CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,103 vulnerabilities with CWE-434

CVE-2025-13329 CRITICAL

WooCommerce File Uploader <1.0.4 - RCE

CVSS 9.8

CVE-2025-66908 MEDIUM

Turms AI-Serving < 0.10.0-SNAPSHOT - Unrestricted File Upload via OCR Image Upload

CVSS 5.3

CVE-2025-68398 CRITICAL

Weblate < 5.15.1 - Path Traversal via Git Configuration Overwrite

CVSS 9.1

CVE-2025-14849 HIGH

Advantech WebAccess/SCADA - Unrestricted File Upload and Remote Code Execution

CVSS 8.8

CVE-2025-14885 MEDIUM

SourceCodester Client Database Management System 1.0 - Unrestricted File Upload in Leads Generation Module

CVSS 6.3

CVE-2025-66074 CRITICAL

Cozmoslabs WP Webhooks <3.3.8 - Path Traversal

CVSS 9.0

CVE-2025-64374 CRITICAL

StylemixThemes Motors <5.6.81 - Unrestricted Upload

CVSS 9.9

CVE-2025-64231 CRITICAL

RedefiningTheWeb WordPress Contact Form 7 PDF - Unrestricted Upload...

CVSS 9.9

CVE-2025-68109 CRITICAL

ChurchCRM < 6.5.3 - Remote Code Execution via Database Restore File Upload

CVSS 9.1

CVE-2025-67164 CRITICAL

Pagekit 1.0.18 - Authenticated Arbitrary File Upload and Remote Code Execution via /storage/poc.php

CVSS 9.9

CVE-2025-66449 HIGH

ConvertX < 0.16.0 - Authenticated Arbitrary File Write via Upload Endpoint

CVSS 8.8

CVE-2025-14642 MEDIUM

Computer Laboratory System 1.0 - Unrestricted Upload

CVSS 4.7

CVE-2025-14641 MEDIUM

Computer Laboratory System 1.0 - Unrestricted Upload

CVSS 4.7

CVE-2025-13094 HIGH

WP3D Model Import Viewer <1.0.8 - RCE

CVSS 8.8

CVE-2025-14583 HIGH

campcodes Online Student Enrollment System 1.0 - Unrestricted Upload

CVSS 7.3

CVE-2025-14582 MEDIUM

campcodes Online Student Enrollment System 1.0 - Unrestricted Upload

CVSS 4.7

CVE-2025-12968 HIGH

Infility Global <2.14.23 - File Upload

CVSS 8.8

CVE-2025-34506 HIGH

WBCE CMS < 1.6.3 - Authenticated Remote Code Execution via Malicious Module Upload

CVSS 8.8

CVE-2025-14530 MEDIUM

Real Estate Property Listing App 1.0 - Unrestricted File Upload via Image Argument in /admin/property.php

CVSS 4.7

CVE-2025-65474 CRITICAL

EasyImages 2.0 <= 2.8.6 manager.php - PHP File Rename Code Execution

CVSS 9.8

CVE-2025-65471 HIGH

easyimages2.0 < 2.8.6 - Arbitrary File Upload via /admin/manager.php

CVSS 8.8

CVE-2025-14522 MEDIUM

baowzh hfly < 2016-05-11 - Unrestricted File Upload via imgFile Parameter

CVSS 6.3

CVE-2025-14390 HIGH

Video Merchant <= 5.0.4 - Unauthenticated Arbitrary File Upload via CSRF in video_merchant_add_video_file

CVSS 8.8

CVE-2025-67506 CRITICAL

PipesHub <0.1.0-beta - Path Traversal

CVSS 9.8

CVE-2025-61808 CRITICAL

ColdFusion <= 2025.4, <= 2023.16, <= 2021.22 - Authenticated Arbitrary File Upload

CVSS 9.1

Details

Vulnerabilities 4,103

Exploit Likelihood Medium

Links