CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,012 vulnerabilities with CWE-434
CVE-2025-48889 MEDIUM
Gradio <5.31.0 - Path Traversal
CVSS 5.3
CVE-2025-48471 CRITICAL
FreeScout <1.8.179 - RCE
CVSS 9.8
CVE-2025-46080 MEDIUM
Huocms - Unrestricted File Upload
CVSS 5.3
CVE-2025-46078 MEDIUM
Huocms - Unrestricted File Upload
CVSS 5.3
CVE-2025-45997 HIGH
Senior-walter Web-based Pharmacy Prod... - Unrestricted File Upload
CVSS 8.6
CVE-2025-5299 HIGH
Lerouxyxchire Client Database Managem... - Improper Access Control
CVSS 7.3
CVE-2025-4800 HIGH
MasterStudy LMS Pro <4.7.0 - File Upload
CVSS 8.8
CVE-2025-5178 MEDIUM
Realcetecnologia Queue Ticket Kiosk - Improper Access Control
CVSS 6.3
CVE-2025-5171 MEDIUM
Llisoft Mta Maita Training System - Improper Access Control
CVSS 6.3
CVE-2025-5162 MEDIUM
H3C Seccenter Smp-1114p02 < 20250513 - Improper Access Control
CVSS 6.3
CVE-2025-5131 MEDIUM
Project Team Tmall Demo < 2025-05-05 - Improper Access Control
CVSS 4.7
CVE-2025-5130 MEDIUM
Project Team Tmall Demo < 2025-05-05 - Improper Access Control
CVSS 4.7
CVE-2025-5058 CRITICAL
eMagicOne Store Manager <1.2.5 - RCE
CVSS 9.8
CVE-2025-4336 HIGH
Emagicone Store Manager For Woocommerce - Unrestricted File Upload
CVSS 8.1
CVE-2025-5108 MEDIUM
Shopxo - Improper Access Control
CVSS 6.3
CVE-2025-47687 CRITICAL
StoreKeeper <14.4.4 - Code Injection
CVSS 10.0
CVE-2025-47663 CRITICAL
Mojoomla Hospital Management System <11 - RCE
CVSS 9.9
CVE-2025-47658 CRITICAL
Elula Wsdesk < 3.3.0 - Unrestricted File Upload
CVSS 9.9
CVE-2025-47642 CRITICAL
Ajar in5 Embed <3.1.5 - RCE
CVSS 10.0
CVE-2025-47641 CRITICAL
Printcart Web to Print Product Designer for WooCommerce <2.3.8 - Co...
CVSS 10.0
CVE-2025-47637 CRITICAL
STAGGS <2.11.0 - Code Injection
CVSS 10.0
CVE-2025-46490 CRITICAL
Crossword Compiler Puzzles <5.2 - RCE
CVSS 9.9
CVE-2025-31916 CRITICAL
joy2012bd JP Students Result Management System Premium <1.1.7 - RCE
CVSS 9.0
CVE-2025-30173 MEDIUM
ASPECT <3.08.03 - Info Disclosure
CVSS 6.7
CVE-2025-30169 MEDIUM
ASPECT <3.08.03 - Code Injection
CVSS 6.7
Details
Vulnerabilities 4,012
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits