So I was in need of a quick solution for this as requested by my employer, at first I thought I had found an easy fix here:
https://moodle.org/mod/forum/discuss.php?d=255199#p1110790
But there is a problem with it, moodle will take "accepted_types" extensions, read their mime types and try to guess the uploaded file mime type and filter based on mime types. Files like .vbs or .bat are read as text/plain, so they were being accepted because I need to accept .txt files.
I'm a newbie to moodle and moodle code but I think I coded a solution. Keep in mind this might not work for you or it might break other uploads on your site. Also I'm not sure if it includes all the upload points moodle has(let me know if you know). I tested it on moodle 3.7.2. Read and understand the code and use at your own discretion.
First I added the contents of the attached post1.txt on my theme renderers.php file with the extensions I wanted to allow (as per the mentioned forum post).
Then to filter by extensions I renamed the function process_upload on the class repository_upload in repository/upload/lib.php to process_upload_original and added the process_upload function on the attached post2.txt
Note that: The attached process_upload function will only reject files if there is a $types parameter and it doesn't include '*'. If your needs are different you might need to adjust the code.