Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2016

2016 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2021-47904 PhreeBooks 5.2.3 - Remote Code Execution — PhreeBooks 8.8 High2026-01-23
CVE-2021-47899 YetiShare File Hosting Script 5.1.0 Remote File Upload SSRF Vulnerability — YetiShare File Hosting Script 4.0 Medium2026-01-23
CVE-2021-47888 Textpattern 4.8.3 - Remote code execution — Textpattern 8.8 High2026-01-23
CVE-2025-69312 WordPress Xpro Elementor Addons plugin <= 1.4.19.1 - Arbitrary File Upload vulnerability — Xpro Elementor Addons 8.8AIHighAI2026-01-22
CVE-2025-68910 WordPress Blogzee theme <= 1.0.5 - Arbitrary File Upload vulnerability — Blogzee 8.8AIHighAI2026-01-22
CVE-2025-68986 WordPress Miion theme <= 1.2.7 - Arbitrary File Upload vulnerability — Miion 9.8AICriticalAI2026-01-22
CVE-2025-68909 WordPress Blogistic theme <= 1.0.5 - Arbitrary File Upload vulnerability — Blogistic 8.8AIHighAI2026-01-22
CVE-2025-68001 WordPress g-FFL Checkout plugin <= 2.1.0 - Arbitrary File Upload vulnerability — g-FFL Checkout 10.0 Critical2026-01-22
CVE-2025-67968 WordPress Real Homes CRM plugin <= 1.0.0 - Arbitrary File Upload vulnerability — Real Homes CRM 8.8AIHighAI2026-01-22
CVE-2025-62056 WordPress News Event theme <= 1.0.1 - Arbitrary File Upload vulnerability — News Event 9.8AICriticalAI2026-01-22
CVE-2025-62050 WordPress Blogmatic theme <= 1.0.3 - Arbitrary File Upload vulnerability — Blogmatic 9.8AICriticalAI2026-01-22
CVE-2025-50002 WordPress Energia theme <= 1.1.2 - Arbitrary File Upload vulnerability — Energia 10.0 Critical2026-01-22
CVE-2025-10856 Arbitrary File Upload in Solvera Software's Teknoera — Teknoera 8.1 High2026-01-22
CVE-2026-1331 AMASTAR Technology|MeetingHub - Arbitrary File Upload — MeetingHub 9.8 Critical2026-01-22
CVE-2026-24034 Horilla has File Upload XSS — horilla 5.4 Medium2026-01-22
CVE-2025-33015 Multiple Vulnerabilities in IBM Concert Software — Concert 8.8 High2026-01-20
CVE-2026-1222 BROWAN COMMUNICATIONS |PrismX MX100 AP controller - Arbitrary File Upload — PrismX MX100 AP controller 7.2 High2026-01-20
CVE-2025-55251 HCL AION is affected by an Unrestricted File Upload vulnerability — AION 3.1 Low2026-01-19
CVE-2026-1152 technical-laohu mpay QR Code Image unrestricted upload — mpay 4.7 Medium2026-01-19
CVE-2026-1126 lwj flow SVG File FormResource.java uploadFile unrestricted upload — flow 6.3 Medium2026-01-18
CVE-2026-1107 EyouCMS Member Avatar Diyajax.php check_userinfo unrestricted upload — EyouCMS 6.3 Medium2026-01-18
CVE-2026-1061 xiweicheng TMS FileController.java upload unrestricted upload — TMS 6.3 Medium2026-01-17
CVE-2025-14632 Filr – Secure document library <= 1.2.11 - Authenticated (Administrator+) Stored Cross-Site Scripting via HTML Upload — Filr – Secure document library 4.4 Medium2026-01-17
CVE-2012-10064 Omni Secure Files < 0.1.14 Unauthenticated Arbitrary File Upload — Omni Secure Files 9.8 -2026-01-16
CVE-2026-21625 Extension - stackideas.com - Lack of mime type validation in EasyDiscuss component 1.0.0-5.0.15 for Joomla — EasyDiscuss extension for Joomla 9.1 -2026-01-16
CVE-2025-12957 All-in-One Video Gallery <= 4.5.7 - Authenticated (Author+) Arbitrary File Upload via VTT Upload Bypass — All-in-One Video Gallery 8.8 High2026-01-16
CVE-2026-1021 Gotac|Police Statistics Database System - Arbitrary File Upload — Police Statistics Database System 9.8 Critical2026-01-16
CVE-2021-47788 WebsiteBaker 2.13.0 - Remote Code Execution (RCE) (Authenticated) — WebsiteBaker 8.8 High2026-01-15
CVE-2021-47783 Phpwcms 1.9.30 - Arbitrary File Upload — Phpwcms 5.4 Medium2026-01-15
CVE-2011-10041 Uploadify <= 1.0 Unauthenticated Arbitrary File Upload — Uploadify 9.8AICriticalAI2026-01-15

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2016 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.