CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,010 vulnerabilities with CWE-434
CVE-2025-65783 CRITICAL
Hubert Imoveis e Administracao Ltda Hub v2.0-1.27.3 - RCE
CVSS 9.8
CVE-2025-66802 CRITICAL
Sourcecodester Covid-19 Contact Tracing System 1.0 - RCE
CVSS 9.8
CVE-2025-46068 HIGH
Automai Director - Unrestricted File Upload
CVSS 8.8
CVE-2025-15503 HIGH
Sangfor Operation And Maintenance Sec... - Improper Access Control
CVSS 7.3
CVE-2025-15495 MEDIUM
Biggidroid Simple Php Cms - Improper Access Control
CVSS 4.7
CVE-2025-67325 CRITICAL
Webkul Qloapps < 1.7.0 - Unrestricted File Upload
CVSS 9.8
CVE-2025-67924 CRITICAL
zozothemes Corpkit <2.0. - RCE
CVSS 9.9
CVE-2025-67910 CRITICAL
Contentstudio <1.3.7 - RCE
CVSS 9.1
CVE-2025-66837 MEDIUM
ARIS 10.0.23.0.3587512 - RCE
CVSS 6.8
CVE-2025-15158 HIGH
WP Enable WebP <1.0 - File Upload
CVSS 8.8
CVE-2025-14842 MEDIUM
Contact Form 7 <1.3.9.2 - RCE
CVSS 6.1
CVE-2025-30996 CRITICAL
Themify <1.9.8-2.0.0 - RCE
CVSS 9.9
CVE-2025-31048 CRITICAL
Themify Shopo <1.1.4 - RCE
CVSS 9.9
CVE-2025-15240 HIGH
Quantatw Qoca Aim < 2.7.6 - Unrestricted File Upload
CVSS 8.8
CVE-2025-15448 MEDIUM
cld378632668 JavaMall <994f1e2b019378ec9444cdf3fce2d5b5f72d28f0 - U...
CVSS 6.3
CVE-2025-15426 HIGH
H-ui.admin <3.1 - Unrestricted Upload
CVSS 7.3
CVE-2025-15423 MEDIUM
Phome Empirecms < 8.0 - Improper Access Control
CVSS 6.3
CVE-2025-15415 MEDIUM
Wang.market Wangmarket < 6.4 - Improper Access Control
CVSS 4.7
CVE-2025-15404 MEDIUM
Campcodes School File Management System - Improper Access Control
CVSS 6.3
CVE-2025-67707 MEDIUM
Esri Arcgis Server < 11.5 - Unrestricted File Upload
CVSS 5.6
CVE-2025-67706 MEDIUM
Esri Arcgis Server < 11.5 - Unrestricted File Upload
CVSS 5.6
CVE-2025-15360 MEDIUM
Newbee-ltd Newbee-mall-plus - Improper Access Control
CVSS 4.7
CVE-2025-15262 MEDIUM
Biggidroid Simple Php Cms - Improper Access Control
CVSS 4.7
CVE-2025-68562 CRITICAL
RomanCode MapSVG <8.7.3 - RCE
CVSS 9.9
CVE-2025-15199 MEDIUM
Code-projects College Notes Uploading System - Improper Access Control
CVSS 6.3
Details
Vulnerabilities 4,010
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits