8 vulnerabilities classified as CWE-646 (依赖于外部提供文件的文件名或扩展名). AI Chinese analysis included.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-30662 | Zoom Workplace VDI Plugin macOS Universal Installer - Symlink Following — Zoom Workplace VDI Plugin macOS Universal installer | 6.6 | Medium | 2025-11-13 |
| CVE-2025-41720 | Sauter: Arbitrary File Upload — modulo 6 devices modu680-AS | 4.3 | Medium | 2025-10-22 |
| CVE-2025-58449 | Maho Vulnerable to Authenticated Remote Code Execution via File Upload — maho | 7.2AI | HighAI | 2025-09-08 |
| CVE-2025-1889 | picklescan - Security scanning bypass via non-standard file extensions — picklescan | 7.5 | - | 2025-03-03 |
| CVE-2024-52052 | Stream Target Remote Code Execution in Wowza Streaming Engine — Streaming Engine | 7.2AI | HighAI | 2024-11-21 |
| CVE-2024-38432 | Matrix – Tafnit v8 CWE-646: Reliance on File Name or Extension of Externally-Supplied File — Tafnit v8 | 5.5 | Medium | 2024-07-30 |
| CVE-2023-45599 | AiLux imx6 安全漏洞 — imx6 bundle | 5.5 | Medium | 2024-03-05 |
| CVE-2021-34639 | WordPress Download Manager <= 3.1.24 Authenticated Arbitrary File Upload — WordPress Download Manager | 7.5 | High | 2021-08-05 |
Vulnerabilities classified as CWE-646 (依赖于外部提供文件的文件名或扩展名) represent 8 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.