CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,011 vulnerabilities with CWE-434
CVE-2025-13249 MEDIUM
Jiusi OA <20251102 - Unrestricted Upload
CVSS 6.3
CVE-2025-13238 MEDIUM
Bdtask Flight Booking Software - Improper Access Control
CVSS 6.3
CVE-2025-13198 MEDIUM
DouPHP <1.8 Release 20251022 - Unrestricted Upload
CVSS 4.7
CVE-2025-13185 MEDIUM
Bdtask News365 < 7.0.3 - Improper Access Control
CVSS 4.7
CVE-2025-55810 MEDIUM
Alaga Home Security WiFi Camera 3K - Command Injection
CVSS 6.8
CVE-2025-13061 MEDIUM
Angeljudesuarez Online Voting System - Improper Access Control
CVSS 6.3
CVE-2025-12048 HIGH
Lenovo Scanner Pro - RCE
CVSS 7.5
CVE-2025-59118 HIGH
Apache Ofbiz < 24.09.03 - Unrestricted File Upload
CVSS 7.3
CVE-2025-24862 LOW
Intel(R) CIP <WIN_DCA_2.4.0.11001 - Privilege Escalation
CVSS 2.0
CVE-2025-12846 HIGH
Blocksy Companion <2.1.19 - Authenticated File Upload
CVSS 8.8
CVE-2025-11170 CRITICAL
WP移行専用プラグイン for CPI 1.0.2 - RCE
CVSS 9.8
CVE-2025-42883 LOW
SAP NetWeaver Application Server - Privilege Escalation
CVSS 2.7
CVE-2025-63678 HIGH
CMS Made Simple Foundation File Manager <2.2.22 - RCE
CVSS 7.2
CVE-2025-12867 HIGH
EIP Plus - RCE
CVSS 7.2
CVE-2025-12399 HIGH
Alex Reservations: Smart Restaurant Booking <2.2.3 - File Upload
CVSS 7.2
CVE-2025-11967 HIGH
Mail Mint <1.18.10 - RCE
CVSS 7.2
CVE-2025-12161 HIGH
Smart Auto Upload Images <1.2.0 - File Upload
CVSS 8.8
CVE-2025-12862 MEDIUM
projectworlds Online Notes Sharing Platform 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2025-34299 CRITICAL
Monstaftp Monsta FTP < 2.11 - Unrestricted File Upload
CVSS 9.8
CVE-2025-12352 CRITICAL
Gravity Forms <2.9.20 - RCE
CVSS 9.8
CVE-2025-64176 MEDIUM
Matiasdesuu Thinkdashboard < 0.6.8 - XSS
CVSS 5.3
CVE-2025-6327 CRITICAL
King Addons for Elementor <51.1.36 - RCE
CVSS 10.0
CVE-2025-62065 CRITICAL
Rometheme RTMKit <1.6.5 - Uplaod of File with Dangerous Type
CVSS 9.9
CVE-2025-62047 CRITICAL
Case Addons < 1.3.0 - Unrestricted Upload
CVSS 9.9
CVE-2025-62016 CRITICAL
hogash Kallyas <4.22.0 - Unrestricted Upload
CVSS 9.9
Details
Vulnerabilities 4,011
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits