CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,119 vulnerabilities with CWE-434
CVE-2025-7939 MEDIUM
Jerryshensjf JPACookieShop JPA 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2025-54071 CRITICAL
RomM <4.0.0-beta.3 - Authenticated RCE
CVE-2025-7931 HIGH
Church Donation System 1.0 - Unrestricted Upload
CVSS 7.3
CVE-2025-54082 HIGH
marshmallow-packages/nova-tiptap < 5.7.0 - Unauthenticated Arbitrary File Upload via /nova-tiptap/api/file Endpoint
CVE-2025-32744 MEDIUM
Dell AppSync < 4.6.0.4 - Authenticated Unrestricted Upload of File with Dangerous Type
CVSS 6.6
CVE-2025-44658 CRITICAL
Netgear RAX30 V1.0.10.94 - Remote Code Execution via PHP-FPM Misconfiguration
CVSS 9.8
CVE-2025-7917 HIGH
Simopro WinMatrix3 Web - Authenticated Web Shell Upload
CVSS 7.2
CVE-2025-7906 MEDIUM
yangzongzhuan RuoYi <4.8.1 - Unrestricted Upload
CVSS 6.3
CVE-2025-7898 MEDIUM
Codecanyon iDentSoft 2.0 - Unrestricted Upload
CVSS 4.7
CVE-2025-7895 MEDIUM
harry0703 MoneyPrinterTurbo <1.2.6 - Unrestricted Upload
CVSS 6.3
CVE-2025-46384 HIGH
Emby - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2025-7880 MEDIUM
MetaCRM <6.4.2 - Unrestricted Upload
CVSS 6.3
CVE-2025-7879 MEDIUM
MetaCRM <6.4.2 - Unrestricted Upload
CVSS 6.3
CVE-2025-7878 MEDIUM
MetaCRM <6.4.2 - Unrestricted Upload
CVSS 6.3
CVE-2025-7877 MEDIUM
MetaCRM <6.4.2 - Unrestricted Upload
CVSS 6.3
CVE-2025-7864 MEDIUM
thinkgem JeeSite <5.12.0 - Unrestricted Upload
CVSS 6.3
CVE-2025-46001 CRITICAL
simogeo Filemanager 2.3.0 - Arbitrary File Upload via is_allowed_file_type() Function
CVSS 9.8
CVE-2025-7438 HIGH
MasterStudy LMS Pro <= 4.7.9 - Authenticated Arbitrary File Upload via 'install_and_activate_plugin' Function
CVSS 7.5
CVE-2025-6222 CRITICAL
WooCommerce Refund And Exchange - File Upload
CVSS 9.8
CVE-2025-7755 MEDIUM
Code-projects Online Ordering System 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2025-34121 CRITICAL
Idera Up.Time Monitoring Station <=7.2 - RCE
CVE-2025-20274 MEDIUM
Cisco Unified Intelligence Center - File Upload
CVSS 6.3
CVE-2025-48300 CRITICAL
Adrian Tobey Groundhogg <4.2.1 - RCE
CVSS 9.1
CVE-2025-29009 CRITICAL
Webkul Medical Prescription Attachment Plugin <1.2.3 - RCE
CVSS 10.0
CVE-2025-34111 CRITICAL
Tiki Wiki CMS Groupware < 15.1 - Unauthenticated Arbitrary File Upload via ELFinder Connector
CVSS 9.8
Details
Vulnerabilities 4,119
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits