CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,102 vulnerabilities with CWE-434
CVE-2026-3797 MEDIUM
Tiandy Video Surveillance System 7.17.0 - Unrestricted Upload
CVSS 6.3
CVE-2026-3749 MEDIUM
Bytedesk <=1.3.9 - Unrestricted Upload
CVSS 6.3
CVE-2026-3748 MEDIUM
Bytedesk <=1.3.9 - Unrestricted Upload
CVSS 6.3
CVE-2026-29186 HIGH
Backstage plugin-techdocs-node < 1.14.3 - Arbitrary Code Execution via MkDocs Configuration Bypass
CVSS 7.7
CVE-2026-30821 CRITICAL
Flowise < 3.0.13 - Unauthenticated Unrestricted Upload of File with Dangerous Type via Spoofed Content-Type
CVSS 9.8
CVE-2026-28800 MEDIUM
Natro Macro <1.1.0 - Unauthenticated RCE
CVSS 6.4
CVE-2026-27605 MEDIUM
Chartbrew < 4.8.4 - Unauthenticated Arbitrary File Upload and Stored Cross-Site Scripting via Project Logo Upload
CVSS 6.3
CVE-2026-29041 HIGH
Chamilo <1.11.34 - Authenticated RCE
CVSS 8.8
CVE-2026-28502 HIGH
WWBN AVideo <24.0 - Authenticated RCE
CVSS 8.8
CVE-2026-21536 CRITICAL
Microsoft Devices Pricing Program - RCE
CVSS 9.8
CVE-2026-3459 HIGH
Drag and Drop Multiple File Upload - Contact Form 7 <=1.3.7.3 - RCE
CVSS 8.1
CVE-2026-21628 CRITICAL
File Management Feature - Unauthenticated RCE
CVSS 9.8
CVE-2026-2743 CRITICAL
SeppMail <=15.0.2.1 - Path Traversal to RCE
CVSS 9.8
CVE-2026-28133 HIGH
WP Chill Filr <=1.2.12 - File Upload
CVSS 8.5
CVE-2026-28114 CRITICAL
WooCommerce License Manager <=7.0.6 - RCE
CVSS 9.1
CVE-2026-24960 CRITICAL
Charety <2.0.2 - Unrestricted File Upload
CVSS 9.9
CVE-2026-23802 CRITICAL
Jordy Meow AI Engine <=3.3.2 - File Upload
CVSS 9.1
CVE-2026-28289 CRITICAL
FreeScout <=1.8.206 - Authenticated RCE
CVSS 10.0
CVE-2026-2269 HIGH
Uncanny Automator Plugin <7.0.0.3 - SSRF
CVSS 7.2
CVE-2026-28270 MEDIUM
Kiteworks <9.2.0 - Arbitrary File Upload
CVSS 4.9
CVE-2026-27947 HIGH
Group-Office <26.0.9 - Authenticated RCE
CVSS 8.8
CVE-2026-28274 HIGH
Initiative < 0.32.4 - Stored Cross-Site Scripting via HTML Document Upload
CVSS 8.7
CVE-2026-1565 HIGH
User Frontend WordPress Plugin <=4.2.8 - File Upload
CVSS 8.8
CVE-2026-26984 HIGH
LORIS <28.0.0 - Path Traversal to RCE
CVSS 8.8
CVE-2026-3187 MEDIUM
feiyuchuixue sz-boot-parent <=1.3.2-beta - Unrestricted Upload
CVSS 6.3
Details
Vulnerabilities 4,102
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits