CWE-434— Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.— MITRE CWE catalog
4,083 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-434page 80 of 82
- CVE-2026-39598HIGHCVSS 8.0EG 8.02026-06-17
Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server. This issue affects Academy LMS Pro: from n/a before 3.5.2.
- CVE-2026-40040HIGHCVSS 8.8EG 8.82026-04-13
Pachno 1.0.6 contains an unrestricted file upload vulnerability that allows authenticated users to upload arbitrary file types by bypassing ineffective extension filtering to the /uploadfile endpoint. Attackers can upload executable files …
- CVE-2026-40262HIGHCVSS 8.7EG 8.72026-04-17
Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset delivery handler serves uploaded files inline and relies on magic-byte detection for content type, which does not identify text-based formats such…
- CVE-2026-40412CRITICALCVSS 10.0EG 10.02026-05-26
Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network.
- CVE-2026-40484CRITICALCVSS 9.1EG 9.12026-04-18
ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the database backup restore functionality extracts uploaded archive contents and copies files from the Images/ directory into the web-accessible document roo…
- CVE-2026-40487HIGHCVSS 8.9EG 8.92026-04-18
Postiz is an AI social media scheduling tool. Prior to version 2.21.6, a file upload validation bypass allows any authenticated user to upload arbitrary HTML, SVG, or other executable file types to the server by spoofing the `Content-Type`…
- CVE-2026-40488HIGHCVSS 8.8EG 8.82026-04-20
Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the product cust…
- CVE-2026-40548MEDIUMCVSS 6.4EG 6.42026-06-01
SOPlanning does not verify uploaded file extension. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a legitimate user.csv file alongside a malicious file, which is extracted on …
- CVE-2026-40746CRITICALCVSS 9.9EG 9.92026-06-17
Subscriber Arbitrary File Upload in Restaurant Zone <= 0.7.8 versions.
- CVE-2026-40747CRITICALCVSS 9.9EG 9.92026-06-17
Subscriber Arbitrary File Upload in Ecommerce Zone <= 0.9.7 versions.
- CVE-2026-40748CRITICALCVSS 9.9EG 9.92026-06-17
Subscriber Arbitrary File Upload in Kids Gift Shop <= 0.5.4 versions.
- CVE-2026-40749CRITICALCVSS 9.9EG 9.92026-06-17
Subscriber Arbitrary File Upload in Charity Zone <= 1.1.1 versions.
- CVE-2026-40750CRITICALCVSS 9.9EG 9.92026-06-16
Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server. This issue affects Kids Online Store: from n/a through 0.8.9.
- CVE-2026-40772CRITICALCVSS 10.0EG 10.02026-06-15
Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions.
- CVE-2026-41269HIGHCVSS 7.1EG 7.12026-04-23
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the Chatflow configuration file upload settings can be modified to allow the application/javascript MIME type. This lets an attacker u…
- CVE-2026-41517NONECVSS 0.0EG 0.02026-05-08
Emlog is an open source website building system. Prior to version 2.6.11, insecure plugin upload functionality allows attackers to upload and execute arbitrary PHP code, leading to complete server compromise and persistent backdoor install…
- CVE-2026-41587HIGHCVSS 8.6EG 8.62026-05-07
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0.0 to before version 0.31.7.0, a theme upload feature allows any authenticated…
- CVE-2026-41937HIGHCVSS 7.2EG 7.22026-05-14
Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload endpoint that allows super_admin users to execute arbitrary PHP code by uploading a malicious plugin ZIP file. Attackers can craft a ZIP containin…
- CVE-2026-41938HIGHCVSS 8.8EG 8.82026-05-06
Vvveb before version 1.0.8.2 contains an unrestricted file upload vulnerability in the media upload handler that allows authenticated users with media-upload permissions to bypass extension restrictions by uploading a .htaccess file to map…
- CVE-2026-42145LOWCVSS 3.1EG 3.12026-07-07
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the file upload endpoint (app/Http/Controllers/UploadController.php) for database backup restore uploads did not e…
- CVE-2026-42538MEDIUMCVSS 6.3EG 6.32026-06-04
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing …
- CVE-2026-42748CRITICALCVSS 9.9EG 9.92026-05-27
Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through <= 5.4.1.
- CVE-2026-42844HIGHCVSS 8.8EG 8.82026-05-12
Grav is a file-based Web platform. In Grav 2.0.0-beta.2, a low-privileged authenticated API user with api.media.write can abuse /api/v1/blueprint-upload to write an arbitrary YAML file into user/accounts/, then log in as the newly created …
- CVE-2026-42879MEDIUMCVSS 6.3EG 6.32026-05-27
FacturaScripts is an open source accounting and invoicing software. In 2025.81 and earlier, an authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid creden…
- CVE-2026-43752MEDIUMCVSS 4.9EG 4.92026-07-09
An authenticated administrator may be able to achieve arbitrary code execution on the host system by uploading a malicious file through the Open Source LLM setup feature in the Admin Console. This vulnerability has been addressed in FileMa…
- CVE-2026-44088HIGHCVSS 8.6EG 8.62026-05-15
SzafirHost verifies the signature of the downloaded JAR file using class JarInputStream (reading from the beginning of the file), but loads classes using class JarFile/URLClassLoader (reading the Central Directory from the end). It can lea…
- CVE-2026-44566HIGHCVSS 7.3EG 7.32026-05-15
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, when attaching files to a promp, the name of the file is derived from the original HTTP upload request and is not validate…
- CVE-2026-45053CRITICALCVSS 9.1EG 9.12026-05-13
CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Arbitrary File Upload vulnerability exists in the REST API File Manager endpoint (POST /api/v1/files) of CubeCart. The endpoint allows any holder of an API key wi…
- CVE-2026-45089HIGHCVSS 8.2EG 8.22026-05-27
Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the output, output-all, and debug fields in model.Options are JSON-tagged and deserialized directl…
- CVE-2026-45315HIGHCVSS 8.7EG 8.72026-05-15
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CA…
- CVE-2026-45444CRITICALCVSS 10.0EG 10.02026-05-20
Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For WooCommerce Pro: from n/a through 4.2.6.
- CVE-2026-46392HIGHCVSS 8.7EG 8.72026-06-05
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the `.htacces…
- CVE-2026-46400HIGHCVSS 8.7EG 8.72026-06-05
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 11.0.6 and prior to version 25.0.0, the file upload functionality in HAXCMS PHP only validates file extensions using a regex pattern without checking …
- CVE-2026-46426HIGHCVSS 7.6EG 7.62026-05-19
Budibase is an open-source low-code platform. Prior to 3.38.2, the file upload endpoint POST /api/attachments/process does not enforce active-content restrictions for authenticated users. The checks for dangerous file extensions are condit…
- CVE-2026-46489HIGHCVSS 8.1EG 8.12026-06-11
SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepts any file type without validation. An authenticated administrator can upload an SVG file containing embedded JavaScript. Thi…
- CVE-2026-4808HIGHCVSS 7.2EG 7.22026-04-08
The Gerador de Certificados – DevApps plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the moveUploadedFile() function in all versions up to, and including, 1.3.6. This makes it possible…
- CVE-2026-4809CRITICALCVSS 9.8EG 9.82026-03-26
plank/laravel-mediable through version 6.4.0 can allow upload of a dangerous file type when an application using the package accepts or prefers a client-supplied MIME type during file upload handling. In that configuration, a remote attack…
- CVE-2026-48276CRITICALCVSS 10.0EG 10.02026-06-30
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue d…
- CVE-2026-48283CRITICALCVSS 10.0EG 10.02026-06-30
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue d…
- CVE-2026-48356CRITICALCVSS 9.6EG 9.62026-07-14
Adobe Commerce is affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicio…
- CVE-2026-4882CRITICALCVSS 9.8EG 9.82026-05-02
The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'URAF_AJAX::method_upload' function in all versions up to, and including, 1.6.20. This makes it p…
- CVE-2026-4883CRITICALCVSS 9.8EG 9.82026-05-19
The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetforms_ajax_form_builder' function in all versions up to, and including, 2.1.40. The plugin uses an incomplete …
- CVE-2026-4885CRITICALCVSS 9.8EG 9.82026-05-19
The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafe_ajax_form_builder' function in all versions up to, and including, 7.1.70. The plugin uses an …
- CVE-2026-48908CRITICALCVSS 10.0EG 9.8⚠ KEV2026-06-20
A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code.
- CVE-2026-48939CRITICALCVSS 10.0EG 10.0⚠ KEV2026-06-20
A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution.
- CVE-2026-48945MEDIUMCVSS 5.3EG 5.32026-06-25
The K2 article gallery upload path accepts a zip/tar archive, extracts it under `/media/k2/galleries/<id>/`, and only renames image files (gif/jpg/jpeg/png/webp) to safe names — non-image files (including `.php`) are extracted as-is and …
- CVE-2026-48946MEDIUMCVSS 6.3EG 6.32026-06-25
The K2 frontend article-attachment upload path accepts files whose extension is `.php`, and Apache's standard mod_php matches `\.php$` and executes them under the K2 web user. A K2 Author can upload a `shell.php`, then fetch `/media/k2/att…
- CVE-2026-49972HIGHCVSS 8.8EG 8.82026-07-13
Laravel-Mediable before 7.0.0 contains a file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading a file with an embedded PHP extension disguised within a double extension such as shell.…
- CVE-2026-50006CRITICALCVSS 9.1EG 9.12026-07-14
Anyquery: Arbitrary File Write (AFW) which could lead to Remote Code Execution (RCE) via Unrestricted ATTACH DATABASE in Server Mode ## Summary Anyquery's `server` mode does not disable or restrict native SQLite disk manipulation commands…
- CVE-2026-50873CRITICALCVSS 9.8EG 9.82026-06-15
An arbitrary file upload vulnerability in the attachment handling component of flatnotes v5.5.4 allows attackers to execute arbitrary code via uploading a crafted HTML or SVG file.
Map vulnerabilities like CWE-434 to your infrastructure
EchelonGraph correlates every CVE — across CWE-434 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →