CWE-434

4,011 vulnerabilities with CWE-434

CVE-2025-65897 HIGH

zdh_web <5.6.17 - Privilege Escalation/Remote Code Execution

CVSS 8.8

CVE-2025-12181 HIGH

ContentStudio plugin <1.3.7 - File Upload

CVSS 8.8

CVE-2025-12154 HIGH

Auto Thumbnailer plugin - RCE

CVSS 8.8

CVE-2025-12153 HIGH

WordPress Featured Image via URL <0.1 - RCE

CVSS 8.8

CVE-2025-13066 HIGH

Demo Importer Plus <2.0.6 - RCE

CVSS 8.8

CVE-2025-13543 HIGH

PostGallery plugin <1.12.5 - File Upload

CVSS 8.8

CVE-2025-65806 MEDIUM

E-POINT CMS eagle.gsam-1169.1 - RCE

CVSS 4.3

CVE-2025-65027 HIGH

RomM - XSS

CVSS 7.6

CVE-2025-13949 MEDIUM

ProudMuBai GoFilm <1.0.1 - Unrestricted Upload

CVSS 6.3

CVE-2025-13646 HIGH

Wpchill Modula Image Gallery < 2.13.3 - Unrestricted File Upload

CVSS 7.5

CVE-2025-65844 HIGH

EverShop 2.0.1 - RCE

CVSS 7.5

CVE-2025-13827 HIGH

Mautic Grapes-js-builder-bundle < 4.4.18 - Unrestricted File Upload

CVE-2025-13516 HIGH

SureMail SMTP & Email Logs Plugin <1.9.0 - Unrestricted Upload

CVSS 8.1

CVE-2025-13815 MEDIUM

Mogublog < 5.2 - Improper Access Control

CVSS 6.3

CVE-2025-51736 MEDIUM

Hcltech Unica - Unrestricted File Upload

CVSS 6.3

CVE-2025-13536 HIGH

Blubrry PowerPress <11.15.2 - Code Injection

CVSS 8.8

CVE-2025-66256 CRITICAL

Dbbroadcast Mozart Next 100 Firmware - Unrestricted File Upload

CVSS 9.8

CVE-2025-66255 CRITICAL

Dbbroadcast Mozart Next 3000 Firmware - Unrestricted File Upload

CVSS 9.8

CVE-2025-66250 CRITICAL

Dbbroadcast Mozart Next 100 Firmware - Unrestricted File Upload

CVSS 9.8

CVE-2025-13597 CRITICAL

AI Feeds <1.0.11 - File Upload

CVSS 9.8

CVE-2025-13595 CRITICAL

CIBELES AI <1.10.8 - File Upload

CVSS 9.8

CVE-2025-13376 HIGH

ProjectList plugin <0.3.0 - File Upload

CVSS 7.2

CVE-2025-13574 MEDIUM

Fabian Online Bidding System - Improper Access Control

CVSS 4.7

CVE-2025-13573 MEDIUM

Projectworlds Advanced Library Manage... - Improper Access Control

CVSS 6.3

CVE-2025-13544 MEDIUM

Ashraf-kabir Travel-agency < 2025-07-05 - Improper Access Control

CVSS 6.3