VYPR

CWE-434

Unrestricted Upload of File with Dangerous Type

BaseDraftLikelihood: Medium

Description

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-1

CVEs mapped to this weakness (1,669)

page 42 of 84
  • CVE-2016-15046HigJul 25, 2025
    risk 0.56cvss epss 0.01

    A client-side remote code execution vulnerability exists in Hanwha Techwin Smart Security Manager (SSM) versions 1.32 and 1.4, due to improper restrictions on the PUT method exposed by the bundled Apache ActiveMQ instance (running on port 8161). An attacker can exploit this flaw…

  • CVE-2023-2034HigApr 14, 2023
    risk 0.56cvss 8.8epss 0.73

    Unrestricted Upload of File with Dangerous Type in GitHub repository froxlor/froxlor prior to 2.0.14.

  • CVE-2021-39154HigAug 23, 2021
    risk 0.56cvss 8.5epss 0.05

    XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed…

  • CVE-2021-39151HigAug 23, 2021
    risk 0.56cvss 8.5epss 0.05

    XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed…

  • CVE-2021-39149HigAug 23, 2021
    risk 0.56cvss 8.5epss 0.05

    XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed…

  • CVE-2021-21355HigMar 23, 2021
    risk 0.56cvss 8.6epss 0.02

    TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions -…

  • CVE-2026-9157HigMay 21, 2026
    risk 0.55cvss 8.4epss 0.00

    Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion. This issue affects Web Fax: from 3.0 before 3.1.

  • CVE-2018-25258HigApr 12, 2026
    risk 0.55cvss 8.4epss 0.00

    RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can craft malicious input in the Language for menus and messages field to trigger…

  • CVE-2019-25627HigMar 24, 2026
    risk 0.55cvss 8.4epss 0.00

    FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overflow. Attackers can craft a malicious text file with carefully aligned shellcode and…

  • CVE-2019-25626HigMar 24, 2026
    risk 0.55cvss 8.4epss 0.00

    River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability in the activation code input field that allows local attackers to execute arbitrary code by supplying a malicious activation code string. Attackers can craft a buffer containing 608 bytes of junk data…

  • CVE-2026-28133HigMar 5, 2026
    risk 0.55cvss 8.5epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in WP Chill Filr filr-protection allows Upload a Web Shell to a Web Server.This issue affects Filr: from n/a through <= 1.2.14.

  • CVE-2023-39307HigMar 26, 2024
    risk 0.55cvss 8.5epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.

  • CVE-2023-47784HigDec 20, 2023
    risk 0.55cvss 8.4epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a through 6.6.15.

  • CVE-2022-0415HigMar 21, 2022
    risk 0.55cvss 8.8epss 0.65

    Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6.

  • CVE-2018-15139HigAug 13, 2018
    risk 0.55cvss 8.8epss 0.19

    Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images…

  • CVE-2017-13156HigDec 6, 2017
    risk 0.55cvss 7.8epss 0.20

    An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847.

  • CVE-2017-1000119HigOct 5, 2017
    risk 0.55cvss 7.2epss 0.61

    October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server.

  • CVE-2025-48396HigNov 3, 2025
    risk 0.54cvss 8.3epss 0.00

    Arbitrary code execution is possible due to improper validation of the file upload functionality in Eaton BLSS. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS (7.3.0.SCP004).

  • CVE-2025-54071CriJul 21, 2025
    risk 0.54cvss epss 0.01

    RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. In versions 4.0.0-beta.3 and below, an authenticated arbitrary file write vulnerability exists in the /api/saves endpoint. This can lead to Remote Code…

  • CVE-2025-0520CriApr 29, 2025
    risk 0.54cvss epss 0.01

    An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7.