CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,104 vulnerabilities with CWE-434
CVE-2025-12862 MEDIUM
projectworlds Online Notes Sharing Platform 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2025-34299 CRITICAL
Monsta FTP < 2.11 - Unauthenticated Arbitrary File Upload
CVSS 9.8
CVE-2025-12352 CRITICAL
Gravity Forms <= 2.9.20 - Unauthenticated Arbitrary File Upload via copy_post_image()
CVSS 9.8
CVE-2025-64176 MEDIUM
ThinkDashboard < 0.6.8 - Unrestricted File Upload via Backup Import Feature
CVSS 5.3
CVE-2025-6327 CRITICAL
King Addons for Elementor <51.1.36 - RCE
CVSS 10.0
CVE-2025-62065 CRITICAL
Rometheme RTMKit <1.6.5 - Uplaod of File with Dangerous Type
CVSS 9.9
CVE-2025-62047 CRITICAL
Case Addons < 1.3.0 - Unrestricted Upload
CVSS 9.9
CVE-2025-62016 CRITICAL
hogash Kallyas <4.22.0 - Unrestricted Upload
CVSS 9.9
CVE-2025-60235 CRITICAL
Plugify Helpdesk Support Ticket System for WooCommerce <2.1.0 - Unr...
CVSS 10.0
CVE-2025-60207 CRITICAL
Addify Custom User Registration Fields for WooCommerce <2.1.2 - Cod...
CVSS 10.0
CVE-2025-60187 MEDIUM
Vito Peleg Atarim atarim-visual-collaboration <4.2 - Unrestricted U...
CVSS 4.8
CVE-2025-58996 CRITICAL
Helmut Wandl Advanced Settings <3.1.1 - Code Injection
CVSS 9.1
CVE-2025-53283 CRITICAL
borisolhor Drop Uploader <2.4.1 - RCE
CVSS 10.0
CVE-2025-10907 HIGH
WSO2 API Control Plane - Authenticated Arbitrary File Upload via SOAP Admin Services
CVSS 8.4
CVE-2025-20376 MEDIUM
Cisco Unified Contact Center Express - Authenticated Arbitrary File Upload and Remote Code Execution
CVSS 6.5
CVE-2025-20375 MEDIUM
Cisco Unified Contact Center Express - Authenticated Arbitrary File Upload and Remote Code Execution via Web UI
CVSS 6.5
CVE-2025-20354 CRITICAL
Cisco Unified Contact Center Express - Unauthenticated Arbitrary File Upload and Remote Code Execution via Java RMI
CVSS 9.8
CVE-2025-63601 CRITICAL
Snipe-IT < 8.3.3 - Authenticated Remote Code Execution via Malicious Backup File Upload
CVSS 9.9
CVE-2025-3125 MEDIUM
WSO2 API Control Plane - Authenticated Arbitrary File Upload via CarbonAppUploader Admin Service
CVSS 6.7
CVE-2025-12674 CRITICAL
KiotViet Sync <= 1.8.5 - Unauthenticated Arbitrary File Upload via create_media() Function
CVSS 9.8
CVE-2025-12682 CRITICAL
Easy Upload Files During Checkout <= 2.9.8 - Unauthenticated Arbitrary JavaScript File Upload
CVSS 9.8
CVE-2025-11724 HIGH
EM Beer Manager <= 3.2.3 - Authenticated Arbitrary File Upload and Remote Code Execution via Untappd Import
CVSS 8.8
CVE-2025-48396 HIGH
Eaton Brightlayer Software Suite < 7.3.x - Arbitrary Code Execution via File Upload
CVSS 8.3
CVE-2025-12593 MEDIUM
Simple Online Hotel Reservation System 2.0 - Unrestricted Upload
CVSS 4.7
CVE-2025-12171 HIGH
WordPress RESTful Content Syndication <1.5.0 - RCE
CVSS 8.8
Details
Vulnerabilities 4,104
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits