Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2015

2015 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-3797 Tiandy Video Surveillance System 视频监控平台 CLS_REST_File.java uploadFile unrestricted upload — Video Surveillance System 视频监控平台 6.3 Medium2026-03-09
CVE-2026-3749 Bytedesk SVG File UploadRestService.java handleFileUpload unrestricted upload — Bytedesk 6.3 Medium2026-03-08
CVE-2026-3748 Bytedesk SVG File UploadRestController.java uploadFile unrestricted upload — Bytedesk 6.3 Medium2026-03-08
CVE-2026-29186 @backstage/plugin-techdocs-node: TechDocs Mkdocs Configuration Key Enables Arbitrary Code Execution — backstage 7.7 High2026-03-07
CVE-2026-30821 Flowise: Arbitrary File Upload via MIME Spoofing — Flowise 9.8 -2026-03-07
CVE-2018-25171 EdTv 2 SQL Injection via id Parameter — EdTv 8.2 High2026-03-06
CVE-2018-25168 Precurio Intranet Portal 2.0 Cross-Site Request Forgery Add Admin — Precurio Intranet Portal 4.3 Medium2026-03-06
CVE-2018-25162 2-Plan Team 1.0.4 Arbitrary File Upload via managefile.php — Plan Team 6.5 Medium2026-03-06
CVE-2026-27605 Chartbrew: Stored Cross-Site Scripting (XSS) via File Upload API — chartbrew 6.3 Medium2026-03-06
CVE-2026-29041 Chamilo: Authenticated Remote Code Execution via Unrestricted File Upload — chamilo-lms 8.8 High2026-03-06
CVE-2026-28502 WWBN AVideo: Authenticated Remote Code Execution via Unsafe Plugin ZIP Extraction — AVideo 7.2 -2026-03-06
CVE-2026-21536 Microsoft Devices Pricing Program Remote Code Execution Vulnerability — Microsoft Devices Pricing Program 9.8 Critical2026-03-05
CVE-2026-3459 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.5 - Unauthenticated Arbitrary File Upload — Drag and Drop Multiple File Upload for Contact Form 7 8.1 High2026-03-05
CVE-2026-21628 Extension - astroidframe.work - Unauthenticated Remote Code Execution in Astroid Framework 2.0.0 - 3.3.10 for Joomla — Astroid Template Framework 9.8 -2026-03-05
CVE-2026-28133 WordPress Filr plugin <= 1.2.14 - Arbitrary File Upload vulnerability — Filr 8.1 -2026-03-05
CVE-2026-28114 WordPress WooCommerce License Manager plugin <= 7.0.6 - Arbitrary File Upload vulnerability — WooCommerce License Manager 9.8 -2026-03-05
CVE-2026-24960 WordPress Charety theme < 2.0.2 - Arbitrary File Upload vulnerability — Charety 8.8 -2026-03-05
CVE-2026-23802 WordPress AI Engine plugin <= 3.3.2 - Arbitrary File Upload vulnerability — AI Engine 8.3 -2026-03-05
CVE-2025-68554 WordPress Keenarch theme < 2.0.1 - Arbitrary File Upload vulnerability — Keenarch 8.3 -2026-03-05
CVE-2025-68555 WordPress Nutrie theme < 2.0.1 - Arbitrary File Upload vulnerability — Nutrie 9.8 -2026-03-05
CVE-2025-68553 WordPress Lendiz theme < 2.0.1 - Arbitrary File Upload vulnerability — Lendiz 9.8 -2026-03-05
CVE-2026-28289 FreeScout 1.8.206 Patch Bypass for CVE-2026-27636 via Zero-Width Space Character Leads to Remote Code Execution — freescout 10.0 Critical2026-03-03
CVE-2026-2269 Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 7.0.0.3 - Authenticated (Administrator+) Server-Side Request Forgery to Arbitrary File Upload — Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin 7.2 High2026-03-03
CVE-2025-14532 Remote Code Execution via Unrestricted File Upload in DobryCMS — DobryCMS 9.8AICriticalAI2026-03-02
CVE-2026-28270 Kiteworks Core has an Unrestricted Upload of File with Dangerous Type — security-advisories 4.9 Medium2026-02-27
CVE-2026-1565 User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.2.8 - Authenticated (Author+) Arbitrary File Upload — User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration 8.8 High2026-02-26
CVE-2026-3187 feiyuchuixue sz-boot-parent API Endpoint upload unrestricted upload — sz-boot-parent 6.3 Medium2026-02-25
CVE-2026-27636 FreeScout: Missing .htaccess in Restricted File Extensions Allows Remote Code Execution on Apache — freescout 8.8 High2026-02-25
CVE-2026-22766 Dell Wyse Management Suite WMS 代码问题漏洞 — Wyse Management Suite 7.2 High2026-02-24
CVE-2026-3025 ShuoRen Smart Heating Integrated Management Platform ExampleNodeService.asmx unrestricted upload — Smart Heating Integrated Management Platform 7.3 High2026-02-23

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2015 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.