CWE-646

Total CVEs
6
Vulnerabilities
Avg CVSS v3
9.0
Critical
Avg CVSS v2
6.5
Medium
Latest CVE
2025
Most Recent

Severity Distribution

Critical 3
50%
High 2
33.3%
Medium 1
16.7%
Low 0
0%

External References

MITRE CWE
Official CWE definition
NIST NVD
Search CVEs by CWE

All CVEs (6)

Page 1 of 1

CVE-2025-1889

MEDIUM
CVSS:9.8(Critical)

picklescan before 0.0.22 only considers standard pickle file extensions in the scope for its vulnerability scan. An attacker could craft a malicious model that uses Pickle and include a malicious pick...

CWE-6462025

CVE-2024-8517

CRITICAL
CVSS:9.8(Critical)

SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart f...

CWE-6462024

CVE-2024-38432

CRITICAL
CVSS:9.8(Critical)

Matrix Tafnit v8 - CWE-646: Reliance on File Name or Extension of Externally-Supplied File

CWE-6462024

CVE-2023-45599

HIGH
CVSS:8.8(High)

A CWE-646 “Reliance on File Name or Extension of Externally-Supplied File” vulnerability in the “iec61850” functionality of the web application allows a remote authenticated attacker to upload any arb...

CWE-6462023

CVE-2021-34639

HIGH
CVSS:8.8(High)

Authenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+) users to upload files with a double extension, e.g. "payload.php.png" which is executable in some confi...

CWE-6462021

CVE-2024-52052

CRITICAL
CVSS:7.2(High)

Wowza Streaming Engine below 4.9.1 permits an authenticated Streaming Engine Manager administrator to define a custom application property and poison a stream target for high-privilege remote code exe...

CWE-6462024