CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,011 vulnerabilities with CWE-434
CVE-2025-59524 MEDIUM
Horilla < 1.4.0 - XSS
CVSS 6.1
CVE-2025-9846 CRITICAL
TalentSys Consulting Information Technology Industry Inc. Inka.Net ...
CVSS 10.0
CVE-2025-10412 CRITICAL
WooCommerce Uni CPO <4.9.54 - RCE
CVSS 9.8
CVE-2025-10147 CRITICAL
Podlove Podcast Publisher <4.2.6 - File Upload
CVSS 9.8
CVE-2025-10009 HIGH
Invoice Ninja <= 5.11.72 - Code Injection
CVE-2025-10763 MEDIUM
Academico-sis <d9a9e2636fbf7e5845ee086bcb03ca62faceb6ab - Unrestric...
CVSS 6.3
CVE-2025-10755 MEDIUM
Selleo Mentingo 2025.08.27 - Unrestricted Upload
CVSS 6.3
CVE-2025-10741 MEDIUM
Selleo Mentingo <2025.08.27 - Unrestricted Upload
CVSS 6.3
CVE-2025-34195 CRITICAL
Vasion Virtual Appliance Application - Unrestricted File Upload
CVSS 9.8
CVE-2025-10647 HIGH
Embed PDF for WPForms <1.1.6 - RCE
CVSS 8.8
CVE-2025-55912 HIGH
ClipBucket <5.5.0 - Unauthenticated File Upload
CVSS 7.3
CVE-2025-10669 MEDIUM
Airsonic-Advanced <10.6.0 - Unrestricted Upload
CVSS 6.3
CVE-2025-40678 MEDIUM
Summar Software's Portal del Empleado - Unrestricted Upload
CVE-2025-10616 MEDIUM
Angeljudesuarez E-commerce Website - Improper Access Control
CVSS 6.3
CVE-2025-10615 MEDIUM
Angeljudesuarez E-commerce Website - Improper Access Control
CVSS 6.3
CVE-2025-10600 HIGH
Janobe Online Exam Form Submission - Improper Access Control
CVSS 7.3
CVE-2025-9216 HIGH
StoreEngine <1.5.0 - File Upload
CVSS 8.8
CVE-2025-56263 HIGH
By-night Sms - Unrestricted File Upload
CVSS 8.8
CVE-2025-56295 HIGH
Carmelo Computer Laboratory System - Unrestricted File Upload
CVSS 7.3
CVE-2025-10480 MEDIUM
Janobe Online Student File Management System - Improper Access Control
CVSS 6.3
CVE-2025-57176 MEDIUM
Ceragon Networks EtherHaul - Unauthenticated File Upload
CVSS 6.5
CVE-2025-10447 HIGH
Campcodes Online Job Finder System - Improper Access Control
CVSS 7.3
CVE-2025-10428 MEDIUM
Mayurik Pet Grooming Management Software - Improper Access Control
CVSS 6.3
CVE-2025-10427 MEDIUM
Mayurik Pet Grooming Management Software - Improper Access Control
CVSS 6.3
CVE-2025-10425 HIGH
1000projects Online Student Project R... - Improper Access Control
CVSS 7.3
Details
Vulnerabilities 4,011
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits