CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,103 vulnerabilities with CWE-434
CVE-2025-69906 HIGH
Monstra CMS 3.0.4 - Remote Code Execution via Files Manager Plugin File Upload
CVSS 8.8
CVE-2025-70849 MEDIUM
stefanprodan/podinfo < 6.9.0 - Unauthenticated Arbitrary File Upload and Stored Cross-Site Scripting via /store Endpoint
CVSS 6.1
CVE-2025-69981 CRITICAL
FUXA v1.2.7 - Unauthenticated Unrestricted File Upload via /api/upload Endpoint
CVSS 9.8
CVE-2025-65875 HIGH
FPDF <= 1.86 - Arbitrary File Upload via AddFont Function
CVSS 8.8
CVE-2025-61506 CRITICAL
MediaCrush < 1.0.1 - Unauthenticated Arbitrary File Upload via /upload Endpoint
CVSS 9.8
CVE-2025-66480 CRITICAL
wildfirechat im-server < 1.4.3 - Path Traversal and Arbitrary File Write via /fs Upload Endpoint
CVSS 9.8
CVE-2025-57795 CRITICAL
Explorance Blue < 8.14.13 - Authenticated Remote File Download and Remote Code Execution
CVSS 9.9
CVE-2025-57794 CRITICAL
Explorance Blue < 8.14.9 - Authenticated Unrestricted File Upload and Remote Code Execution
CVSS 9.1
CVE-2025-69559 CRITICAL
carmelo computer_book_store 1.0 - Unrestricted Upload of File with Dangerous Type via admin_add.php
CVSS 9.8
CVE-2025-69565 CRITICAL
Mobile Shop Management System 1.0 - Unrestricted File Upload via ExAddProduct.php
CVSS 9.8
CVE-2025-13374 CRITICAL
Kalrav AI Agent <2.3.3 - File Upload
CVSS 9.8
CVE-2025-70457 CRITICAL
Sourcecodester Modern Image Gallery App 1.0 - Unauthenticated Remote Code Execution via File Upload
CVSS 9.8
CVE-2025-69828 CRITICAL
TMS Management Console <6.3.7.27386.20250818 - RCE
CVSS 10.0
CVE-2025-69312 CRITICAL
Xpro Elementor Addons <1.4.19.1 - RCE
CVSS 9.1
CVE-2025-68986 CRITICAL
zozothemes Miion <= 1.2.7 - Unrestricted Upload of File with Dangerous Type
CVSS 9.9
CVE-2025-68910 CRITICAL
blazethemes Blogzee <= 1.0.5 - Code Injection
CVSS 9.9
CVE-2025-68909 CRITICAL
blazethemes Blogistic <1.0.5 - UAFDT
CVSS 9.9
CVE-2025-68001 CRITICAL
garidium g-FFL Checkout <2.1.0 - Unrestricted File Upload
CVSS 10.0
CVE-2025-67968 CRITICAL
InspiryThemes Real Homes CRM <1.0.0 - Unrestricted Upload of File w...
CVSS 9.9
CVE-2025-62056 CRITICAL
blazethemes News Event <1.0.1 - Uplaod of File with Dangerous Type
CVSS 9.9
CVE-2025-62050 CRITICAL
Blogmatic <1.0.4 - Uplaod of File with Dangerous Type
CVSS 9.9
CVE-2025-50002 CRITICAL
Farost Energia energia <1.1.2 - RCE
CVSS 10.0
CVE-2025-10856 HIGH
Teknoera <01102025 - Code Injection
CVSS 8.1
CVE-2025-33015 HIGH
IBM Concert <2.1.0 - Code Injection
CVSS 8.8
CVE-2025-55251 LOW
HCL AION - Unrestricted File Upload
CVSS 3.1
Details
Vulnerabilities 4,103
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits