CWE-351

Total CVEs
7
Vulnerabilities
Avg CVSS v3
6.0
Medium
Avg CVSS v2
4.3
Medium
Latest CVE
2025
Most Recent

Severity Distribution

Critical 1
14.3%
High 1
14.3%
Medium 4
57.1%
Low 1
14.3%

External References

MITRE CWE
Official CWE definition
NIST NVD
Search CVEs by CWE

All CVEs (7)

Page 1 of 1

CVE-2025-30510

CRITICAL
CVSS:9.8(Critical)

An attacker can upload an arbitrary file instead of a plant image.

CWE-3512025

CVE-2023-2866

HIGH
CVSS:7.8(High)

If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the S...

CWE-3512023

CVE-2020-10134

MEDIUM
CVSS:6.3(Medium)

Pairing in Bluetooth® Core v5.2 and earlier may permit an unauthenticated attacker to acquire credentials with two pairing devices via adjacent access when the unauthenticated user initiates different...

CWE-3512020

CVE-2024-4769

MEDIUM
CVSS:5.9(Medium)

When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn in...

CWE-3512024

CVE-2025-47939

MEDIUM
CVSS:5.4(Medium)

TYPO3 is an open source, PHP based web content management system. By design, the file management module in TYPO3’s backend user interface has historically allowed the upload of any file type, with the...

CWE-3512025

CVE-2024-45676

MEDIUM
CVSS:4.3(Medium)

IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user to upload insecure files, due to insufficient file type distinction.

CWE-3512024

CVE-2025-32035

LOW
CVSS:2.6(Low)

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 9.13.2, when uploading files (e.g. when uploading assets), the file extension is ...

CWE-3512025