CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,011 vulnerabilities with CWE-434

CVE-2025-10424 HIGH

1000projects Online Student Project R... - Improper Access Control

CVSS 7.3

CVE-2025-10398 MEDIUM

Fcba ZZM Smart Park Management System - Improper Access Control

CVSS 6.3

CVE-2025-10371 HIGH

eCharge Hardy Barth Salia PLCC <2.3.81 - Unrestricted Upload

CVSS 7.3

CVE-2025-45586 HIGH

Audi Universal Traffic Recorder Firmware - Unrestricted File Upload

CVSS 7.5

CVE-2025-55835 CRITICAL

SueamCMS <0.1.2 - RCE

CVSS 9.8

CVE-2025-57642 HIGH

Sohamjuhin Tourism Management System - Unrestricted File Upload

CVSS 7.2

CVE-2025-10049 HIGH

Responsive Filterable Portfolio <1.0.24 - Code Injection

CVSS 7.2

CVE-2025-10001 HIGH

WordPress Import Plugin <3.9.3 - RCE

CVSS 7.2

CVE-2025-9872 HIGH

Ivanti Endpoint Manager < 2022 - Unrestricted File Upload

CVSS 8.8

CVE-2025-9712 HIGH

Ivanti Endpoint Manager <2024 SU3 SR1, 2022 SU8 SR2 - RCE

CVSS 8.8

CVE-2025-8889 LOW

Eliehanna Compress And Upload Plugin - Unrestricted File Upload

CVSS 3.8

CVE-2025-10116 HIGH

SiempreCMS <1.3.6 - Unrestricted Upload

CVSS 7.3

CVE-2025-58745 CRITICAL

WeGIA <3.4.10 - RCE

CVSS 9.9

CVE-2025-9113 CRITICAL

Doccure theme <1.4.8 - File Upload

CVSS 9.8

CVE-2025-9112 HIGH

Doccure theme <1.4.8 - RCE

CVSS 8.8

CVE-2025-56265 HIGH

N8n < 1.107.0 - Unrestricted File Upload

CVSS 8.8

CVE-2025-10085 MEDIUM

Mayurik Pet Grooming Management Software - Improper Access Control

CVSS 6.3

CVE-2025-10083 MEDIUM

Mayurik Pet Grooming Management Software - Improper Access Control

CVSS 6.3

CVE-2025-10081 MEDIUM

Mayurik Pet Grooming Management Software - Improper Access Control

CVSS 4.7

CVE-2025-9515 HIGH

Multi Step Form plugin <1.7.25 - File Upload

CVSS 7.2

CVE-2025-58819 CRITICAL

CreedAlly Bulk Featured Image <1.2.2 - RCE

CVSS 9.1

CVE-2025-9942 MEDIUM

Codeastro Real Estate Management System - Improper Access Control

CVSS 6.3

CVE-2025-9941 MEDIUM

Codeastro Real Estate Management System - Improper Access Control

CVSS 6.3

CVE-2025-6085 HIGH

Make Connector <1.5.10 - File Upload

CVSS 7.2

CVE-2025-20287 MEDIUM

Cisco EPNM - RCE

CVSS 4.3

Details

Vulnerabilities 4,011

Exploit Likelihood Medium

Links