CWE-434

4,009 vulnerabilities with CWE-434

CVE-2026-28800 MEDIUM

Natro Macro <1.1.0 - Unauthenticated RCE

CVSS 6.4

CVE-2026-27605 MEDIUM

Chartbrew <4.8.4 - XSS

CVSS 6.3

CVE-2026-29041 HIGH

Chamilo <1.11.34 - Authenticated RCE

CVSS 8.8

CVE-2026-28502 HIGH

WWBN AVideo <24.0 - Authenticated RCE

CVSS 8.8

CVE-2026-21536 CRITICAL

Microsoft Devices Pricing Program - RCE

CVSS 9.8

CVE-2026-3459 HIGH

Drag and Drop Multiple File Upload - Contact Form 7 <=1.3.7.3 - RCE

CVSS 8.1

CVE-2026-21628 CRITICAL

File Management Feature - Unauthenticated RCE

CVSS 9.8

CVE-2026-2743 CRITICAL

SeppMail <=15.0.2.1 - Path Traversal to RCE

CVSS 9.8

CVE-2026-28133 HIGH

WP Chill Filr <=1.2.12 - File Upload

CVSS 8.5

CVE-2026-28114 CRITICAL

WooCommerce License Manager <=7.0.6 - RCE

CVSS 9.1

CVE-2026-24960 CRITICAL

Charety <2.0.2 - Unrestricted File Upload

CVSS 9.9

CVE-2026-23802 CRITICAL

Jordy Meow AI Engine <=3.3.2 - File Upload

CVSS 9.1

CVE-2026-28289 CRITICAL

FreeScout <=1.8.206 - Authenticated RCE

CVSS 10.0

CVE-2026-2269 HIGH

Uncanny Automator Plugin <7.0.0.3 - SSRF

CVSS 7.2

CVE-2026-28270 MEDIUM

Kiteworks <9.2.0 - Arbitrary File Upload

CVSS 4.9

CVE-2026-27947 HIGH

Group-Office <26.0.9 - Authenticated RCE

CVSS 8.8

CVE-2026-28274 HIGH

Initiative <0.32.4 - Stored XSS

CVSS 8.7

CVE-2026-1565 HIGH

User Frontend WordPress Plugin <=4.2.8 - File Upload

CVSS 8.8

CVE-2026-26984 HIGH

LORIS <28.0.0 - Path Traversal to RCE

CVSS 8.8

CVE-2026-3187 MEDIUM

feiyuchuixue sz-boot-parent <=1.3.2-beta - Unrestricted Upload

CVSS 6.3

CVE-2026-27636 HIGH

FreeScout <1.8.206 - RCE

CVSS 8.8

CVE-2026-22766 HIGH

Dell Wyse Management Suite <5.5 - RCE

CVSS 7.2

CVE-2026-3025 HIGH

ShuoRen Smart Heating 1.0.0 - Unrestricted Upload

CVSS 7.3

CVE-2026-25648 HIGH

Traccar 6.11.1+ - XSS

CVSS 8.7

CVE-2026-2979 MEDIUM

FastApiAdmin <2.2.0 - Unrestricted Upload

CVSS 6.3