CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,119 vulnerabilities with CWE-434
CVE-2025-26497 HIGH
Tableau Server < 2023.3.19 - Unrestricted File Upload & Path Traversal in Flow Editor
CVSS 7.3
CVE-2025-55454 HIGH
dootask 1.0.51 - Authenticated Arbitrary File Upload via /msg/sendfiles
CVSS 8.8
CVE-2025-54460 HIGH
AVEVA PI Integrator through 2020 R2 SP1 - Unrestricted File Upload
CVSS 7.1
CVE-2025-27714 MEDIUM
INFINITT PACS System Manager <= 3.0.11.5 BN9 - Remote Code Execution
CVSS 6.3
CVE-2025-24489 MEDIUM
INFINITT PACS System Manager 3.0.11.5 - Arbitrary File Upload
CVSS 6.3
CVE-2025-55743 HIGH
UnoPim <0.2.1 - File Type Validation
CVSS 8.8
CVE-2025-55383 HIGH
Moss < 0.15 - Unrestricted File Upload via Upload Function
CVSS 8.6
CVE-2025-53251 CRITICAL
An-Themes Pin WP < 7.2 - Unauthenticated Arbitrary File Upload
CVSS 9.9
CVE-2025-9296 MEDIUM
Emlog Pro <2.5.18 - Unrestricted Upload
CVSS 4.7
CVE-2025-49222 MEDIUM
Mattermost Server < 9.11.18 - Unrestricted File Upload
CVSS 6.8
CVE-2025-55746 CRITICAL
Directus 10.8.0-11.9.2 - Unauthenticated Arbitrary File Upload via File Update Mechanism
CVSS 9.3
CVE-2025-43750 MEDIUM
Liferay Portal 7.4.0-7.4.3.132 & DXP Unauthenticated File Upload via Form Attachment
CVSS 6.5
CVE-2025-54677 CRITICAL
vcita Online Booking & Scheduling Calendar for WordPress <= 4.5.3 - Arbitrary File Upload
CVSS 9.1
CVE-2025-53213 CRITICAL
ELEXtensions ReachShip WC <4.3.1 - Code Injection
CVSS 9.9
CVE-2025-48148 CRITICAL
StoreKeeper <14.4.4 - Unrestricted Upload
CVSS 10.0
CVE-2025-9153 MEDIUM
Online Tour and Travel Management System 1.0 - Unrestricted File Upload via Travellers Photo Parameter
CVSS 6.3
CVE-2025-8450 HIGH
FileCatalyst 5.1.6-5.2.0 Build 80 - Unauthenticated Arbitrary File Upload via Workflow Order Forms
CVSS 8.2
CVE-2025-51489 MEDIUM
moonshine < 3.12.5 - Stored Cross-Site Scripting via SVG File Upload
CVSS 5.4
CVE-2025-50897 MEDIUM
riscv-boom SonicBOOM 1.2 - Memory Corruption
CVSS 4.3
CVE-2025-9099 MEDIUM
Acrel Environmental Monitoring Cloud Platform <20250804 - Unrestri...
CVSS 6.3
CVE-2025-7441 CRITICAL
StoryChief <= 1.0.42 - Unauthenticated Arbitrary File Upload via Webhook REST-API Endpoint
CVSS 9.8
CVE-2025-6079 HIGH
School Management System for Wordpress <93.2.0 - File Upload
CVSS 8.8
CVE-2025-54473 CRITICAL
Phoca Commander <5.0.1 - Authenticated RCE
CVE-2025-6679 CRITICAL
Bit Form builder plugin for WordPress <2.20.4 - File Upload
CVSS 9.8
CVE-2025-8965 MEDIUM
linlinjava litemall < 1.8.0 - Unrestricted File Upload via AdminStorageController
CVSS 6.3
Details
Vulnerabilities 4,119
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits