CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,011 vulnerabilities with CWE-434
CVE-2025-36174 HIGH
IBM Integrated Analytics System < 1.0.31.0 - Unrestricted File Upload
CVSS 8.0
CVE-2025-43766 CRITICAL
Liferay Digital Experience Platform - Unrestricted File Upload
CVSS 9.8
CVE-2025-55455 LOW
DooTask v1.0.51 - Authenticated Download
CVSS 3.5
CVE-2025-26498 HIGH
Tableau Server < 2023.3.19 - Unrestricted File Upload
CVSS 7.3
CVE-2025-26497 HIGH
Tableau Server < 2023.3.19 - Unrestricted File Upload
CVSS 7.3
CVE-2025-55454 HIGH
DooTask 1.0.51 - Code Injection
CVSS 8.8
CVE-2025-54460 HIGH
AVEVA PI Integrator through 2020 R2 SP1 - Unrestricted File Upload
CVSS 7.1
CVE-2025-27714 MEDIUM
INFINITT PACS System Manager <= 3.0.11.5 BN9 - Remote Code Execution
CVSS 6.3
CVE-2025-24489 MEDIUM
Unknown Product <Unknown Version - File Upload
CVSS 6.3
CVE-2025-55743 HIGH
UnoPim <0.2.1 - File Type Validation
CVSS 8.8
CVE-2025-55383 HIGH
Moss <0.15 - File Upload
CVSS 8.6
CVE-2025-53251 CRITICAL
An-Themes Pin WP <7.2 - RCE
CVSS 9.9
CVE-2025-9296 MEDIUM
Emlog Pro <2.5.18 - Unrestricted Upload
CVSS 4.7
CVE-2025-49222 MEDIUM
Mattermost Server < 9.11.18 - Unrestricted File Upload
CVSS 6.8
CVE-2025-55746 CRITICAL
Directus <11.9.3 - File Upload
CVSS 9.3
CVE-2025-43750 MEDIUM
Liferay Digital Experience Platform - Unrestricted File Upload
CVSS 6.5
CVE-2025-54677 CRITICAL
Vcita Online Booking & Scheduling Calendar - Unrestricted File Upload
CVSS 9.1
CVE-2025-53213 CRITICAL
ELEXtensions ReachShip WC <4.3.1 - Code Injection
CVSS 9.9
CVE-2025-48148 CRITICAL
StoreKeeper <14.4.4 - Unrestricted Upload
CVSS 10.0
CVE-2025-9153 MEDIUM
Mayurik Online Tour & Travel Management System - Improper Access Control
CVSS 6.3
CVE-2025-8450 HIGH
FileCatalyst - Info Disclosure
CVSS 8.2
CVE-2025-51489 MEDIUM
MoonShine <3.12.5 - XSS
CVSS 5.4
CVE-2025-50897 MEDIUM
riscv-boom SonicBOOM 1.2 - Memory Corruption
CVSS 4.3
CVE-2025-9099 MEDIUM
Acrel Environmental Monitoring Cloud Platform <20250804 - Unrestri...
CVSS 6.3
CVE-2025-7441 CRITICAL
StoryChief WordPress <1.0.42 - RCE
CVSS 9.8
Details
Vulnerabilities 4,011
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits