CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,011 vulnerabilities with CWE-434
CVE-2025-12973 HIGH
S2B AI Assistant for WordPress - Arbitrary File Upload
CVSS 7.2
CVE-2025-13156 HIGH
Vitepos - Point of Sale (POS) for WooCommerce plugin <= 3.3.0 - Arbitrary File Upload
CVSS 8.8
CVE-2025-12138 HIGH
URL Image Importer plugin <1.0.6 - File Upload
CVSS 8.8
CVE-2025-11456 CRITICAL
Elula Wsdesk < 3.3.2 - Unrestricted File Upload
CVSS 9.8
CVE-2025-0645 HIGH
Pyxis Signage <31012025 - Unrestricted Upload of File with Dangerou...
CVSS 7.2
CVE-2025-13423 MEDIUM
Campcodes Retro Basketball Shoes Onli... - Improper Access Control
CVSS 4.7
CVE-2025-13411 MEDIUM
Campcodes Retro Basketball Shoes Onli... - Improper Access Control
CVSS 4.7
CVE-2025-64759 HIGH
Homarr <1.43.3 - XSS
CVSS 8.1
CVE-2025-34336 MEDIUM
egovframe-common-components <4.3.1 - Unauthenticated File Upload
CVE-2025-34330 MEDIUM
Audiocodes Fax Server < 2.6.23 - Unrestricted File Upload
CVSS 5.3
CVE-2025-34329 CRITICAL
Audiocodes Fax Server < 2.6.23 - Unrestricted File Upload
CVSS 9.8
CVE-2025-34328 CRITICAL
Audiocodes Fax Server < 2.6.23 - Unrestricted File Upload
CVSS 9.8
CVE-2025-12057 CRITICAL
WavePlayer WP <3.8.0 - Unauthenticated RCE
CVSS 9.8
CVE-2025-63228 CRITICAL
Mozart FM Transmitter WEBMOZZI-00287 - RCE
CVSS 9.8
CVE-2025-63227 HIGH
Mozart FM Transmitter WEBMOZZI-00287 - RCE
CVSS 7.2
CVE-2025-63994 CRITICAL
RichFilemanager <2.7.6 - RCE
CVSS 9.8
CVE-2025-63695 CRITICAL
DzzOffice <2.3.7 - Code Injection
CVSS 9.8
CVE-2025-41735 HIGH
Metz-connect Ewio2-m Firmware < 2.2.0 - Unrestricted File Upload
CVSS 8.8
CVE-2025-41347 CRITICAL
Iest Winplus - Unrestricted File Upload
CVSS 9.8
CVE-2025-13069 HIGH
Enable SVG WebP & ICO Upload <1.1.2 - File Upload
CVSS 8.8
CVE-2025-12775 HIGH
WP Dropzone <1.1.0 - Authenticated File Upload
CVSS 8.8
CVE-2025-12528 HIGH
Pie Forms for WP <1.6 - RCE
CVSS 8.1
CVE-2025-12974 HIGH
Gravity Forms WordPress <2.9.21.1 - RCE
CVSS 8.1
CVE-2025-63748 HIGH
QaTraq 6.9.2 - File Upload
CVSS 8.8
CVE-2025-13275 MEDIUM
Iqbolshoh php-business-website <10677743a8dfc281f85291a27cf63a0bce0...
CVSS 4.7
Details
Vulnerabilities 4,011
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits