CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,011 vulnerabilities with CWE-434
CVE-2025-64231 CRITICAL
RedefiningTheWeb WordPress Contact Form 7 PDF - Unrestricted Upload...
CVSS 9.9
CVE-2025-68109 CRITICAL
Churchcrm < 6.5.3 - Remote Code Execution
CVSS 9.1
CVE-2025-67164 CRITICAL
Pagekit - Code Injection
CVSS 9.9
CVE-2025-66449 HIGH
ConvertX <0.16.0 - Code Injection
CVSS 8.8
CVE-2025-14642 MEDIUM
Computer Laboratory System 1.0 - Unrestricted Upload
CVSS 4.7
CVE-2025-14641 MEDIUM
Computer Laboratory System 1.0 - Unrestricted Upload
CVSS 4.7
CVE-2025-13094 HIGH
WP3D Model Import Viewer <1.0.8 - RCE
CVSS 8.8
CVE-2025-14583 HIGH
campcodes Online Student Enrollment System 1.0 - Unrestricted Upload
CVSS 7.3
CVE-2025-14582 MEDIUM
campcodes Online Student Enrollment System 1.0 - Unrestricted Upload
CVSS 4.7
CVE-2025-12968 HIGH
Infility Global <2.14.23 - File Upload
CVSS 8.8
CVE-2025-34506 HIGH
Wbce Cms < 1.6.3 - Unrestricted File Upload
CVSS 8.8
CVE-2025-14530 MEDIUM
Remyandrade Real Estate Property Listing App - Improper Access Control
CVSS 4.7
CVE-2025-65474 CRITICAL
EasyImages <2.8.6 - RCE
CVSS 9.8
CVE-2025-65471 HIGH
Easyimages2.0 < 2.8.6 - Unrestricted File Upload
CVSS 8.8
CVE-2025-14522 MEDIUM
Baowzh Hfly < 2016-05-11 - Improper Access Control
CVSS 6.3
CVE-2025-14390 HIGH
Video Merchant <=5.0.4 - CSRF
CVSS 8.8
CVE-2025-67506 CRITICAL
PipesHub <0.1.0-beta - Path Traversal
CVSS 9.8
CVE-2025-61808 CRITICAL
Adobe Coldfusion - Unrestricted File Upload
CVSS 9.1
CVE-2025-56704 HIGH
Lepton-cms Leptoncms - Unrestricted File Upload
CVSS 8.8
CVE-2025-14219 MEDIUM
Campcodes Retro Basketball Shoes Online Store - Improper Access Control
CVSS 4.7
CVE-2025-14199 MEDIUM
Verysync <2.21.3 - Unrestricted Upload
CVSS 6.3
CVE-2025-14195 MEDIUM
Carmelogarcia Employee Profile Management System - Improper Access Control
CVSS 6.3
CVE-2025-13065 HIGH
Starter Templates <4.4.41 - RCE
CVSS 8.8
CVE-2025-12966 HIGH
All-in-One Video Gallery <4.5.7 - RCE
CVSS 8.8
CVE-2025-12673 CRITICAL
Flex QR Code Generator <1.2.6 - RCE
CVSS 9.8
Details
Vulnerabilities 4,011
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits