CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,010 vulnerabilities with CWE-434
CVE-2026-23499 MEDIUM
Saleor <3.20.108-3.22.27 - Code Injection
CVSS 5.4
CVE-2026-1222 HIGH
PrismX MX100 AP - RCE
CVSS 7.2
CVE-2026-1152 MEDIUM
Technical-laohu Mpay < 1.2.4 - Improper Access Control
CVSS 4.7
CVE-2026-1126 MEDIUM
LWJ Flow - Unrestricted File Upload in SVG File Handler
CVSS 6.3
CVE-2026-1107 MEDIUM
EyouCMS <1.7.1/5.0 - Unrestricted Upload
CVSS 6.3
CVE-2026-1061 MEDIUM
xiweicheng TMS <2.28.0 - Unrestricted Upload
CVSS 6.3
CVE-2026-21625 HIGH
Stackideas Easydiscuss < 5.0.15 - Unrestricted File Upload
CVSS 8.8
CVE-2026-1021 CRITICAL
Gotac Police Statistics Database System - Unrestricted File Upload
CVSS 9.8
CVE-2026-0496 MEDIUM
SAP Fiori App Intercompany Balance Reconciliation - File Upload
CVSS 6.6
CVE-2026-22799 HIGH
Emlog < 2.6.1 - Unrestricted File Upload
CVSS 8.8
CVE-2026-22789 MEDIUM
Wem - Unrestricted File Upload
CVSS 5.4
CVE-2026-22786 HIGH
Flipped-aurora Gin-vue-admin - Path Traversal
CVSS 7.2
CVE-2026-22783 CRITICAL
Iris <2.4.24 - Privilege Escalation
CVSS 9.6
CVE-2026-22241 HIGH
Openeclass < 4.1 - Unrestricted File Upload
CVSS 7.2
CVE-2026-21877 CRITICAL
N8n < 1.121.3 - Code Injection
CVSS 9.9
CVE-2026-0643 HIGH
Projectworlds House Rental And Proper... - Improper Access Control
CVSS 7.3
CVE-2026-0577 MEDIUM
Fabian Online Product Reservation System - Improper Access Control
CVSS 6.3
CVE-2026-0566 MEDIUM
Code-projects Content Management System - Improper Access Control
CVSS 4.7
CVE-2026-0547 MEDIUM
Phpgurukul Online Course Registration < 3.1 - Improper Access Control
CVSS 6.3
CVE-2025-36074 MEDIUM
Security vulnerability has been detected in IBM Security Verify Directory
CVSS 5.5
CVE-2025-14938 MEDIUM
Listeo-Core - Directory Plugin by Purethemes <= 2.0.27 - Unauthenticated Arbitrary Media Upload
CVSS 5.3
CVE-2025-59710 HIGH
Biztalk360 <11.5 - RCE
CVSS 8.8
CVE-2025-32957 HIGH
baserCMS: unsafe File Upload Leading to Remote Code Execution (RCE)
CVSS 8.7
CVE-2025-55267 MEDIUM
HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerability
CVSS 5.7
CVE-2025-60947 HIGH
Census CSWeb 8.0.1 - Arbitrary File Upload
CVSS 8.8
Details
Vulnerabilities 4,010
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits