CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,012 vulnerabilities with CWE-434
CVE-2025-44139 HIGH
Emlog - Unrestricted File Upload
CVSS 7.2
CVE-2025-7443 HIGH
BerqWP <2.2.42 - RCE
CVSS 8.1
CVE-2025-8379 MEDIUM
Campcodes Online Hotel Reservation System - Improper Access Control
CVSS 4.7
CVE-2025-54757 MEDIUM
Alfasado Powercms < 4.61 - Unrestricted File Upload
CVSS 6.5
CVE-2025-7847 HIGH
AI Engine plugin <2.9.4 - RCE
CVSS 8.8
CVE-2025-8344 MEDIUM
Viglet Shio < 0.3.8 - Improper Access Control
CVSS 6.3
CVE-2025-8323 HIGH
Ventem e-School - RCE
CVSS 8.8
CVE-2025-54769 HIGH
Xorux Lpar2rrd < 8.04 - Remote Code Execution
CVSS 8.8
CVE-2025-8265 MEDIUM
299Ko CMS 2.0.0 - Unrestricted Upload
CVSS 4.7
CVE-2025-8256 MEDIUM
Fabian Online Ordering System - Improper Access Control
CVSS 6.3
CVE-2025-8255 HIGH
Code-projects Exam Form Submission - Improper Access Control
CVSS 7.3
CVE-2025-8174 MEDIUM
Fabian Voting System - Improper Access Control
CVSS 6.3
CVE-2025-8171 MEDIUM
Fabian Document Management System - Improper Access Control
CVSS 6.3
CVE-2025-52449 HIGH
Tableau Server < 2023.3.19 - Unrestricted File Upload
CVSS 8.5
CVE-2025-5831 HIGH
Droip plugin - File Upload
CVSS 8.8
CVE-2025-8128 MEDIUM
zhousg letao <7d8df0386a65228476290949e0413de48f7fbe98 - Unrestrict...
CVSS 6.3
CVE-2025-5243 CRITICAL
SMG Software Information Portal <13.06.2025 - OS Command Injection
CVSS 10.0
CVE-2025-7852 CRITICAL
WPBookit <1.0.6 - File Upload
CVSS 9.8
CVE-2025-7437 CRITICAL
Ebook Store plugin <5.8012 - File Upload
CVSS 9.8
CVE-2025-47187 HIGH
Mitel 6800-6900w Series - File Upload
CVSS 7.5
CVE-2025-46099 HIGH
Pluck - Unrestricted File Upload
CVSS 7.2
CVE-2025-40599 CRITICAL
Sonicwall Sma 210 Firmware < 10.2.2.1-90sv - Unrestricted File Upload
CVSS 9.1
CVE-2025-54449 CRITICAL
Samsung Magicinfo 9 Server < 21.1080.0 - Unrestricted File Upload
CVSS 9.8
CVE-2025-54448 CRITICAL
Samsung Magicinfo 9 Server < 21.1080.0 - Unrestricted File Upload
CVSS 9.8
CVE-2025-54447 HIGH
Samsung Magicinfo 9 Server < 21.1080.0 - Unrestricted File Upload
CVSS 8.1
Details
Vulnerabilities 4,012
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits