CWE-434
Medium likelihoodUnrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
4,104 vulnerabilities with CWE-434
CVE-2025-11136
MEDIUM
YiFang CMS <2.0.2 - Unrestricted Upload
CVSS 4.7
CVE-2025-11103
MEDIUM
Projectworlds Online Tours and Travels 1.0 - Unrestricted Upload
CVSS 4.7
CVE-2025-11078
MEDIUM
itsourcecode Open Source Job Portal 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2025-10544
HIGH
DocAve 6.13.2-4.7.1 - Unrestricted File Upload
CVE-2025-60219
CRITICAL
HaruTheme WooCommerce Designer Pro <1.9.24 - RCE
CVSS 10.0
CVE-2025-1862
MEDIUM
WSO2 Enterprise Integrator - Authenticated Arbitrary File Upload via BPEL Uploader SOAP Endpoint
CVSS 6.7
CVE-2025-10747
HIGH
WP-DownloadManager <1.68.11 - File Upload
CVSS 7.2
CVE-2025-59525
MEDIUM
horilla < 1.4.0 - Stored Cross-Site Scripting via SVG File Upload
CVSS 6.1
CVE-2025-59524
MEDIUM
horilla < 1.4.0 - Unauthenticated Stored Cross-Site Scripting via Unrestricted File Upload
CVSS 6.1
CVE-2025-9846
CRITICAL
TalentSys Consulting Information Technology Industry Inc. Inka.Net ...
CVSS 10.0
CVE-2025-10412
CRITICAL
WordPress Uni CPO <= 4.9.55 - Unauthenticated File Upload Code Execution
CVSS 9.8
CVE-2025-10147
CRITICAL
Podlove Podcast Publisher <4.2.6 - File Upload
CVSS 9.8
CVE-2025-10009
HIGH
Invoice Ninja <= 5.11.72 - Code Injection
CVE-2025-10763
MEDIUM
Academico-sis <d9a9e2636fbf7e5845ee086bcb03ca62faceb6ab - Unrestric...
CVSS 6.3
CVE-2025-10755
MEDIUM
Selleo Mentingo 2025.08.27 - Unrestricted Upload
CVSS 6.3
CVE-2025-10741
MEDIUM
Selleo Mentingo <2025.08.27 - Unrestricted Upload
CVSS 6.3
CVE-2025-34195
CRITICAL
Vasion Print Virtual Appliance Host <1.0.735 & Application <20.0.1330 - RCE via Unquoted Path
CVSS 9.8
CVE-2025-10647
HIGH
Embed PDF for WPForms <= 1.1.5 - Authenticated Arbitrary File Upload via ajax_handler_download_pdf_media
CVSS 8.8
CVE-2025-55912
HIGH
ClipBucket <5.5.0 - Unauthenticated File Upload
CVSS 7.3
CVE-2025-10669
MEDIUM
Airsonic-Advanced <10.6.0 - Unrestricted Upload
CVSS 6.3
CVE-2025-40678
MEDIUM
Summar Software's Portal del Empleado - Unrestricted Upload
CVE-2025-10616
MEDIUM
itsourcecode E-Commerce Website 1.0 - Unrestricted File Upload in /admin/users.php
CVSS 6.3
CVE-2025-10615
MEDIUM
itsourcecode E-Commerce Website 1.0 - Unrestricted File Upload in /admin/products.php
CVSS 6.3
CVE-2025-10600
HIGH
SourceCodester Online Exam Form Submission 1.0 - Unrestricted File Upload via register.php img Argument
CVSS 7.3
CVE-2025-9216
HIGH
StoreEngine < 1.5.0 - Authenticated Arbitrary File Upload via CSV Import Function
CVSS 8.8
Details
Vulnerabilities
4,104
Exploit Likelihood
Medium