CWE-646: CWE-646

Total CVEs

Critical

High

7.3

Avg CVSS

Yearly Trend

2025

2024

2021

Top Affected Vendors

1 Zoom 1

2 Mmaitre314 1

3 W3eden 1

4 Wowza 1

5 Matrix Globalservices 1

All CWE-646 CVEs (5)

CVE-2025-1889

9.8

CVE-2025-1889 is a vulnerability in picklescan versions before 0.0.22 where the tool only checks standard pickle file extensions (.pkl, .pickle, .pckl...

Mar 3, 2025

CVE-2021-34639

7.5

This vulnerability allows authenticated WordPress users with Author+ permissions to upload files with double extensions (like 'payload.php.png') that ...

Aug 5, 2021

CVE-2024-52052

7.2

This vulnerability allows authenticated Wowza Streaming Engine Manager administrators to define malicious custom application properties that can poiso...

Nov 21, 2024

CVE-2025-30662

6.6

This vulnerability in Zoom Workplace VDI Plugin macOS Universal installer allows authenticated users to follow symbolic links during installation, pot...

Nov 13, 2025

CVE-2024-38432

5.5

Matrix Tafnit v8 is vulnerable to file extension manipulation attacks due to improper validation of externally-supplied file names. This allows attack...

Jul 30, 2024

About CWE-646 (CWE-646)

Our database tracks 5 CVEs classified as CWE-646, with 1 rated critical and 2 rated high severity. The average CVSS score for CWE-646 vulnerabilities is 7.3.

External reference: View CWE-646 on MITRE CWE →

Monitor CWE-646 Vulnerabilities

Get alerted when new CWE-646 CVEs affect your infrastructure.

Start Monitoring Free