CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,011 vulnerabilities with CWE-434
CVE-2025-15199 MEDIUM
Code-projects College Notes Uploading System - Improper Access Control
CVSS 6.3
CVE-2025-55061 HIGH
Priority Web <= 23.0 - Unrestricted File Upload
CVSS 8.8
CVE-2025-15197 MEDIUM
Anirbandutta News-buzz - Improper Access Control
CVSS 4.7
CVE-2025-57460 CRITICAL
Machsol Machpanel - Unrestricted File Upload
CVSS 9.8
CVE-2025-15228 CRITICAL
Welltend Bpmflowwebkit < 5.0.5 - Unrestricted File Upload
CVSS 9.8
CVE-2025-15226 CRITICAL
Sun.net Wmpro < 5.2 - Unrestricted File Upload
CVSS 9.8
CVE-2025-52691 CRITICAL KEV
Smartertools Smartermail < 100.0.9413 - Unrestricted File Upload
CVSS 10.0
CVE-2025-15067 HIGH
Innorix WP - Unrestricted File Upload
CVSS 7.7
CVE-2025-15152 MEDIUM
h-moses moga-mall <392d631a5ef15962a9bddeeb9f1269b9085473fa - Unres...
CVSS 6.3
CVE-2025-15110 MEDIUM
Jackq Xcms - Improper Access Control
CVSS 4.7
CVE-2025-15109 HIGH
jackq XCMS - Unrestricted File Upload
CVSS 7.3
CVE-2025-2155 HIGH
Echo Call Center Services Trade and Industry Inc. Specto CM <170320...
CVSS 8.8
CVE-2025-15050 MEDIUM
Fabian Student File Management System - Improper Access Control
CVSS 6.3
CVE-2025-51511 CRITICAL
Cadmium-cms Cadmium Cms - Unrestricted File Upload
CVSS 9.8
CVE-2025-67288 CRITICAL
Umbraco Cms - Unrestricted File Upload
CVSS 10.0
CVE-2025-67289 CRITICAL
Frappe Erpnext - XSS
CVSS 9.6
CVE-2025-15009 MEDIUM
1000mz Chestnutcms < 1.5.8 - Improper Access Control
CVSS 6.3
CVE-2025-14800 HIGH
Redirection for Contact Form 7 <3.2.7 - File Upload
CVSS 8.1
CVE-2025-13329 CRITICAL
WooCommerce File Uploader <1.0.4 - RCE
CVSS 9.8
CVE-2025-66908 MEDIUM
Turms - Unrestricted File Upload
CVSS 5.3
CVE-2025-68398 CRITICAL
Weblate < 5.15.1 - Path Traversal
CVSS 9.1
CVE-2025-14849 HIGH
Advantech Webaccess/scada - Unrestricted File Upload
CVSS 8.8
CVE-2025-14885 MEDIUM
Lerouxyxchire Client Database Managem... - Improper Access Control
CVSS 6.3
CVE-2025-66074 CRITICAL
Cozmoslabs WP Webhooks <3.3.8 - Path Traversal
CVSS 9.0
CVE-2025-64374 CRITICAL
StylemixThemes Motors <5.6.81 - Unrestricted Upload
CVSS 9.9
Details
Vulnerabilities 4,011
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits