CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,102 vulnerabilities with CWE-434
CVE-2026-27636 HIGH
FreeScout < 1.8.206 - Authenticated Remote Code Execution via .htaccess Upload
CVSS 8.8
CVE-2026-22766 HIGH
Dell Wyse Management Suite <5.5 - RCE
CVSS 7.2
CVE-2026-3025 HIGH
ShuoRen Smart Heating 1.0.0 - Unrestricted Upload
CVSS 7.3
CVE-2026-25648 HIGH
Traccar >= 6.11.1 - Authenticated Stored Cross-Site Scripting via SVG Device Image Upload
CVSS 8.7
CVE-2026-2979 MEDIUM
FastApiAdmin <2.2.0 - Unrestricted Upload
CVSS 6.3
CVE-2026-2978 MEDIUM
FastApiAdmin <=2.2.0 - Unrestricted Upload
CVSS 6.3
CVE-2026-2977 MEDIUM
FastApiAdmin <2.2.0 - Unrestricted Upload
CVSS 6.3
CVE-2026-2976 MEDIUM
FastApiAdmin <2.2.0 - Info Disclosure
CVSS 4.3
CVE-2026-27146 MEDIUM
GetSimple CMS < 3.3.22 - Authenticated Arbitrary File Upload via CSRF
CVSS 4.5
CVE-2026-26746 HIGH
OpenSourcePOS 3.4.1 - Local File Inclusion and Remote Code Execution via Invoice Type Manipulation
CVSS 8.8
CVE-2026-26975 HIGH
Music Assistant Server < 2.7.0 - Unauthenticated Remote Code Execution via Playlist Update API
CVSS 8.8
CVE-2026-1405 CRITICAL
Slider Future <= 1.0.5 - Unauthenticated Arbitrary File Upload via slider_future_handle_image_upload
CVSS 9.8
CVE-2026-2684 HIGH
Tsinghua Unigroup EA <=3.2.210802 - Unrestricted Upload
CVSS 7.3
CVE-2026-2666 MEDIUM
mingSoft MCMS 6.1.1 - Unrestricted Upload
CVSS 4.7
CVE-2026-2665 MEDIUM
huanzi-qch base-admin - Unrestricted Upload
CVSS 6.3
CVE-2026-2550 CRITICAL
EFM iptime A6004MX 14.18.2 - Unrestricted Upload
CVSS 9.8
CVE-2026-1306 CRITICAL
Midi-Synth <1.1.0 - Unauthenticated RCE
CVSS 9.8
CVE-2026-1358 CRITICAL
Airleader Master < 6.381 - Unauthenticated Remote Code Execution via Unrestricted File Upload
CVSS 9.8
CVE-2026-1458 MEDIUM
GitLab 8.0-18.6.5, 18.7-18.7.3, 18.8-18.8.3 - Unauthenticated Denial of Service via Malicious File Upload
CVSS 6.5
CVE-2026-1357 CRITICAL
WPvivid Backup & Migration <0.9.123 - Unauthenticated RCE
CVSS 9.8
CVE-2026-2097 HIGH
Flowring Agentflow - Authenticated Web Shell Upload Code Execution
CVSS 8.8
CVE-2026-25923 CRITICAL
my little forum <20260208.1 - Code Injection
CVSS 9.1
CVE-2026-2226 MEDIUM
DouPHP < 1.9 - Unrestricted File Upload via ZIP File Handler
CVSS 4.7
CVE-2026-2213 MEDIUM
Online Music Site 1.0 - Unrestricted File Upload via AdminAddAlbum.php txtimage Argument
CVSS 4.7
CVE-2026-2183 MEDIUM
Great Developers Certificate Generation System <97171bb0e5e22e52eac...
CVSS 6.3
Details
Vulnerabilities 4,102
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits