CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,119 vulnerabilities with CWE-434
CVE-2025-27411 MEDIUM
REDAXO < 5.18.3 - Unauthenticated Arbitrary File Upload via Media Pool
CVSS 5.4
CVE-2025-27683 HIGH
Vasion Print < 20.0.1330 and Virtual Appliance < 1.0.735 - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2025-26319 CRITICAL
FlowiseAI Flowise <= 2.2.6 - Arbitrary File Upload
CVSS 9.8
CVE-2025-1890 MEDIUM
shishuocms 1.1 - Unrestricted Upload
CVSS 6.3
CVE-2025-1835 MEDIUM
osuuu LightPicture 1.2.2 - Unrestricted Upload
CVSS 6.3
CVE-2025-1834 MEDIUM
zj1983 zz <2024-8 - Unrestricted Upload
CVSS 6.3
CVE-2025-1818 MEDIUM
zj1983 zz <2024-8 - Unrestricted Upload
CVSS 6.3
CVE-2025-1791 MEDIUM
Zorlan SkyCaiji 2.9 - Unrestricted Upload
CVSS 6.3
CVE-2025-26325 CRITICAL
ShopXO 6.4.0 - Unrestricted File Upload via ThemeDataService.php
CVSS 9.8
CVE-2025-25790 CRITICAL
FoxCMS 1.2.5 - Arbitrary File Upload and Remote Code Execution via Zip File
CVSS 9.8
CVE-2025-25784 CRITICAL
jizhicms 2.5.4 - Arbitrary File Upload and Remote Code Execution via Zip File
CVSS 9.8
CVE-2025-25783 CRITICAL
Emlog Pro 2.5.3 - Arbitrary File Upload and Remote Code Execution via Zip File
CVSS 9.8
CVE-2025-0731 MEDIUM
SMA www.sunnyportal.com < 19.02.2024 - Unauthenticated Arbitrary File Upload via Demo Account
CVSS 6.5
CVE-2025-1128 CRITICAL
Everest Forms < 3.0.9.5 - Unauthenticated Arbitrary File Upload, Read, and Deletion via EVF_Form_Fields_Upload
CVSS 9.8
CVE-2025-1646 HIGH
Lumsoft ERP 8 - Unrestricted Upload
CVSS 7.3
CVE-2025-1598 MEDIUM
Best Church Management Software 1.0 - Unauthenticated Arbitrary File Upload via photo1 Parameter
CVSS 6.3
CVE-2025-1593 MEDIUM
Best Employee Management System 1.0 - Unrestricted File Upload in Profile Picture Handler
CVSS 4.7
CVE-2025-1590 MEDIUM
SourceCodester E-Learning System 1.0 - Unrestricted File Upload in List of Lessons Page
CVSS 4.7
CVE-2025-26776 CRITICAL
Chaty Pro < 3.3.3 - Unauthenticated Arbitrary File Upload
CVSS 10.0
CVE-2025-1555 HIGH
hzmanyun Education and Training System 3.1.1 - Unrestricted File Upload via saveImage Function
CVSS 7.3
CVE-2025-22654 CRITICAL
kodeshpa Simplified <= 1.0.6 - Arbitrary File Upload
CVSS 10.0
CVE-2025-1388 HIGH
Orca HCM < 11.0 - Authenticated Arbitrary File Upload
CVSS 8.8
CVE-2025-1355 HIGH
needyamin Library Card System 1.0 - Unrestricted File Upload in Add Picture Component
CVSS 7.3
CVE-2025-1070 HIGH
Schneider Electric ASCO 5310 and 5350 - Unrestricted Upload of File with Dangerous Type
CVSS 8.1
CVE-2025-26350 MEDIUM
Q-Free MaxTime <= 2.11.0 - Authenticated Unrestricted Upload of File with Dangerous Type via Template File Upload
CVSS 4.9
Details
Vulnerabilities 4,119
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits