CWE-434: Unrestricted Upload of File with Dangerous Type — known CVE vulnerabilities
CVEs classified under CWE-434 (Unrestricted Upload of File with Dangerous Type), ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2026-48283 — CVSS 10.0 (critical): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could…
CVE-2026-48276 — CVSS 10.0 (critical): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could…
CVE-2026-57700 — CVSS 10.0 (critical): Unrestricted Upload of File with Dangerous Type vulnerability in Daan.Dev OMGF Pro allows Using Malicious Files. This issue affects OMGF…
CVE-2025-69129 — CVSS 10.0 (critical): Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7 versions.
CVE-2026-40412 — CVSS 10.0 (critical): Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network.
CVE-2026-45444 — CVSS 10.0 (critical): Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files…
CVE-2026-28289 — CVSS 10.0 (critical): FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. A patch bypass vulnerability for CVE-2026-27636 in…
CVE-2026-24729: An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions before…
CVE-2026-24897 — CVSS 10.0 (critical): Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload…
CVE-2026-24815: Unrestricted Upload of File with Dangerous Type, Deserialization of Untrusted Data vulnerability in datavane tis (tis-plugin/src/main/java/c…
CVE-2025-69828 — CVSS 10.0 (critical): File Upload vulnerability in TMS Global Software TMS Management Console v.6.3.7.27386.20250818 allows a remote attacker to execute…
CVE-2025-68001 — CVSS 10.0 (critical): Unrestricted Upload of File with Dangerous Type vulnerability in garidium g-FFL Checkout g-ffl-checkout allows Upload a Web Shell to a Web…
CVE-2025-50002 — CVSS 10.0 (critical): Unrestricted Upload of File with Dangerous Type vulnerability in Farost Energia energia allows Upload a Web Shell to a Web Server.This…
CVE-2025-67288 — CVSS 10.0 (critical): An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code by uploading a crafted PDF file…
CVE-2025-6327 — CVSS 10.0 (critical): Unrestricted Upload of File with Dangerous Type vulnerability in KingAddons.com King Addons for Elementor king-addons allows Upload a Web…
CVE-2025-60235 — CVSS 10.0 (critical): Unrestricted Upload of File with Dangerous Type vulnerability in Plugify Support Ticket System for WooCommerce (Premium)…
CVE-2025-60207 — CVSS 10.0 (critical): Unrestricted Upload of File with Dangerous Type vulnerability in Addify Custom User Registration Fields for WooCommerce…
CVE-2025-53283 — CVSS 10.0 (critical): Unrestricted Upload of File with Dangerous Type vulnerability in borisolhor Drop Uploader for CF7 - Drag&Drop File Uploader Addon…
CVE-2025-64095 — CVSS 10.0 (critical): DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the default…
CVE-2025-58963 — CVSS 10.0 (critical): Unrestricted Upload of File with Dangerous Type vulnerability in 7oroof Medcity medcity allows Upload a Web Shell to a Web Server.This…
CVE-2025-49060 — CVSS 10.0 (critical): Unrestricted Upload of File with Dangerous Type vulnerability in CMSSuperHeroes Wastia wastia allows Upload a Web Shell to a Web…
CVE-2025-48106 — CVSS 10.0 (critical): Unrestricted Upload of File with Dangerous Type vulnerability in CMSSuperHeroes Clanora clanora allows Using Malicious Files.This issue…
CVE-2025-60219 — CVSS 10.0 (critical): Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme WooCommerce Designer Pro wc-designer-pro allows Upload a Web…
CVE-2025-9846 — CVSS 10.0 (critical): Unrestricted Upload of File with Dangerous Type vulnerability in TalentSys Consulting Information Technology Industry Inc. Inka.Net allows…
CVE-2025-49387 — CVSS 10.0 (critical): Unrestricted Upload of File with Dangerous Type vulnerability in add-ons.org Drag and Drop File Upload for Elementor Forms…
CVE-2025-34163: Dongsheng Logistics Software exposes an unauthenticated endpoint at /CommMng/Print/UploadMailFile that fails to enforce proper file type…
CVE-2025-48148 — CVSS 10.0 (critical): Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce storekeeper-for-woocommerce…
CVE-2012-10044: MobileCartly version 1.0 contains an arbitrary file creation vulnerability in the savepage.php script. The application fails to perform…
CVE-2013-10066: An unauthenticated arbitrary file upload vulnerability exists in Kordil EDMS v2.2.60rc3. The application exposes an upload endpoint…
CVE-2012-10026: The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary file upload vulnerability in upload.php. The…
CVE-2025-29009 — CVSS 10.0 (critical): Unrestricted Upload of File with Dangerous Type vulnerability in Webkul Medical Prescription Attachment Plugin for WooCommerce…
CVE-2025-49414 — CVSS 10.0 (critical): Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Gallery fw-gallery allows Using Malicious Files.This issue…
CVE-2025-30933 — CVSS 10.0 (critical): Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes LogisticsHub logistics-hub allows Upload a Web Shell to a Web…
CVE-2025-49885 — CVSS 10.0 (critical): Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme Drag and Drop Multiple File Upload (Pro) - WooCommerce…
CVE-2025-34046: An unauthenticated file upload vulnerability exists in the Fanwei E-Office <= v9.4 web management interface. The vulnerability affects the…
CVE-2025-49447 — CVSS 10.0 (critical): Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Food Menu allows Using Malicious Files. This issue affects…
CVE-2025-49444 — CVSS 10.0 (critical): Unrestricted Upload of File with Dangerous Type vulnerability in merkulove Reformer for Elementor reformer-elementor allows Upload a Web…
CVE-2025-49071 — CVSS 10.0 (critical): Unrestricted Upload of File with Dangerous Type vulnerability in NasaTheme Flozen flozen-theme allows Upload a Web Shell to a Web…
CVE-2025-32510 — CVSS 10.0 (critical): Unrestricted Upload of File with Dangerous Type vulnerability in ovatheme Ovatheme Events Manager ova-events-manager allows Using Malicious…
CVE-2025-32291 — CVSS 10.0 (critical): Unrestricted Upload of File with Dangerous Type vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Using Malicious…
CVE-2025-47687 — CVSS 10.0 (critical): Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce storekeeper-for-woocommerce…
CVE-2025-47642 — CVSS 10.0 (critical): Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed ajar-productions-in5-embed allows Upload a…
CVE-2025-47641 — CVSS 10.0 (critical): Unrestricted Upload of File with Dangerous Type vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce…
CVE-2025-47637 — CVSS 10.0 (critical): Unrestricted Upload of File with Dangerous Type vulnerability in STAGGS STAGGS staggs allows Upload a Web Shell to a Web Server.This issue…
CVE-2025-39401 — CVSS 10.0 (critical): Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS apartment-management allows Upload a Web Shell to a Web…
CVE-2025-39380 — CVSS 10.0 (critical): Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System hospital-management allows Upload a…
CVE-2025-47577 — CVSS 10.0 (critical): Unrestricted Upload of File with Dangerous Type vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows…