CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,104 vulnerabilities with CWE-434
CVE-2025-61181 MEDIUM
daicuo V1.3.13 - Arbitrary File Upload via Image Upload Feature
CVSS 6.5
CVE-2025-61417 HIGH
TastyIgniter 3.7.7 - Stored Cross-Site Scripting via SVG File Upload in Media Manager
CVSS 8.8
CVE-2025-31342 CRITICAL
Galaxy Software Services Corporation Vitals ESP Forum Module <1.3 -...
CVE-2025-11948 CRITICAL
Excellent Infotek Document Management System - Unauthenticated Arbitrary File Upload and Remote Code Execution
CVSS 9.8
CVE-2025-11391 CRITICAL
PPOM - Product Addons & Custom Fields for WooCommerce <33.0.15 - RCE
CVSS 9.8
CVE-2025-56218 CRITICAL
SigningHub < 8.6.8 - Arbitrary File Upload via Crafted PDF File
CVSS 9.8
CVE-2025-11908 MEDIUM
Streamax Crocus 1.3.40 - Unauthenticated Unrestricted File Upload via FileDir.do Upload Action
CVSS 6.3
CVE-2025-10754 HIGH
DocoDoco Store Locator <1.0.1 - RCE
CVSS 7.2
CVE-2025-10051 HIGH
Demo Import Kit <= 1.1.0 - Authenticated Arbitrary File Upload via Import Functionality
CVSS 7.2
CVE-2025-10041 CRITICAL
Flex QR Code Generator <1.2.5 - File Upload
CVSS 9.8
CVE-2025-61678 HIGH
FreePBX <16.0.92-17.0.6 - Authenticated File Upload
CVE-2025-37132 HIGH
ArubaOS 8.10.0.0-8.10.0.18 - Authenticated Arbitrary File Write and Remote Code Execution
CVSS 7.2
CVE-2025-42910 CRITICAL
SAP Supplier Relationship Management - File Upload
CVSS 9.0
CVE-2025-11675 HIGH
Enterprise Cloud Database - Code Injection
CVSS 7.2
CVE-2025-11660 HIGH
ProjectsAndPrograms School Management System - Unrestricted File Upload via /assets/uploadSllyabus.php File Parameter
CVSS 7.3
CVE-2025-11659 HIGH
ProjectsAndPrograms School Management System - Unrestricted File Upload via /assets/uploadNotes.php File Parameter
CVSS 7.3
CVE-2025-11658 HIGH
oranbyte school_management_system - Unrestricted File Upload via changeSllyabus.php File Parameter
CVSS 7.3
CVE-2025-11657 HIGH
ProjectsAndPrograms School Management System - Unrestricted File Upload via File Argument in createNotice.php
CVSS 7.3
CVE-2025-11656 HIGH
oranbyte school_management_system - Unrestricted File Upload via File Argument in editNotes.php
CVSS 7.3
CVE-2025-11655 MEDIUM
Total.js Flow <673ef9144dd25d4f4fd4fdfda5af27f230198924 - Unrestric...
CVSS 4.7
CVE-2025-6553 CRITICAL
Ovatheme Events Manager <1.8.5 - File Upload
CVSS 9.8
CVE-2025-35055 HIGH
Newforma Project Center < 2023.1 - Unauthenticated Path Traversal and Arbitrary File Write via UploadBlueimp.ashx
CVSS 8.8
CVE-2025-11508 MEDIUM
code-projects Voting System 1.0 - Unrestricted File Upload via Photo Argument
CVSS 4.7
CVE-2025-11470 MEDIUM
Hotel and Lodge Management System <= 1.0 - Unrestricted File Upload via manage_website.php
CVSS 4.7
CVE-2025-11436 MEDIUM
JhumanJ OpnForm <1.9.3 - Unrestricted Upload
CVSS 6.3
Details
Vulnerabilities 4,104
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits