Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: cwe-434 Clear
ID Title
CVE-2026-39598 Unrestricted File Upload in CVE-2026-39598 (CVE-2026-39598)
vulnerability in CVE-2026-39598 (CVE-2026-39598). Successful exploitation can lead to full system takeover.
CVE-2026-25446 Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions.
Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions.
CVE-2026-27041 Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions.
Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions.
CVE-2026-22327 Subscriber Arbitrary File Upload in Restaurt <= 1.0.4 versions.
Subscriber Arbitrary File Upload in Restaurt <= 1.0.4 versions.
CVE-2025-69129 Unrestricted File Upload in wordpress (CVE-2025-69129)
vulnerability in wordpress (CVE-2025-69129). Successful exploitation can lead to full system takeover.
CVE-2025-60218 Subscriber Arbitrary File Upload in PT Luxa Addons <= 1.2.2 versions.
Subscriber Arbitrary File Upload in PT Luxa Addons <= 1.2.2 versions.
CVE-2024-52488 Subscriber Arbitrary File Upload in Grip <= 1.0.9 versions.
Subscriber Arbitrary File Upload in Grip <= 1.0.9 versions.
CVE-2025-59872 Vulnerability in hcltech (CVE-2025-59872)
vulnerability in hcltech (CVE-2025-59872). Risk of unauthorized operations or information disclosure.
CVE-2026-40750 Unrestricted File Upload in CVE-2026-40750 (CVE-2026-40750)
vulnerability in CVE-2026-40750 (CVE-2026-40750). Successful exploitation can lead to full system takeover.
CVE-2026-6933 Unrestricted File Upload in wordpress (CVE-2026-6933)
vulnerability in wordpress (CVE-2026-6933). Successful exploitation can lead to full system takeover.
CVE-2026-40772 Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions.
Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions.
CVE-2026-39527 Subscriber Arbitrary File Upload in WpStream < 4.11.2 versions.
Subscriber Arbitrary File Upload in WpStream < 4.11.2 versions.
CVE-2026-39591 Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions.
Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions.
CVE-2026-50873 Unrestricted File Upload in CVE-2026-50873 (CVE-2026-50873)
vulnerability in CVE-2026-50873 (CVE-2026-50873). Successful exploitation can lead to full system takeover.
CVE-2018-25436 Unrestricted File Upload in wordpress (CVE-2018-25436)
vulnerability in wordpress (CVE-2018-25436). Successful exploitation can lead to full system takeover.
CVE-2026-5482 Unrestricted File Upload in CVE-2026-5482 (CVE-2026-5482)
vulnerability in CVE-2026-5482 (CVE-2026-5482). Risk of unauthorized operations or information disclosure.
CVE-2026-34027 Unrestricted File Upload in CVE-2026-34027 (CVE-2026-34027)
vulnerability in CVE-2026-34027 (CVE-2026-34027). Risk of unauthorized operations or information disclosure.
CVE-2026-53724 Cross-Site Scripting (XSS) in parse-server (CVE-2026-53724)
cross-site scripting in parse-server (CVE-2026-53724). Risk of unauthorized operations or information disclosure. Exploitable via ``poc.svg.``. Mitigation: upgrade to `8.6.79` or later.
CVE-2026-53787 Unrestricted File Upload in path-traversal (CVE-2026-53787)
vulnerability in path-traversal (CVE-2026-53787). Successful exploitation can lead to full system takeover.
CVE-2026-6211 Unrestricted File Upload in CVE-2026-6211 (CVE-2026-6211)
vulnerability in CVE-2026-6211 (CVE-2026-6211). Confidential information can be exposed externally.
CVE-2026-46489 SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepts any file type without validation. An authenticated administrator can upload an SVG f...
SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepts any file type without validation. An authenticated administrator can upload an SVG file containing embedded JavaScript. This script is base64-encoded and injected unescaped into every...
CVE-2026-11839 Unrestricted File Upload in CVE-2026-11839 (CVE-2026-11839)
vulnerability in CVE-2026-11839 (CVE-2026-11839). Successful exploitation can lead to full system takeover.
CVE-2026-7852 Unrestricted File Upload in CVE-2026-7852 (CVE-2026-7852)
vulnerability in CVE-2026-7852 (CVE-2026-7852). Successful exploitation can lead to full system takeover.
CVE-2026-9067 Unrestricted File Upload in wordpress (CVE-2026-9067)
vulnerability in wordpress (CVE-2026-9067). Confidential information can be exposed externally.
CVE-2026-36722 Unrestricted File Upload in CVE-2026-36722 (CVE-2026-36722)
vulnerability in CVE-2026-36722 (CVE-2026-36722). Risk of unauthorized operations or information disclosure.
CVE-2025-40808 Unrestricted File Upload in dos (CVE-2025-40808)
vulnerability in dos (CVE-2025-40808). Data can be tampered with by attackers.
CVE-2026-33582 Unrestricted File Upload in apache (CVE-2026-33582)
vulnerability in apache (CVE-2026-33582). Risk of unauthorized operations or information disclosure.
CVE-2026-34031 Unrestricted File Upload in apache (CVE-2026-34031)
vulnerability in apache (CVE-2026-34031). Risk of unauthorized operations or information disclosure.
CVE-2026-11621 Vulnerability in CVE-2026-11621 (CVE-2026-11621)
vulnerability in CVE-2026-11621 (CVE-2026-11621). Risk of unauthorized operations or information disclosure.
CVE-2024-58349 Unrestricted File Upload in wordpress (CVE-2024-58349)
vulnerability in wordpress (CVE-2024-58349). Successful exploitation can lead to full system takeover.
CVE-2024-58348 Unrestricted File Upload in wordpress (CVE-2024-58348)
vulnerability in wordpress (CVE-2024-58348). Successful exploitation can lead to full system takeover.
CVE-2026-11474 Vulnerability in CVE-2026-11474 (CVE-2026-11474)
vulnerability in CVE-2026-11474 (CVE-2026-11474). Risk of unauthorized operations or information disclosure.
CVE-2026-7537 Unrestricted File Upload in wordpress (CVE-2026-7537)
vulnerability in wordpress (CVE-2026-7537). Successful exploitation can lead to full system takeover.
CVE-2026-46400 Unrestricted File Upload in CVE-2026-46400 (CVE-2026-46400)
vulnerability in CVE-2026-46400 (CVE-2026-46400). Risk of unauthorized operations or information disclosure.
CVE-2026-11419 Path Traversal in path-traversal (CVE-2026-11419)
path traversal in path-traversal (CVE-2026-11419). Successful exploitation can lead to full system takeover.
CVE-2026-5411 The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
CVE-2026-46392 HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filen...
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the `.htaccess` rule that forces `Content-Disposition: attachment` on HTML...
CVE-2026-11344 Vulnerability in CVE-2026-11344 (CVE-2026-11344)
vulnerability in CVE-2026-11344 (CVE-2026-11344). Risk of unauthorized operations or information disclosure.
CVE-2026-11333 Vulnerability in CVE-2026-11333 (CVE-2026-11333)
vulnerability in CVE-2026-11333 (CVE-2026-11333). Risk of unauthorized operations or information disclosure.
CVE-2026-42538 Unrestricted File Upload in CVE-2026-42538 (CVE-2026-42538)
vulnerability in CVE-2026-42538 (CVE-2026-42538). Confidential information can be exposed externally.
CVE-2026-10806 Vulnerability in CVE-2026-10806 (CVE-2026-10806)
vulnerability in CVE-2026-10806 (CVE-2026-10806). Risk of unauthorized operations or information disclosure.
CVE-2026-10807 Vulnerability in CVE-2026-10807 (CVE-2026-10807)
vulnerability in CVE-2026-10807 (CVE-2026-10807). Risk of unauthorized operations or information disclosure.
CVE-2026-40548 Unrestricted File Upload in path-traversal (CVE-2026-40548)
vulnerability in path-traversal (CVE-2026-40548). Risk of unauthorized operations or information disclosure.
CVE-2026-10205 Vulnerability in CVE-2026-10205 (CVE-2026-10205)
vulnerability in CVE-2026-10205 (CVE-2026-10205). Risk of unauthorized operations or information disclosure.
CVE-2026-10172 Vulnerability in CVE-2026-10172 (CVE-2026-10172)
vulnerability in CVE-2026-10172 (CVE-2026-10172). Risk of unauthorized operations or information disclosure.
CVE-2018-25409 Unrestricted File Upload in CVE-2018-25409 (CVE-2018-25409)
vulnerability in CVE-2018-25409 (CVE-2018-25409). Successful exploitation can lead to full system takeover.
CVE-2018-25388 Unrestricted File Upload in CVE-2018-25388 (CVE-2018-25388)
vulnerability in CVE-2018-25388 (CVE-2018-25388). Successful exploitation can lead to full system takeover.
CVE-2026-39292 Unrestricted File Upload in CVE-2026-39292 (CVE-2026-39292)
vulnerability in CVE-2026-39292 (CVE-2026-39292). Risk of unauthorized operations or information disclosure.
CVE-2026-10072 Unrestricted File Upload in CVE-2026-10072 (CVE-2026-10072)
vulnerability in CVE-2026-10072 (CVE-2026-10072). Successful exploitation can lead to full system takeover.
CVE-2026-10071 Unrestricted File Upload in CVE-2026-10071 (CVE-2026-10071)
vulnerability in CVE-2026-10071 (CVE-2026-10071). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →