Cwe-434 - Unrestricted Upload Of File With Dangerous Type is a cwe tracked across 16 threat clusters and 20 intelligence report mentions on ThreatCluster. First observed April 19, 2026; most recent activity July 11, 2026.
A critical vulnerability in the Joomla Content Editor (JCE), tracked as CVE-2026-48907, allows unauthenticated attackers to execute remote code on affected Joomla sites. This flaw affects JCE versions below 2.9.99.6 and…
A critical vulnerability, CVE-2026-58480, has been identified in the Blocksy Companion Pro plugin for WordPress versions prior to 2.1.47. This unauthenticated arbitrary file upload vulnerability allows attackers to…
Forescout Technologies has identified 22 new vulnerabilities in serial-to-IP converters from Lantronix and Silex, which are widely used in critical sectors like healthcare and utilities. These vulnerabilities,…
On April 24, 2026, CISA added four actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog. The affected products include SimpleHelp remote management software, Samsung MagicINFO 9 Server, and…
The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload, allowing Remote Code Execution in all versions up to 5.1.8. This vulnerability arises from insufficient file extension validation in the…
A critical vulnerability (CVE-2018-25332) has been identified in GitBucket version 4.23.1, allowing unauthenticated remote code execution. Attackers can exploit weak secret token generation and insecure file upload…
A remote code execution vulnerability, identified as CVE-2026-6257, has been discovered in Vvveb CMS version 1.0.8. The flaw resides in the media management functionality, where a missing return statement in the file…
A severe unauthenticated file upload vulnerability was discovered in RSFiles! up to version 1.17.11, allowing attackers to upload malicious files, including .php scripts, to the public downloads directory. This flaw…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation of three vulnerabilities in Cisco's Catalyst SD-WAN Manager, specifically CVE-2026-20122,…
The CMP – Coming Soon & Maintenance Plugin by NiteoThemes for WordPress has a critical vulnerability (CVE-2026-6518) affecting all versions up to 4.1.16. This vulnerability allows authenticated users with Administrator…