Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2015

2015 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-7044 GreenCMS index.php themeadd unrestricted upload — GreenCMS 6.3 Medium2026-04-26
CVE-2026-7043 GreenCMS index.php pluginAddLocal unrestricted upload — GreenCMS 6.3 Medium2026-04-26
CVE-2026-5364 Drag and Drop File Upload for Contact Form 7 <= 1.1.3 - Unauthenticated Arbitrary File Upload via sanitize_file_name Bypass — Drag and Drop File Upload for Contact Form 7 8.1 High2026-04-24
CVE-2026-41269 Flowise: File Upload Validation Bypass in createAttachment — Flowise 7.1 High2026-04-23
CVE-2026-6885 BorG Technology Corporation|Borg SPM 2007 - Arbitrary File Upload — Borg SPM 2007 9.8 Critical2026-04-23
CVE-2026-3844 Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote — Breeze Cache 9.8 Critical2026-04-23
CVE-2025-36074 Security vulnerability has been detected in IBM Security Verify Directory — Security Verify Directory (Container) 5.5 Medium2026-04-22
CVE-2026-6835 aEnrich|a+HCM - Arbitrary File Upload — a+HCM 6.1 Medium2026-04-22
CVE-2019-25714 Seeyon Office Anywhere (OA) A8 Unauthenticated Arbitrary File Write via htmlofficeservlet — A8-V5 Collaborative Management Software 9.8AICriticalAI2026-04-21
CVE-2026-6249 Vvveb CMS 1.0.8 Remote Code Execution via Media Upload — Vvveb CMS 8.8 High2026-04-20
CVE-2026-6257 Vvveb CMS v1.0.8 Remote Code Execution via Media Management — Vvveb CMS 9.1 Critical2026-04-20
CVE-2026-40488 OpenMage LTS has Customer File Upload Extension Blocklist Bypass that Leads to Remote Code Execution — magento-lts 9.8AICriticalAI2026-04-20
CVE-2026-6650 Z-BlogPHP ZBA File app_upload.php UnPack unrestricted upload — Z-BlogPHP 4.7 Medium2026-04-20
CVE-2026-6602 rickxy Hospital Management System his_admin_account.php unrestricted upload — Hospital Management System 7.3 High2026-04-20
CVE-2026-6596 langflow-ai langflow API Endpoint endpoints.py create_upload_file unrestricted upload — langflow 7.3 High2026-04-20
CVE-2026-6561 EyouCMS Index.php edit_adminlogo unrestricted upload — EyouCMS 4.7 Medium2026-04-19
CVE-2026-6518 CMP – Coming Soon & Maintenance Plugin by NiteoThemes <= 4.1.16 - Missing Authorization to Authenticated (Administrator+) Arbitrary File Upload and Remote Code Execution — CMP – Coming Soon & Maintenance Plugin by NiteoThemes 8.8 High2026-04-18
CVE-2026-5718 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.6 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass — Drag and Drop Multiple File Upload for Contact Form 7 8.1 High2026-04-17
CVE-2026-6489 QueryMine sms Background Management addteacher.php unrestricted upload — sms 6.3 Medium2026-04-17
CVE-2026-1555 WebStack <= 1.2024 - Unauthenticated Arbitrary File Upload — WebStack 9.8 Critical2026-04-15
CVE-2026-40040 Pachno 1.0.6 Unrestricted File Upload Remote Code Execution — Pachno 8.8 High2026-04-13
CVE-2026-30804 Unrestricted File Upload in Extension Uploader leads to Remote Code Execution — Pandora FMS 9.8 -2026-04-13
CVE-2018-25258 RGui 3.5.0 Local Buffer Overflow SEH DEP Bypass — RGui 8.4 High2026-04-12
CVE-2026-33704 Chamilo LMS Affected by Authenticated Arbitrary File Write via BigUpload endpoint — chamilo-lms 7.1 High2026-04-10
CVE-2026-32931 Chamilo LMS has Arbitrary File Upload via MIME-Only Validation in Exercise Sound Upload Leads to RCE — chamilo-lms 7.5 High2026-04-10
CVE-2026-2942 ProSolution WP Client <= 1.9.9 - Unauthenticated Arbitrary File Upload via proSol_fileUploadProcess — ProSolution WP Client 9.8 Critical2026-04-08
CVE-2026-4808 Gerador de Certificados – DevApps <= 1.3.6 - Authenticated (Administrator+) Arbitrary File Upload — Gerador de Certificados – DevApps 7.2 High2026-04-08
CVE-2026-3535 DSGVO Google Web Fonts GDPR <= 1.1 - Unauthenticated Arbitrary File Upload via 'fonturl' Parameter — DSGVO Google Web Fonts GDPR 9.8 Critical2026-04-08
CVE-2026-33273 ICZ MATCHA INVOICE 代码问题漏洞 — MATCHA INVOICE 8.8AIHighAI2026-04-08
CVE-2026-0740 Ninja Forms - File Upload <= 3.3.26 - Unauthenticated Arbitrary File Upload — Ninja Forms - File Uploads 9.8 Critical2026-04-07

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2015 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.