CWE-434
Medium likelihoodUnrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
4,119 vulnerabilities with CWE-434
CVE-2025-8344
MEDIUM
viglet shio < 0.3.8 - Unrestricted File Upload via ShStaticFileUpload Function
CVSS 6.3
CVE-2025-8323
HIGH
Ventem e-School - Unauthenticated Arbitrary File Upload and Remote Code Execution
CVSS 8.8
CVE-2025-54769
HIGH
lpar2rrd < 8.04 - Authenticated Directory Traversal and Remote Code Execution via File Upload
CVSS 8.8
CVE-2025-8265
MEDIUM
299Ko CMS 2.0.0 - Unrestricted Upload
CVSS 4.7
CVE-2025-8256
MEDIUM
Online Ordering System 1.0 - Unrestricted File Upload via Image Parameter
CVSS 6.3
CVE-2025-8255
HIGH
code-projects Exam Form Submission 1.0 - Unrestricted File Upload via Image Parameter in Register.php
CVSS 7.3
CVE-2025-8174
MEDIUM
code-projects Voting System 1.0 - Unrestricted File Upload via Photo Argument
CVSS 6.3
CVE-2025-8171
MEDIUM
code-projects Document Management System 1.0 - Unrestricted File Upload via /insert.php uploaded_file Parameter
CVSS 6.3
CVE-2025-52449
HIGH
Tableau Server < 2025.1.3, < 2024.2.12, < 2023.3.19 - Remote Code Execution via Deceptive Filename Upload
CVSS 8.5
CVE-2025-5831
HIGH
Droip < 2.5.2 - Authenticated Arbitrary File Upload via make_google_font_offline()
CVSS 8.8
CVE-2025-8128
MEDIUM
zhousg letao <7d8df0386a65228476290949e0413de48f7fbe98 - Unrestrict...
CVSS 6.3
CVE-2025-5243
CRITICAL
SMG Software Information Portal <13.06.2025 - OS Command Injection
CVSS 10.0
CVE-2025-7852
CRITICAL
WPBookit <= 1.0.6 - Unauthenticated Arbitrary File Upload via image_upload_handle()
CVSS 9.8
CVE-2025-7437
CRITICAL
Ebook Store plugin <5.8012 - File Upload
CVSS 9.8
CVE-2025-47187
HIGH
Mitel 6800-6900w Series - File Upload
CVSS 7.5
CVE-2025-46099
HIGH
Pluck CMS 4.7.20-dev - Authenticated Arbitrary File Upload and Remote Code Execution via Albums Module
CVSS 7.2
CVE-2025-40599
CRITICAL
SonicWall SMA 210/410/500v Firmware < 10.2.2.1-90sv - Authenticated Arbitrary File Upload
CVSS 9.1
CVE-2025-54449
CRITICAL
Samsung MagicINFO 9 Server < 21.1080.0 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2025-54448
CRITICAL
Samsung MagicINFO 9 Server < 21.1080.0 - Code Injection via Unrestricted File Upload
CVSS 9.8
CVE-2025-54447
HIGH
Samsung MagicINFO 9 Server < 21.1080.0 - Code Injection via Unrestricted File Upload
CVSS 8.1
CVE-2025-54444
CRITICAL
Samsung MagicINFO 9 Server < 21.1080.0 - Code Injection via Unrestricted File Upload
CVSS 9.8
CVE-2025-54442
CRITICAL
Samsung MagicINFO 9 Server < 21.1080.0 - Code Injection via Unrestricted File Upload
CVSS 9.8
CVE-2025-54441
HIGH
Samsung MagicINFO 9 Server < 21.1080.0 - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2025-54440
CRITICAL
Samsung MagicINFO 9 Server < 21.1080.0 - Code Injection via Unrestricted File Upload
CVSS 9.8
CVE-2025-54439
HIGH
Samsung MagicINFO 9 Server < 21.1080.0 - Code Injection via Unrestricted File Upload
CVSS 8.8
Details
Vulnerabilities
4,119
Exploit Likelihood
Medium