CWE-434
4,107 CVEs • Abstraction: Base • Likelihood of Exploit: Medium
Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
CVEs (4,107)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Adobe 2Adobe Commerce Magento Open SourceJun 17, 2026 Sep 1, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the API File Option Upload Extension. An attacker with Admin pri...Show more |
1Adobe 2Adobe Commerce Magento Open SourceJun 17, 2026 Sep 1, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges can upload a specially crafted f...Show more |
IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated user to upload a file that could execute arbitrary code on the system. IBM X-Force ID: 207633. |
KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles.php is no longer re...Show more |
Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may allow an attacker to remotely execute code. |
1Zohocorp 1Manageengine Log360 Jun 17, 2026 Aug 29, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution. |
An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in HTM format. |
An Unrestricted Upload of File with Dangerous Type vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows remote attackers to upload any files to the /tmp directory of the device through the webpage API. This can...Show more |
1Nascent 1Remkon Device Manager Jun 17, 2026 Aug 24, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The assets/index.php Image Upload feature of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to upload any code to the target system and achieve remote code execution. |
Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code. |
5Debian FedoraprojectNetapp+2 more15Business Activity Monitoring Commerce Guided SearchCommunications Billing And Revenue Management Elastic Charging Engine+12 moreJun 17, 2026 Aug 23, 2021 N/A· v4 8.5 HIGH· v3 6.0 MEDIUM· v2 XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the p...Show more |
5Debian FedoraprojectNetapp+2 more13Business Activity Monitoring Communications Billing And Revenue Management Elastic Charging EngineCommunications Cloud Native Core Automated Test Suite+10 moreJun 17, 2026 Aug 23, 2021 N/A· v4 8.5 HIGH· v3 6.0 MEDIUM· v2 XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the p...Show more |
5Debian FedoraprojectNetapp+2 more15Business Activity Monitoring Commerce Guided SearchCommunications Billing And Revenue Management Elastic Charging Engine+12 moreJun 17, 2026 Aug 23, 2021 N/A· v4 8.5 HIGH· v3 6.0 MEDIUM· v2 XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the p...Show more |
5Debian FedoraprojectNetapp+2 more15Business Activity Monitoring Commerce Guided SearchCommunications Billing And Revenue Management Elastic Charging Engine+12 moreJun 17, 2026 Aug 23, 2021 N/A· v4 8.5 HIGH· v3 6.0 MEDIUM· v2 XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the p...Show more |
5Debian FedoraprojectNetapp+2 more15Business Activity Monitoring Commerce Guided SearchCommunications Billing And Revenue Management Elastic Charging Engine+12 moreJun 17, 2026 Aug 23, 2021 N/A· v4 8.5 HIGH· v3 6.0 MEDIUM· v2 XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the p...Show more |
5Debian FedoraprojectNetapp+2 more15Business Activity Monitoring Commerce Guided SearchCommunications Billing And Revenue Management Elastic Charging Engine+12 moreJun 17, 2026 Aug 23, 2021 N/A· v4 8.5 HIGH· v3 6.0 MEDIUM· v2 XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the p...Show more |
5Debian FedoraprojectNetapp+2 more15Business Activity Monitoring Commerce Guided SearchCommunications Billing And Revenue Management Elastic Charging Engine+12 moreJun 17, 2026 Aug 23, 2021 N/A· v4 8.5 HIGH· v3 6.0 MEDIUM· v2 XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the p...Show more |
5Debian FedoraprojectNetapp+2 more15Business Activity Monitoring Commerce Guided SearchCommunications Billing And Revenue Management Elastic Charging Engine+12 moreJun 17, 2026 Aug 23, 2021 N/A· v4 8.5 HIGH· v3 6.0 MEDIUM· v2 XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the p...Show more |
5Debian FedoraprojectNetapp+2 more15Business Activity Monitoring Commerce Guided SearchCommunications Billing And Revenue Management Elastic Charging Engine+12 moreJun 17, 2026 Aug 23, 2021 N/A· v4 8.5 HIGH· v3 6.0 MEDIUM· v2 XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the p...Show more |
5Debian FedoraprojectNetapp+2 more15Business Activity Monitoring Commerce Guided SearchCommunications Billing And Revenue Management Elastic Charging Engine+12 moreJun 17, 2026 Aug 23, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the p...Show more |