CWE-351
12 CVEs classified under CWE-351. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-30510 | Critical | 9.8 | 2025-04-15 | An attacker can upload an arbitrary file instead of a plant image. |
CVE-2025-31951 | High | 8.8 | 2026-05-06 | HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identif… |
CVE-2023-2866 | High | 7.3 | 2023-06-07 | If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used… |
CVE-2025-65960 | Medium | 6.6 | 2025-11-25 | Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, back end users with precise control over the contents of t… |
CVE-2020-10134 | Medium | 6.3 | 2020-05-19 | Pairing in Bluetooth® Core v5.2 and earlier may permit an unauthenticated attacker to acquire credentials with two pairing devices via adjacent access when the… |
CVE-2026-41341 | Medium | 5.4 | 2026-04-23 | OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extens… |
CVE-2025-47939 | Medium | 5.4 | 2025-05-20 | TYPO3 is an open source, PHP based web content management system. By design, the file management module in TYPO3’s backend user interface has historically allo… |
CVE-2024-45676 | Medium | 4.3 | 2024-12-03 | IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user to upload insecure files, due to insufficient file type distinction. |
CVE-2025-32035 | Low | 2.6 | 2025-04-08 | DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 9.13.2, when uploading files (e.g. when… |
CVE-2025-54413 | | 2025-07-26 | skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain an inconsistency in MethodNode, w… | |
CVE-2025-54412 | | 2025-07-26 | skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain a inconsistency in the OperatorFu… | |
CVE-2022-1642 | | 2022-06-16 | A program using swift-corelibs-foundation is vulnerable to a denial of service attack caused by a potentially malicious source producing a JSON document contai… |