CWE-434 · Unrestricted Upload of File with Dangerous Type

4139 CVEs classified under CWE-434 (Unrestricted Upload of File with Dangerous Type). Browse by severity and year.

Top CVEs for CWE-434
CVESeverityScorePublishedSummary
CVE-2026-48283Critical10.02026-06-30ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary…
CVE-2026-48276Critical10.02026-06-30ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary…
CVE-2026-57700Critical10.02026-06-25Unrestricted Upload of File with Dangerous Type vulnerability in Daan.Dev OMGF Pro allows Using Malicious Files. This issue affects OMGF Pro: from n/a through…
CVE-2025-69129Critical10.02026-06-17Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7 versions.
CVE-2026-40772Critical10.02026-06-15Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions.
CVE-2026-40412Critical10.02026-05-22Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network.
CVE-2026-45444Critical10.02026-05-20Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gif…
CVE-2026-28289Critical10.02026-03-03FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. A patch bypass vulnerability for CVE-2026-27636 in FreeScout 1.8.206 and ear…
CVE-2026-24897Critical10.02026-01-28Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any sp…
CVE-2025-69828Critical10.02026-01-22File Upload vulnerability in TMS Global Software TMS Management Console v.6.3.7.27386.20250818 allows a remote attacker to execute arbitrary code via the Logo…
CVE-2025-68001Critical10.02026-01-22Unrestricted Upload of File with Dangerous Type vulnerability in garidium g-FFL Checkout g-ffl-checkout allows Upload a Web Shell to a Web Server.This issue af…
CVE-2025-50002Critical10.02026-01-22Unrestricted Upload of File with Dangerous Type vulnerability in Farost Energia energia allows Upload a Web Shell to a Web Server.This issue affects Energia: f…
CVE-2025-52691Critical10.02025-12-29Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially…
CVE-2025-67288Critical10.02025-12-22An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code by uploading a crafted PDF file. NOTE: this is dispute…
CVE-2025-6327Critical10.02025-11-06Unrestricted Upload of File with Dangerous Type vulnerability in KingAddons.com King Addons for Elementor king-addons allows Upload a Web Shell to a Web Server…
CVE-2025-60235Critical10.02025-11-06Unrestricted Upload of File with Dangerous Type vulnerability in Plugify Support Ticket System for WooCommerce (Premium) support-ticket-system-for-woocommerce…
CVE-2025-60207Critical10.02025-11-06Unrestricted Upload of File with Dangerous Type vulnerability in Addify Custom User Registration Fields for WooCommerce user-registration-plugin-for-woocommerc…
CVE-2025-53283Critical10.02025-11-06Unrestricted Upload of File with Dangerous Type vulnerability in borisolhor Drop Uploader for CF7 - Drag&Drop File Uploader Addon drop-uploader-for-contact-for…
CVE-2025-64095Critical10.02025-10-28DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider…
CVE-2025-58963Critical10.02025-10-22Unrestricted Upload of File with Dangerous Type vulnerability in 7oroof Medcity medcity allows Upload a Web Shell to a Web Server.This issue affects Medcity: f…