Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2015

2015 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-2979 FastApiAdmin Scheduled Task API controller.py user_avatar_upload_controller unrestricted upload — FastApiAdmin 6.3 Medium2026-02-23
CVE-2026-2978 FastApiAdmin Scheduled Task API controller.py upload_file_controller unrestricted upload — FastApiAdmin 6.3 Medium2026-02-23
CVE-2026-2977 FastApiAdmin Scheduled Task API controller.py upload_controller unrestricted upload — FastApiAdmin 6.3 Medium2026-02-23
CVE-2018-25158 Chamilo LMS 1.11.8 Arbitrary File Upload via elfinder — Chamillo LMS 8.8 High2026-02-20
CVE-2025-69403 WordPress Bravis Addons plugin <= 1.3.0 - Arbitrary File Upload vulnerability — Bravis Addons 8.8AIHighAI2026-02-20
CVE-2025-68549 WordPress Wiguard theme < 2.0.1 - Arbitrary File Upload vulnerability — Wiguard 9.8AICriticalAI2026-02-20
CVE-2026-1405 Slider Future <= 1.0.5 - Unauthenticated Arbitrary File Upload — Slider Future 9.8 Critical2026-02-19
CVE-2025-12500 Checkout Field Manager (Checkout Manager) for WooCommerce <= 7.8.1 - Unauthenticated Limited File Upload — Checkout Field Manager (Checkout Manager) for WooCommerce 5.3 Medium2026-02-19
CVE-2026-2684 Tsinghua Unigroup Electronic Archives System uploadFile.html unrestricted upload — Electronic Archives System 7.3 High2026-02-18
CVE-2026-2666 mingSoft MCMS Template Archive uploadTemplate.do unrestricted upload — MCMS 4.7 Medium2026-02-18
CVE-2026-2665 huanzi-qch base-admin JSP Parser SysFileController.java upload unrestricted upload — base-admin 6.3 Medium2026-02-18
CVE-2025-13689 DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment — DataStage on Cloud Pak 8.8 High2026-02-17
CVE-2025-36183 Privileged User File Upload Vulnerability Leading to Limited Server-Side Execution affects watsonx.data — watsonx.data 3.8 Low2026-02-17
CVE-2026-2550 EFM iptime A6004MX timepro.cgi commit_vpncli_file_upload unrestricted upload — iptime A6004MX 9.8 Critical2026-02-16
CVE-2026-1306 midi-Synth <= 1.1.0 - Unauthenticated Arbitrary File Upload via 'export' AJAX Action — midi-Synth 9.8 Critical2026-02-14
CVE-2026-1358 Airleader Master Unrestricted Upload of File with Dangerous Type — Airleader Master 9.8 Critical2026-02-12
CVE-2025-14014 Insecure File Upload in NTN Informatics' Smart Panel — Smart Panel 9.8 Critical2026-02-12
CVE-2026-1357 Migration, Backup, Staging <= 0.9.123 - Unauthenticated Arbitrary File Upload — WPvivid — Backup, Migration & Staging 9.8 Critical2026-02-11
CVE-2026-2097 Flowring|Agentflow - Arbitrary File Upload — Agentflow 8.8 High2026-02-10
CVE-2026-25923 Phar Deserialization leading to Arbitrary File Deletion in my little forum — mylittleforum 9.8AICriticalAI2026-02-09
CVE-2025-10465 Unrestricted File Upload in Birtech Information Technologies' Sensaway — Sensaway 8.8 High2026-02-09
CVE-2026-2226 DouPHP ZIP File file.php unrestricted upload — DouPHP 4.7 Medium2026-02-09
CVE-2026-2213 code-projects Online Music Site AdminAddAlbum.php unrestricted upload — Online Music Site 4.7 Medium2026-02-09
CVE-2026-2183 Great Developers Certificate Generation System csv.php unrestricted upload — Certificate Generation System 6.3 Medium2026-02-08
CVE-2026-2164 detronetdip E-commerce addadhar.php unrestricted upload — E-commerce 7.3 High2026-02-08
CVE-2026-2146 guchengwuyue yshopmall co.yixiang.utils.FileUtil updateAvatar unrestricted upload — yshopmall 6.3 Medium2026-02-08
CVE-2026-2133 code-projects Online Music Site AdminUpdateCategory.php unrestricted upload — Online Music Site 7.3 High2026-02-08
CVE-2020-37117 jizhiCMS 1.6.7 - Arbitrary File Download — jizhiCMS 8.8 High2026-02-05
CVE-2026-25056 n8n Arbitrary File Write leading to RCE in n8n Merge Node — n8n 8.8AIHighAI2026-02-04
CVE-2026-20098 Cisco Meeting Management Arbitrary File Upload Vulnerability — Cisco Meeting Management 8.8 High2026-02-04

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2015 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.