CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,012 vulnerabilities with CWE-434
CVE-2025-7181 MEDIUM
Carmelo Staff Audit System - Improper Access Control
CVSS 6.3
CVE-2025-7175 MEDIUM
Fabian E-commerce Site - Improper Access Control
CVSS 6.3
CVE-2025-27127 MEDIUM
TIA Project-Server <V2.1.1, TIA Portal <V19.4, TIA Portal <V20.3 - ...
CVSS 4.3
CVE-2025-7152 MEDIUM
Campcodes Advanced Online Voting System - Improper Access Control
CVSS 6.3
CVE-2025-7151 MEDIUM
Campcodes Advanced Online Voting System - Improper Access Control
CVSS 6.3
CVE-2025-6802 CRITICAL
Marvell QConvergeConsole - RCE
CVSS 9.8
CVE-2025-7124 MEDIUM
Anisha Online Note Sharing - Improper Access Control
CVSS 6.3
CVE-2025-7114 HIGH
Sim < 0.2.1 - Missing Authentication
CVSS 7.3
CVE-2025-7100 MEDIUM
Boyuncms < 1.4.20 - Improper Access Control
CVSS 6.3
CVE-2025-7075 MEDIUM
Blackvuenorthamerica Blackvue Dr590x ... - Improper Access Control
CVSS 6.3
CVE-2025-49414 CRITICAL
FW Gallery <8.0.0 - UAFDT
CVSS 10.0
CVE-2025-30933 CRITICAL
LiquidThemes LogisticsHub <1.1.6 - RCE
CVSS 10.0
CVE-2025-28951 CRITICAL
CreedAlly Bulk Featured Image <1.2.1 - RCE
CVSS 9.1
CVE-2025-6586 HIGH
WordPress Download Plugin <2.2.8 - RCE
CVSS 7.2
CVE-2025-5322 HIGH
E4jconnect Vikrentcar < 1.4.4 - Unrestricted File Upload
CVSS 7.2
CVE-2025-34086 HIGH
Bolt CMS <3.7.0 - Authenticated RCE
CVSS 8.8
CVE-2025-23968 CRITICAL
WPCenter AiBud WP <1.8.5 - Code Injection
CVSS 9.1
CVE-2025-5961 HIGH
Wpvivid Migration, Backup, Staging - Unrestricted File Upload
CVSS 7.2
CVE-2025-5746 CRITICAL
WooCommerce plugin <5.0.5 - Unauthenticated RCE
CVSS 9.8
CVE-2025-6900 MEDIUM
Code-projects Library System - Improper Access Control
CVSS 6.3
CVE-2025-6873 MEDIUM
Oretnom23 Simple Company Website - Improper Access Control
CVSS 4.7
CVE-2025-6872 MEDIUM
Oretnom23 Simple Company Website - Improper Access Control
CVSS 4.7
CVE-2025-6870 MEDIUM
Oretnom23 Simple Company Website - Improper Access Control
CVSS 4.7
CVE-2025-6848 MEDIUM
Simple Forum 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2025-6843 HIGH
Simple Photo Gallery 1.0 - Unrestricted Upload
CVSS 7.3
Details
Vulnerabilities 4,012
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits