CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,101 vulnerabilities with CWE-434
CVE-2026-5704 MEDIUM
Tar: tar: hidden file injection via crafted archives
CVSS 5.0
CVE-2026-5576 MEDIUM
SourceCodester/jkev Record Management System Add Employee save_emp.php unrestricted upload
CVSS 4.7
CVE-2026-5573 HIGH
Technostrobe HI-LED-WR120-G2 fs unrestricted upload
CVSS 7.3
CVE-2026-5546 MEDIUM
Campcodes Complete Online Learning Management System Crud_model.php add_lesson unrestricted upload
CVSS 6.3
CVE-2026-5472 MEDIUM
ProjectsAndPrograms School Management System Profile Picture settings.php unrestricted upload
CVSS 6.3
CVE-2026-34735 HIGH
Hytale Modding Vulnerable to Remote Code Execution via File Upload Bypass in `FileController`
CVE-2026-2701 CRITICAL
RCE vulnerability in Progress ShareFile Storage Zones Controller (SZC)
CVSS 9.1
CVE-2026-1879 MEDIUM
Harvard University IQSS Dataverse Theme Customization ThemeAndWidgets.xhtml unrestricted upload
CVSS 6.3
CVE-2026-5261 HIGH
Shandong Hoteam InforCenter PLM BaseHandler.ashx uploadFileToIIS unrestricted upload
CVSS 7.3
CVE-2026-30280 MEDIUM
RAREPROB SOLUTIONS PRIVATE LIMITED Video player Play All Videos 1.0.135 - Arbitrary File Overwrite
CVSS 5.3
CVE-2026-5181 MEDIUM
SourceCodester Simple Doctors Appointment System ajax.php unrestricted upload
CVSS 6.3
CVE-2026-5001 HIGH
PromtEngineer localGPT server.py do_POST unrestricted upload
CVSS 7.3
CVE-2026-25099 HIGH
Remote Code Execution via Unrestricted File Upload in Bludit
CVSS 8.8
CVE-2026-33687 HIGH
Sharp has Unrestricted File Upload via Client-Controlled Validation Rules
CVSS 8.8
CVE-2026-4875 MEDIUM
itsourcecode Free Hotel Reservation System index.php unrestricted upload
CVSS 4.7
CVE-2026-4809 CRITICAL
Unsafe Client MIME Type Handling Can Enable Arbitrary File Upload in plank/laravel-mediable
CVSS 9.8
CVE-2026-4830 MEDIUM
kalcaddle kodbox Public Share userShare.class.php add privilege escalation
CVSS 5.6
CVE-2026-33809 MEDIUM
OOM from malicious IFD offset in golang.org/x/image/tiff
CVSS 5.3
CVE-2026-32536 CRITICAL
WordPress Green Downloads plugin <= 2.08 - Arbitrary File Upload vulnerability
CVSS 9.9
CVE-2026-32524 CRITICAL
WordPress Photo Engine plugin <= 6.4.9 - Arbitrary File Upload vulnerability
CVSS 9.1
CVE-2026-32523 CRITICAL
WordPress WPJAM Basic plugin <= 6.9.2 - Arbitrary File Upload vulnerability
CVSS 9.9
CVE-2026-32482 CRITICAL
WordPress Ona theme < 1.24 - Arbitrary File Upload vulnerability
CVSS 9.9
CVE-2026-25413 CRITICAL
WordPress WPBookit Pro plugin <= 1.6.18 - Arbitrary File Upload vulnerability
CVSS 9.9
CVE-2026-23636 MEDIUM
Kiteworks Secure Data Forms is vulnerable to an Unrestricted Upload of File with Dangerous Type
CVSS 5.5
CVE-2026-3533 HIGH
Jupiter X Core Plugin for WordPress <=4.14.1 - RCE
CVSS 8.8
Details
Vulnerabilities 4,101
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits