Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2016

2016 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-20098 Cisco Meeting Management Arbitrary File Upload Vulnerability — Cisco Meeting Management 8.8 High2026-02-04
CVE-2026-23704 Movable Type 代码问题漏洞 — Movable Type (Software Edition) 5.4AIMediumAI2026-02-04
CVE-2026-1756 WP FOFT Loader <= 2.1.39 - Authenticated (Author+) Arbitrary File Upload — WP FOFT Loader 8.8 High2026-02-04
CVE-2026-1791 Arbitrary File Upload Vulnerability in Operation and Maintenance Security Gateway — Operation and Maintenance Security Gateway 2.7 Low2026-02-04
CVE-2026-1813 bolo-blog bolo-solo FreeMarker Template PicUploadProcessor.java unrestricted upload — bolo-solo 6.3 Medium2026-02-03
CVE-2020-37084 School ERP Pro 1.0 Admin Profile Photo Upload Remote Code Execution Vulnerability — School ERP Pro 7.2AIHighAI2026-02-03
CVE-2020-37090 School ERP Pro 1.0 - Remote Code Execution — School ERP Pro 9.8 Critical2026-02-03
CVE-2020-37073 Victor CMS 1.0 - Authenticated Arbitrary File Upload — CMSsite 8.8 High2026-02-03
CVE-2026-25510 CI4MS Vulnerable to Remote Code Execution (RCE) via Arbitrary File Creation and Save in File Editor — ci4ms 10.0 Critical2026-02-03
CVE-2026-24673 Open eClass Has File Upload Filter Bypass via ZIP Archive Extraction — openeclass 4.3 Medium2026-02-03
CVE-2020-37113 GUnet OpenEclass 1.7.3 E-learning platform - File Upload Extension Bypass — GUnet OpenEclass 8.8 High2026-02-03
CVE-2026-1730 OS DataHub Maps <= 1.8.3 - Authenticated (Author+) Arbitrary File Upload — OS DataHub Maps 8.8 High2026-02-03
CVE-2026-1065 Form Maker by 10Web <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via SVG file — Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder 7.2 High2026-02-03
CVE-2026-25201 SAMSUNG MagicINFO 9 Server 安全漏洞 — MagicINFO 9 Server 8.8 High2026-02-02
CVE-2026-25200 SAMSUNG MagicINFO 9 Server 安全漏洞 — MagicINFO 9 Server 9.8 Critical2026-02-02
CVE-2026-1742 EFM ipTIME A8004T VPN Service timepro.cgi commit_vpncli_file_upload unrestricted upload — ipTIME A8004T 4.7 Medium2026-02-02
CVE-2020-37023 Koken CMS 0.22.24 - Arbitrary File Upload — Koken CMS 8.8 High2026-01-30
CVE-2026-24729 Interinfo DreamMaker - Unrestricted Upload of File with Dangerous Type — DreamMaker 9.8AICriticalAI2026-01-30
CVE-2020-37009 MedDream PACS Server 6.8.3.751 - Remote Code Execution — MedDream PACS Server 8.8 High2026-01-29
CVE-2025-57795 Unauthenticated Remote File Download in Explorance Blue — Blue 8.8AIHighAI2026-01-28
CVE-2020-36973 PDW File Browser 1.3 - Remote Code Execution — PDW File Browser 6.5 Medium2026-01-28
CVE-2025-57794 Unrestricted File Upload Vulnerability in Explorance Blue — Blue 7.2AIHighAI2026-01-28
CVE-2026-1400 AI Engine <= 3.3.2 - Authenticated (Editor+) Arbitrary File Upload via 'filename' Parameter in update_media_metadata Endpoint — AI Engine – The Chatbot, AI Framework & MCP for WordPress 7.2 High2026-01-28
CVE-2020-36942 Victor CMS 1.0 - File Upload To RCE — CMSsite 8.8 High2026-01-27
CVE-2026-24815 A XStream Security Vulnerability in XML Deserialization in datavane/tis — tis 9.8AICriticalAI2026-01-27
CVE-2026-1445 iJason-Liu Books_Manager upload_bookCover.php unrestricted upload — Books_Manager 4.7 Medium2026-01-26
CVE-2026-1424 PHPGurukul News Portal Profile Pic unrestricted upload — News Portal 4.7 Medium2026-01-26
CVE-2026-1423 code-projects Online Examination System admin_pic.php unrestricted upload — Online Examination System 6.3 Medium2026-01-26
CVE-2026-0911 Hustle <= 7.8.9.2 - Authenticated (Subscriber+) Arbitrary File Upoload via Module Import — Hustle – Email Marketing, Lead Generation, Optins, Popups 7.5 High2026-01-24
CVE-2025-13374 Kalrav AI Agent <= 2.3.3 - Unauthenticated Arbitrary File Upload via kalrav_upload_file AJAX Action — Kalrav AI Agent 9.8 Critical2026-01-24

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2016 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.