CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,012 vulnerabilities with CWE-434
CVE-2025-2978 MEDIUM
WCMS 11 - Unrestricted Upload
CVSS 6.3
CVE-2025-2973 MEDIUM
College Management System 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2025-2952 MEDIUM
Bluestar Micro Mall 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2025-2249 HIGH
SoJ SoundSlides <1.2.2 - RCE
CVSS 8.8
CVE-2025-2006 HIGH
BBPress plugin <1.1.19 - RCE
CVSS 8.8
CVE-2025-2819 MEDIUM
GT-SoftControl - Info Disclosure
CVSS 6.6
CVE-2025-2749 HIGH KEV
Kentico Xperience < 13.0.178 - Path Traversal
CVSS 7.2
CVE-2025-2748 MEDIUM
Kentico Xperience CMS - Unauthenticated Stored XSS
CVSS 6.1
CVE-2025-2706 MEDIUM
Digiwin ERP 5.0.1 - Unrestricted Upload
CVSS 6.3
CVE-2025-2705 HIGH
Digiwin ERP 5.1 - Unrestricted Upload
CVSS 7.3
CVE-2025-2702 MEDIUM
Softwin WMX3 3.1 - Unrestricted Upload
CVSS 6.3
CVE-2025-2687 MEDIUM
PHPGurukul eLearning System 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2025-2671 MEDIUM
Yue Lao Blind Box <4.0 - Unrestricted Upload
CVSS 6.3
CVE-2025-2607 MEDIUM
Phplaozhang Lzcms-laozhangbokexitong < 1.1.4 - Improper Access Control
CVSS 6.3
CVE-2025-2606 MEDIUM
Mayurik Best Church Management Software - Improper Access Control
CVSS 6.3
CVE-2025-29411 CRITICAL
Martmbithi Ibanking - Unrestricted File Upload
CVSS 9.8
CVE-2025-29405 MEDIUM
Emlog < 2.5.7 - Unrestricted File Upload
CVSS 6.3
CVE-2025-2512 CRITICAL
File Away < 3.9.9.0.1 - Unrestricted File Upload
CVSS 9.8
CVE-2025-24801 HIGH
Glpi < 10.0.18 - Unrestricted File Upload
CVSS 8.5
CVE-2025-2494 CRITICAL
Sytel Ltd. Softdial Contact Center - Unrestricted File Upload
CVSS 9.8
CVE-2025-2396 HIGH
Edetw U-office Force < 28.0 - Unrestricted File Upload
CVSS 8.8
CVE-2025-2350 MEDIUM
Iroadau Fx2 Firmware < 2025-03-08 - Improper Access Control
CVSS 6.3
CVE-2025-2219 HIGH
Lovecards < 2.3.2 - Improper Access Control
CVSS 7.3
CVE-2025-2216 MEDIUM
Zzskzy Warehouse Refinement Managemen... - Improper Access Control
CVSS 6.3
CVE-2025-28915 CRITICAL
ThemeEgg ToolKit <1.2.9 - RCE
CVSS 9.1
Details
Vulnerabilities 4,012
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits