CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,102 vulnerabilities with CWE-434
CVE-2025-67886 MEDIUM
Bitrix24 through 25.100.300 - Remote Code Execution
CVSS 6.3
CVE-2025-36074 MEDIUM
Security vulnerability has been detected in IBM Security Verify Directory
CVSS 5.5
CVE-2025-14938 MEDIUM
Listeo-Core - Directory Plugin by Purethemes <= 2.0.27 - Unauthenticated Arbitrary Media Upload
CVSS 5.3
CVE-2025-59710 HIGH
BizTalk360 <11.5 - Malicious DLL Remote Code Execution
CVSS 8.8
CVE-2025-32957 HIGH
baserCMS <5.2.3 Restore Function - Unsafe ZIP Upload Code Execution
CVSS 8.7
CVE-2025-55267 MEDIUM
HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerability
CVSS 5.7
CVE-2025-60947 HIGH
Census CSWeb 8.0.1 - Arbitrary File Upload
CVSS 8.8
CVE-2025-67260 HIGH
Terrapack TkWebCoreNG 1.0.20200914 - Code Injection
CVSS 8.8
CVE-2025-13462 LOW
CPython Tarfile Archive Misinterpretation via AREGTYPE Block Normalization
CVSS 3.3
CVE-2025-13067 HIGH
Royal Addons for Elementor <=1.7.1049 - RCE
CVSS 8.8
CVE-2025-68555 CRITICAL
zozothemes Nutrie <2.0.1 - File Upload
CVSS 9.9
CVE-2025-68554 CRITICAL
Keenarch < 2.0.1 - Unrestricted Upload of File with Dangerous Type
CVSS 9.9
CVE-2025-68553 CRITICAL
Lendiz < 2.0.1 - Arbitrary File Upload
CVSS 9.9
CVE-2025-14532 CRITICAL
DobryCMS < 5.0 - Unauthenticated File Upload Remote Code Execution
CVSS 9.8
CVE-2025-69771 CRITICAL
asbplayer < 1.13.0 - Cross-Site Scripting via Crafted .srt Subtitle File
CVSS 9.6
CVE-2025-69403 CRITICAL
Bravis Addons <=1.1.9 - File Upload
CVSS 9.9
CVE-2025-68549 CRITICAL
Wiguard < 2.0.1 - Unauthenticated Arbitrary File Upload
CVSS 9.9
CVE-2025-13590 CRITICAL
WSO2 API Manager < 9.32.167 - Authenticated Remote Code Execution via Arbitrary File Upload
CVSS 9.1
CVE-2025-12500 MEDIUM
Checkout Field Manager for WooCommerce <=7.8.1 - Unauthenticated Fi...
CVSS 5.3
CVE-2025-70151 HIGH
Scholars Tracking System 1.0 - Authenticated RCE
CVSS 8.8
CVE-2025-13689 HIGH
IBM DataStage on Cloud Pak - Command Injection
CVSS 8.8
CVE-2025-36183 LOW
IBM watsonx.data 2.2-2.2.1 - Code Injection
CVSS 3.8
CVE-2025-14014 CRITICAL
NTN Information Processing Services Computer Software Hardware Indu...
CVSS 9.8
CVE-2025-10465 HIGH
Sensaway <= 09022026 - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2025-69906 HIGH
Monstra CMS 3.0.4 - Remote Code Execution via Files Manager Plugin File Upload
CVSS 8.8
Details
Vulnerabilities 4,102
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits