CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,117 vulnerabilities with CWE-434
CVE-2025-10763 MEDIUM
Academico-sis <d9a9e2636fbf7e5845ee086bcb03ca62faceb6ab - Unrestric...
CVSS 6.3
CVE-2025-10755 MEDIUM
Selleo Mentingo 2025.08.27 - Unrestricted Upload
CVSS 6.3
CVE-2025-10741 MEDIUM
Selleo Mentingo <2025.08.27 - Unrestricted Upload
CVSS 6.3
CVE-2025-34195 CRITICAL
Vasion Print Virtual Appliance Host <1.0.735 & Application <20.0.1330 - RCE via Unquoted Path
CVSS 9.8
CVE-2025-10647 HIGH
Embed PDF for WPForms <= 1.1.5 - Authenticated Arbitrary File Upload via ajax_handler_download_pdf_media
CVSS 8.8
CVE-2025-55912 HIGH
ClipBucket <5.5.0 - Unauthenticated File Upload
CVSS 7.3
CVE-2025-10669 MEDIUM
Airsonic-Advanced <10.6.0 - Unrestricted Upload
CVSS 6.3
CVE-2025-40678 MEDIUM
Summar Software's Portal del Empleado - Unrestricted Upload
CVE-2025-10616 MEDIUM
itsourcecode E-Commerce Website 1.0 - Unrestricted File Upload in /admin/users.php
CVSS 6.3
CVE-2025-10615 MEDIUM
itsourcecode E-Commerce Website 1.0 - Unrestricted File Upload in /admin/products.php
CVSS 6.3
CVE-2025-10600 HIGH
SourceCodester Online Exam Form Submission 1.0 - Unrestricted File Upload via register.php img Argument
CVSS 7.3
CVE-2025-9216 HIGH
StoreEngine < 1.5.0 - Authenticated Arbitrary File Upload via CSV Import Function
CVSS 8.8
CVE-2025-56263 HIGH
by-night sms V1.0 - Arbitrary File Upload via Head Image Endpoint
CVSS 8.8
CVE-2025-56295 HIGH
Computer Laboratory System 1.0 - Authenticated Arbitrary File Upload via Avatar Modification
CVSS 7.3
CVE-2025-10480 MEDIUM
Online Student File Management System 1.0 - Unrestricted File Upload via save_file.php
CVSS 6.3
CVE-2025-57176 MEDIUM
Ceragon Networks EtherHaul - Unauthenticated File Upload
CVSS 6.5
CVE-2025-10447 HIGH
Campcodes Online Job Finder System 1.0 - Unrestricted File Upload via Picture Argument
CVSS 7.3
CVE-2025-10428 MEDIUM
Pet Grooming Management Software 1.0 - Unrestricted File Upload via SEO Setting Handler
CVSS 6.3
CVE-2025-10427 MEDIUM
SourceCodester Pet Grooming Management Software 1.0 - Unrestricted File Upload via User Profile Image
CVSS 6.3
CVE-2025-10425 HIGH
1000projects Online Student Project Report Submission and Evaluation System 1.0 - Unrestricted File Upload
CVSS 7.3
CVE-2025-10424 HIGH
Online Student Project Report Submission and Evaluation System 1.0 - Unrestricted File Upload via new_image Argument
CVSS 7.3
CVE-2025-10398 MEDIUM
fcba_zzm Smart Park Management System 2.0 - Unrestricted File Upload in FileUploadUtils.java
CVSS 6.3
CVE-2025-10371 HIGH
eCharge Hardy Barth Salia PLCC <2.3.81 - Unrestricted Upload
CVSS 7.3
CVE-2025-45586 HIGH
Audi Universal Traffic Recorder Firmware - Arbitrary File Write via PUT Request
CVSS 7.5
CVE-2025-55835 CRITICAL
SueamCMS 0.1.2 - Remote Code Execution via Unrestricted File Upload
CVSS 9.8
Details
Vulnerabilities 4,117
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits