CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,016 vulnerabilities with CWE-434
CVE-2024-25623 HIGH
Mastodon <4.2.7, 4.1.15, 4.0.15, 3.5.19 - Info Disclosure
CVSS 8.5
CVE-2024-25627 LOW
Alf.io <2.0-M4-2402 - XSS
CVSS 3.5
CVE-2024-22426 HIGH
Dell RecoverPoint for Virtual Machines <6.0.SP1 - Command Injection
CVSS 7.2
CVE-2024-25414 CRITICAL
CSZ CMS <1.3.0 - Code Injection
CVSS 9.8
CVE-2024-23811 HIGH
Siemens Sinec Nms < 2.0 - Unrestricted File Upload
CVSS 8.8
CVE-2024-23762 HIGH
Gambio - Unrestricted File Upload
CVSS 7.8
CVE-2024-23759 CRITICAL
Gambio - Insecure Deserialization
CVSS 9.8
CVE-2024-25674 CRITICAL
Misp < 2.4.184 - Unrestricted File Upload
CVSS 9.8
CVE-2024-24393 CRITICAL
Oaooa Pichome - Unrestricted File Upload
CVSS 9.8
CVE-2024-24202 CRITICAL
Easycorp Zentao - Unrestricted File Upload
CVSS 9.8
CVE-2024-24350 HIGH
Softwarepublico E-sic Livre < 2.0 - Unrestricted File Upload
CVSS 8.8
CVE-2024-24026 CRITICAL
Xxyopen Novel-plus < 4.2.0 - Unrestricted File Upload
CVSS 9.8
CVE-2024-24025 CRITICAL
Xxyopen Novel-plus < 4.2.0 - Unrestricted File Upload
CVSS 9.8
CVE-2024-24024 CRITICAL
Xxyopen Novel-plus < 4.2.0 - Unrestricted File Upload
CVSS 9.8
CVE-2024-1268 MEDIUM
CodeAstro Restaurant POS System 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2024-1264 MEDIUM
Juanpao JPShop <1.5.02 - Unrestricted Upload
CVSS 6.3
CVE-2024-1263 MEDIUM
Juanpao JPShop <1.5.02 - Unrestricted Upload
CVSS 6.3
CVE-2024-1262 MEDIUM
Juanpao JPShop <1.5.02 - Unrestricted Upload
CVSS 6.3
CVE-2024-1261 MEDIUM
Juanpao JPShop <1.5.02 - Unrestricted Upload
CVSS 6.3
CVE-2024-1260 MEDIUM
Juanpao Jpshop < 1.5.02 - Unrestricted File Upload
CVSS 6.3
CVE-2024-22515 HIGH
iSpyConnect.com Agent DVR <5.1.6.0 - Code Injection
CVSS 8.8
CVE-2024-1259 MEDIUM
Juanpao Jpshop < 1.5.02 - Unrestricted File Upload
CVSS 6.3
CVE-2024-1253 MEDIUM
Byzoro Smart S40 Firmware < 2024-01-26 - Unrestricted File Upload
CVSS 4.7
CVE-2024-24000 CRITICAL
Huaxiaerp Jsherp - Unrestricted File Upload
CVSS 9.8
CVE-2024-0699 MEDIUM
AI Engine: Chatbots, Generators, Assistants, GPT 4 - File Upload
CVSS 6.6
Details
Vulnerabilities 4,016
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits