CWE-434
Medium likelihoodUnrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
4,101 vulnerabilities with CWE-434
CVE-2026-6596
HIGH
langflow-ai langflow API Endpoint endpoints.py create_upload_file unrestricted upload
CVSS 7.3
CVE-2026-6561
MEDIUM
EyouCMS Index.php edit_adminlogo unrestricted upload
CVSS 4.7
CVE-2026-6518
HIGH
Cmp – Coming Soon & Maintenance Plugin BY NiteoThemes < 4.1.16 - Remote Code Execution
CVSS 8.8
CVE-2026-40487
HIGH
Postiz Has Unrestricted File Upload via MIME Type Spoofing that Leads to Stored XSS
CVSS 8.9
CVE-2026-40484
CRITICAL
ChurchCRM: Authenticated Remote Code Execution via Unrestricted PHP File Write in Database Restore Function
CVSS 9.1
CVE-2026-5718
HIGH
Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.6 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass
CVSS 8.1
CVE-2026-6489
MEDIUM
QueryMine sms Background Management addteacher.php unrestricted upload
CVSS 6.3
CVE-2026-40262
HIGH
Note Mark has Stored XSS via Unrestricted Asset Upload
CVSS 8.7
CVE-2026-33435
HIGH
Weblate: Remote code execution during backup restoration
CVSS 8.0
CVE-2026-1555
CRITICAL
WebStack <= 1.2024 - Unauthenticated Arbitrary File Upload
CVSS 9.8
CVE-2026-38526
CRITICAL
Webkul Krayin CRM 2.2.x - Authenticated RCE
CVSS 9.9
CVE-2026-40040
HIGH
Pachno 1.0.6 Unrestricted File Upload Remote Code Execution
CVSS 8.8
CVE-2026-30804
HIGH
Unrestricted File Upload in Extension Uploader leads to Remote Code Execution
CVSS 7.2
CVE-2026-33704
HIGH
Chamilo LMS Affected by Authenticated Arbitrary File Write via BigUpload endpoint
CVSS 7.1
CVE-2026-32931
HIGH
Chamilo LMS has Arbitrary File Upload via MIME-Only Validation in Exercise Sound Upload Leads to RCE
CVSS 7.5
CVE-2026-2942
CRITICAL
ProSolution WP Client <= 1.9.9 - Unauthenticated Arbitrary File Upload via proSol_fileUploadProcess
CVSS 9.8
CVE-2026-4808
HIGH
Gerador de Certificados – DevApps <= 1.3.6 - Authenticated (Administrator+) Arbitrary File Upload
CVSS 7.2
CVE-2026-3535
CRITICAL
DSGVO Google Web Fonts GDPR <= 1.1 - Unauthenticated Arbitrary File Upload via 'fonturl' Parameter
CVSS 9.8
CVE-2026-33273
HIGH
MATCHA INVOICE <= 2.6.6 - Authenticated Arbitrary File Upload and Remote Code Execution
CVSS 7.2
CVE-2026-35573
CRITICAL
ChurchCRM <6.5.3 Backup Restore - Remote Code Execution
CVSS 9.1
CVE-2026-0740
CRITICAL
Ninja Forms - File Upload <= 3.3.26 - Unauthenticated Arbitrary File Upload
CVSS 9.8
CVE-2026-35174
CRITICAL
Chyrp Lite <2026.01 Uploads Path - Remote Code Execution
CVSS 9.1
CVE-2026-35164
HIGH
Brave CMS Sffected by Unrestricted File Upload via CKEditor Endpoint
CVSS 8.8
CVE-2026-35047
CRITICAL
Brave CMS has Unrestricted File Upload in BraveCMS via CKEditor Endpoint
CVSS 9.8
CVE-2026-5670
MEDIUM
Cyber-III Student-Management-System upload.php move_uploaded_file unrestricted upload
CVSS 6.3
Details
Vulnerabilities
4,101
Exploit Likelihood
Medium