CWE-434
Medium likelihoodUnrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
4,104 vulnerabilities with CWE-434
CVE-2025-41735
HIGH
metz-connect ewio2-m_firmware < 2.2.0 - Unrestricted File Upload and Remote Code Execution
CVSS 8.8
CVE-2025-41347
CRITICAL
WinPlus v24.11.27 - Unrestricted Upload of Dangerous File Type via /WinplusPortal/ws/sWinplus.svc/json/uploadfile
CVSS 9.8
CVE-2025-13069
HIGH
Enable SVG WebP & ICO Upload <1.1.2 - File Upload
CVSS 8.8
CVE-2025-12775
HIGH
WP Dropzone <1.1.0 - Authenticated File Upload
CVSS 8.8
CVE-2025-12528
HIGH
WordPress Pie Forms <= 1.6 - Unauthenticated File Upload Code Execution
CVSS 8.1
CVE-2025-12974
HIGH
Gravity Forms WordPress <2.9.21.1 - RCE
CVSS 8.1
CVE-2025-63748
HIGH
QaTraq 6.9.2 - Authenticated Arbitrary File Upload via Test Script Attachment Feature
CVSS 8.8
CVE-2025-13275
MEDIUM
Iqbolshoh php-business-website <10677743a8dfc281f85291a27cf63a0bce0...
CVSS 4.7
CVE-2025-13249
MEDIUM
Jiusi OA <20251102 - Unrestricted Upload
CVSS 6.3
CVE-2025-13238
MEDIUM
Bdtask Flight Booking Software 4 - Unrestricted File Upload in Edit Profile Page
CVSS 6.3
CVE-2025-13198
MEDIUM
DouPHP <1.8 Release 20251022 - Unrestricted Upload
CVSS 4.7
CVE-2025-13185
MEDIUM
Bdtask News365 < 7.0.3 - Unrestricted File Upload via Profile Image/Banner Image Argument
CVSS 4.7
CVE-2025-55810
MEDIUM
Alaga Home Security WiFi Camera 3K - Command Injection
CVSS 6.8
CVE-2025-13061
MEDIUM
Online Voting System 1.0 - Unrestricted File Upload in manage_voting Page
CVSS 6.3
CVE-2025-12048
HIGH
Lenovo Scanner Pro < 1.0.0.4 - Arbitrary File Upload
CVSS 7.5
CVE-2025-59118
HIGH
Apache OFBiz < 24.09.03 - Unrestricted Upload of File with Dangerous Type
CVSS 7.3
CVE-2025-24862
LOW
Intel(R) CIP <WIN_DCA_2.4.0.11001 - Privilege Escalation
CVSS 2.0
CVE-2025-12846
HIGH
Blocksy Companion <2.1.19 - Authenticated File Upload
CVSS 8.8
CVE-2025-11170
CRITICAL
WordPress WP移行専用プラグイン for CPI <= 1.0.2 - Unauthenticated File Upload Code Execution
CVSS 9.8
CVE-2025-42883
LOW
SAP NetWeaver Application Server - Privilege Escalation
CVSS 2.7
CVE-2025-63678
HIGH
CMS Made Simple Foundation File Manager <2.2.22 - RCE
CVSS 7.2
CVE-2025-12867
HIGH
Hundred Plus EIP Plus < RELEASE_240626 - Arbitrary File Upload and Remote Code Execution
CVSS 7.2
CVE-2025-12399
HIGH
Alex Reservations: Smart Restaurant Booking <2.2.3 - File Upload
CVSS 7.2
CVE-2025-11967
HIGH
Mail Mint < 1.18.10 - Authenticated Arbitrary File Upload via Contact Import Function
CVSS 7.2
CVE-2025-12161
HIGH
Smart Auto Upload Images <1.2.0 - File Upload
CVSS 8.8
Details
Vulnerabilities
4,104
Exploit Likelihood
Medium