated Arbitrary File Upload
CVSS 9.8
CVE-2026-7578 MEDIUM
MacCMS Pro Plugin Installation add.html install unrestricted upload
CVSS 4.7
CVE-2026-7393 MEDIUM
SourceCodester Pizzafy Ecommerce System File Extension admin_class_novo.php save_menu unrestricted upload
CVSS 4.7
CVE-2026-38991 HIGH
Cockpit <=2.13.5 - Authenticated RCE
CVSS 8.8
CVE-2026-7238 MEDIUM
code-projects Online Music Site AdminUpdateAlbum.php unrestricted upload
CVSS 4.7
CVE-2026-7134 MEDIUM
code-projects Online Lot Reservation System edithousepic.php unrestricted upload
CVSS 4.7
CVE-2026-7133 MEDIUM
code-projects Online Lot Reservation System activity.php unrestricted upload
CVSS 4.7
CVE-2026-7107 MEDIUM
code-projects Invoice System in Laravel company unrestricted upload
CVSS 6.3
CVE-2026-7044 MEDIUM
GreenCMS index.php themeadd unrestricted upload
CVSS 6.3
CVE-2026-7043 MEDIUM
GreenCMS index.php pluginAddLocal unrestricted upload
CVSS 6.3
CVE-2026-5364 HIGH
Drag and Drop File Upload for Contact Form 7 <= 1.1.3 - Unauthenticated Arbitrary File Upload via sanitize_file_name Bypass
CVSS 8.1
CVE-2026-41269 HIGH
Flowise: File Upload Validation Bypass in createAttachment
CVSS 7.1
CVE-2026-6885 CRITICAL
BorG Technology Corporation|Borg SPM 2007 - Arbitrary File Upload
CVSS 9.8
CVE-2026-3844 CRITICAL
Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote
CVSS 9.8
CVE-2026-6835 MEDIUM
aEnrich|a+HCM - Arbitrary File Upload
CVSS 6.1
CVE-2026-37748 HIGH
Visitor Management System 1.0 - Remote Code Execution
CVSS 7.2
CVE-2026-6257 CRITICAL
Vvveb CMS v1.0.8 Remote Code Execution via Media Management
CVSS 9.1
CVE-2026-6249 HIGH
Vvveb CMS 1.0.8 Remote Code Execution via Media Upload
CVSS 8.8
CVE-2026-40488 HIGH
OpenMage LTS has Customer File Upload Extension Blocklist Bypass that Leads to Remote Code Execution
CVSS 8.8
CVE-2026-6650 MEDIUM
Z-BlogPHP ZBA File app_upload.php UnPack unrestricted upload
CVSS 4.7
CVE-2026-3219 MEDIUM
pip doesn't reject concatenated ZIP and tar archives
CVE-2026-6602 HIGH
rickxy Hospital Management System his_admin_account.php unrestricted upload
CVSS 7.3
Details
Vulnerabilities 4,101
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits