CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,011 vulnerabilities with CWE-434
CVE-2025-12344 MEDIUM
Yonyou U8 Cloud <5.1sp - Unrestricted Upload
CVSS 6.3
CVE-2025-12331 MEDIUM
Matthewdeaves Willow Cms < 1.4.0 - Improper Access Control
CVSS 4.7
CVE-2025-12301 HIGH
Fabian Simple Food Ordering System - Improper Access Control
CVSS 7.3
CVE-2025-12291 MEDIUM
ashymuzuro Full-Ecommece-Website & Muzuro Ecommerce System <1.1.0 -...
CVSS 4.7
CVE-2025-12268 MEDIUM
Learnhouse < 2025-09-21 - Improper Access Control
CVSS 6.3
CVE-2025-12223 MEDIUM
Bdtask Flight Booking Software < 3.1 - Improper Access Control
CVSS 6.3
CVE-2025-12222 MEDIUM
Bdtask Flight Booking Software < 3.1 - Improper Access Control
CVSS 6.3
CVE-2025-12201 MEDIUM
Ajayrandhawa User-management-php-mysql - Improper Access Control
CVSS 4.7
CVE-2025-60735 HIGH
PerfreeBlog v4.0.11 - File Upload
CVSS 7.6
CVE-2025-60731 HIGH
PerfreeBlog v4.0.11 - File Upload
CVSS 7.6
CVE-2025-11889 HIGH
AIO Forms - Craft Complex Forms Easily <1.3.15 - RCE
CVSS 7.2
CVE-2025-6440 CRITICAL
WooCommerce Designer Pro <1.9.26 - RCE
CVSS 9.8
CVE-2025-58963 CRITICAL
7oroof Medcity <1.1.9 - RCE
CVSS 10.0
CVE-2025-52758 CRITICAL
Zippy <1.7.0 - Unrestricted Upload
CVSS 9.1
CVE-2025-49060 CRITICAL
CMSSuperHeroes Wastia <1.1.3 - RCE
CVSS 10.0
CVE-2025-48106 CRITICAL
CMSSuperHeroes Clanora <1.3.1 - UUTFDT
CVSS 10.0
CVE-2025-60500 HIGH
QDocs Smart School Management System 7.1 - Auth Bypass
CVSS 7.2
CVE-2025-61181 MEDIUM
daicuocms V1.3.13 - File Upload
CVSS 6.5
CVE-2025-61417 HIGH
TastyIgniter 3.7.7 - XSS
CVSS 8.8
CVE-2025-31342 CRITICAL
Galaxy Software Services Corporation Vitals ESP Forum Module <1.3 -...
CVE-2025-11948 CRITICAL
Document Management System - RCE
CVSS 9.8
CVE-2025-11391 CRITICAL
PPOM - Product Addons & Custom Fields for WooCommerce <33.0.15 - RCE
CVSS 9.8
CVE-2025-56218 CRITICAL
Ascertia Signinghub < 8.6.8 - Unrestricted File Upload
CVSS 9.8
CVE-2025-11908 MEDIUM
Streamax Crocus - Improper Access Control
CVSS 6.3
CVE-2025-10754 HIGH
DocoDoco Store Locator <1.0.1 - RCE
CVSS 7.2
Details
Vulnerabilities 4,011
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits