CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,012 vulnerabilities with CWE-434
CVE-2025-54444 CRITICAL
Samsung Magicinfo 9 Server < 21.1080.0 - Unrestricted File Upload
CVSS 9.8
CVE-2025-54442 CRITICAL
Samsung Magicinfo 9 Server < 21.1080.0 - Unrestricted File Upload
CVSS 9.8
CVE-2025-54441 HIGH
Samsung Magicinfo 9 Server < 21.1080.0 - Unrestricted File Upload
CVSS 8.8
CVE-2025-54440 CRITICAL
Samsung Magicinfo 9 Server < 21.1080.0 - Unrestricted File Upload
CVSS 9.8
CVE-2025-54439 HIGH
Samsung Magicinfo 9 Server < 21.1080.0 - Unrestricted File Upload
CVSS 8.8
CVE-2025-7939 MEDIUM
Jerryshensjf JPACookieShop JPA 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2025-54071 CRITICAL
RomM <4.0.0-beta.3 - Authenticated RCE
CVE-2025-7931 HIGH
Church Donation System 1.0 - Unrestricted Upload
CVSS 7.3
CVE-2025-54082 HIGH
Marshmallow Nova-tiptap < 5.7.0 - Unrestricted File Upload
CVE-2025-32744 MEDIUM
Dell Appsync < 4.6.0.4 - Unrestricted File Upload
CVSS 6.6
CVE-2025-44658 CRITICAL
Netgear Rax30 Firmware - Unrestricted File Upload
CVSS 9.8
CVE-2025-7917 HIGH
WinMatrix3 Web - RCE
CVSS 7.2
CVE-2025-7906 MEDIUM
yangzongzhuan RuoYi <4.8.1 - Unrestricted Upload
CVSS 6.3
CVE-2025-7898 MEDIUM
Codecanyon iDentSoft 2.0 - Unrestricted Upload
CVSS 4.7
CVE-2025-7895 MEDIUM
harry0703 MoneyPrinterTurbo <1.2.6 - Unrestricted Upload
CVSS 6.3
CVE-2025-46384 HIGH
Emby - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2025-7880 MEDIUM
MetaCRM <6.4.2 - Unrestricted Upload
CVSS 6.3
CVE-2025-7879 MEDIUM
MetaCRM <6.4.2 - Unrestricted Upload
CVSS 6.3
CVE-2025-7878 MEDIUM
MetaCRM <6.4.2 - Unrestricted Upload
CVSS 6.3
CVE-2025-7877 MEDIUM
MetaCRM <6.4.2 - Unrestricted Upload
CVSS 6.3
CVE-2025-7864 MEDIUM
thinkgem JeeSite <5.12.0 - Unrestricted Upload
CVSS 6.3
CVE-2025-46001 CRITICAL
Simogeo Filemanager < 1.1 - Unrestricted File Upload
CVSS 9.8
CVE-2025-7438 HIGH
MasterStudy LMS Pro <4.7.9 - RCE
CVSS 7.5
CVE-2025-6222 CRITICAL
WooCommerce Refund And Exchange - File Upload
CVSS 9.8
CVE-2025-7755 MEDIUM
Code-projects Online Ordering System 1.0 - Unrestricted Upload
CVSS 6.3
Details
Vulnerabilities 4,012
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits