CWE-434 · Unrestricted Upload of File with Dangerous Type
4139 CVEs classified under CWE-434 (Unrestricted Upload of File with Dangerous Type). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-48283 | Critical | 10.0 | 2026-06-30 | ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary… |
CVE-2026-48276 | Critical | 10.0 | 2026-06-30 | ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary… |
CVE-2026-57700 | Critical | 10.0 | 2026-06-25 | Unrestricted Upload of File with Dangerous Type vulnerability in Daan.Dev OMGF Pro allows Using Malicious Files. This issue affects OMGF Pro: from n/a through… |
CVE-2025-69129 | Critical | 10.0 | 2026-06-17 | Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7 versions. |
CVE-2026-40772 | Critical | 10.0 | 2026-06-15 | Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions. |
CVE-2026-40412 | Critical | 10.0 | 2026-05-22 | Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network. |
CVE-2026-45444 | Critical | 10.0 | 2026-05-20 | Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gif… |
CVE-2026-28289 | Critical | 10.0 | 2026-03-03 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. A patch bypass vulnerability for CVE-2026-27636 in FreeScout 1.8.206 and ear… |
CVE-2026-24897 | Critical | 10.0 | 2026-01-28 | Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any sp… |
CVE-2025-69828 | Critical | 10.0 | 2026-01-22 | File Upload vulnerability in TMS Global Software TMS Management Console v.6.3.7.27386.20250818 allows a remote attacker to execute arbitrary code via the Logo… |
CVE-2025-68001 | Critical | 10.0 | 2026-01-22 | Unrestricted Upload of File with Dangerous Type vulnerability in garidium g-FFL Checkout g-ffl-checkout allows Upload a Web Shell to a Web Server.This issue af… |
CVE-2025-50002 | Critical | 10.0 | 2026-01-22 | Unrestricted Upload of File with Dangerous Type vulnerability in Farost Energia energia allows Upload a Web Shell to a Web Server.This issue affects Energia: f… |
CVE-2025-52691 | Critical | 10.0 | 2025-12-29 | Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially… |
CVE-2025-67288 | Critical | 10.0 | 2025-12-22 | An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code by uploading a crafted PDF file. NOTE: this is dispute… |
CVE-2025-6327 | Critical | 10.0 | 2025-11-06 | Unrestricted Upload of File with Dangerous Type vulnerability in KingAddons.com King Addons for Elementor king-addons allows Upload a Web Shell to a Web Server… |
CVE-2025-60235 | Critical | 10.0 | 2025-11-06 | Unrestricted Upload of File with Dangerous Type vulnerability in Plugify Support Ticket System for WooCommerce (Premium) support-ticket-system-for-woocommerce… |
CVE-2025-60207 | Critical | 10.0 | 2025-11-06 | Unrestricted Upload of File with Dangerous Type vulnerability in Addify Custom User Registration Fields for WooCommerce user-registration-plugin-for-woocommerc… |
CVE-2025-53283 | Critical | 10.0 | 2025-11-06 | Unrestricted Upload of File with Dangerous Type vulnerability in borisolhor Drop Uploader for CF7 - Drag&Drop File Uploader Addon drop-uploader-for-contact-for… |
CVE-2025-64095 | Critical | 10.0 | 2025-10-28 | DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider… |
CVE-2025-58963 | Critical | 10.0 | 2025-10-22 | Unrestricted Upload of File with Dangerous Type vulnerability in 7oroof Medcity medcity allows Upload a Web Shell to a Web Server.This issue affects Medcity: f… |