CWE-434
Medium likelihoodUnrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
4,119 vulnerabilities with CWE-434
CVE-2024-22641
HIGH
TCPDF < 6.7.4 - Regular Expression Denial of Service via SVG File Parsing
CVSS 7.5
CVE-2024-35510
CRITICAL
dedecms v5.7.114 - Arbitrary File Upload via file_manage_control.php
CVSS 9.8
CVE-2024-5377
HIGH
SourceCodester Vehicle Management System 1.0 - Unrestricted Upload
CVSS 7.3
CVE-2024-35593
MEDIUM
Raingad IM 4.1.4 - Remote Code Execution via Crafted PDF File Upload
CVSS 5.5
CVE-2024-1332
MEDIUM
Custom Fonts - Host Your Fonts Locally <= 2.1.4 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-5247
HIGH
NETGEAR ProSAFE Network Management System < 1.7.0.37 - Authenticated Remote Code Execution via UpLoadServlet
CVSS 8.8
CVE-2024-35570
CRITICAL
inxedu v2.0.6 - Arbitrary File Upload and Remote Code Execution via ImageUploadController
CVSS 9.8
CVE-2024-35375
CRITICAL
dedecms 5.7.114 - Unauthenticated Arbitrary File Upload via Media Add Page
CVSS 9.8
CVE-2024-35080
CRITICAL
inxedu 2024.4 - Arbitrary File Upload via gok4 Method
CVSS 9.8
CVE-2024-35079
CRITICAL
inxedu 2024.4 - Arbitrary File Upload via uploadAudio Method
CVSS 9.8
CVE-2024-5084
CRITICAL
Hash Form - Drag & Drop Form Builder <= 1.1.0 - Unauthenticated Arbitrary File Upload via file_upload_action Function
CVSS 9.8
CVE-2024-5145
MEDIUM
SourceCodester Vehicle Management System <1.0 - Unrestricted Upload
CVSS 6.3
CVE-2024-5050
MEDIUM
Wangshen SecGate 3600 - Unrestricted Upload
CVSS 6.3
CVE-2024-5049
MEDIUM
Codezips E-Commerce Site 1.0 - Unrestricted File Upload via profilepic Argument
CVSS 6.3
CVE-2024-5047
HIGH
SourceCodester Student Management System 1.0 - Unrestricted File Upload via Photo Parameter
CVSS 7.3
CVE-2024-34982
CRITICAL
lylme_spage 1.9.5 - Arbitrary File Upload and Remote Code Execution via /include/file.php
CVSS 9.8
CVE-2024-5043
MEDIUM
Emlog Pro 2.3.4 - Unrestricted File Upload via Admin Setting
CVSS 4.7
CVE-2024-32809
CRITICAL
JumpDEMAND Inc. ActiveDEMAND <0.2.41 - Unrestricted Upload
CVSS 10.0
CVE-2024-33556
HIGH
8theme XStore Core <= 5.3.8 - Unrestricted Upload of File with Dangerous Type
CVSS 8.2
CVE-2024-31351
CRITICAL
Copymatic - AI Content Writer & Generator <= 1.6 - Unauthenticated Arbitrary File Upload
CVSS 10.0
CVE-2024-4966
HIGH
SourceCodester SchoolWebTech 1.0 - Unrestricted Upload
CVSS 7.3
CVE-2024-4964
MEDIUM
D-Link DAR-7000-40 - Unrestricted Upload
CVSS 6.3
CVE-2024-4963
MEDIUM
D-Link DAR-7000-40 - Unrestricted Upload
CVSS 6.3
CVE-2024-4962
MEDIUM
D-Link DAR-7000-40 V31R02B1413C - Unrestricted Upload
CVSS 6.3
CVE-2024-4961
MEDIUM
D-Link DAR-7000-40 - Unrestricted Upload
CVSS 6.3
Details
Vulnerabilities
4,119
Exploit Likelihood
Medium