CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,119 vulnerabilities with CWE-434
CVE-2025-55835 CRITICAL
SueamCMS 0.1.2 - Remote Code Execution via Unrestricted File Upload
CVSS 9.8
CVE-2025-57642 HIGH
Tourism Management System 2.0 - Unrestricted Shell Upload and Remote Code Execution
CVSS 7.2
CVE-2025-10049 HIGH
Responsive Filterable Portfolio <1.0.24 - Code Injection
CVSS 7.2
CVE-2025-10001 HIGH
WordPress Import Plugin <3.9.3 - RCE
CVSS 7.2
CVE-2025-9872 HIGH
Ivanti Endpoint Manager < 2024 SU3 SR1 & < 2022 SU8 SR2 - Unauthenticated RCE via Filename Validation
CVSS 8.8
CVE-2025-9712 HIGH
Ivanti Endpoint Manager <2024 SU3 SR1, 2022 SU8 SR2 - RCE
CVSS 8.8
CVE-2025-8889 LOW
Compress & Upload WordPress Plugin < 1.0.5 - Authenticated Arbitrary File Upload
CVSS 3.8
CVE-2025-10116 HIGH
SiempreCMS <1.3.6 - Unrestricted Upload
CVSS 7.3
CVE-2025-58745 CRITICAL
WeGIA < 3.4.11 - Unauthenticated Arbitrary File Upload via Excel MIME Type Bypass
CVSS 9.9
CVE-2025-9113 CRITICAL
Doccure Core < 1.5.3 - Unauthenticated Arbitrary File Upload via doccure_temp_upload_to_media Function
CVSS 9.8
CVE-2025-9112 HIGH
Doccure < 1.5.0 - Authenticated Arbitrary File Upload via doccure_temp_file_uploader
CVSS 8.8
CVE-2025-56265 HIGH
n8n 1.95.3 1.100.1 1.101.1 - Arbitrary File Upload and Remote Code Execution via Chat Trigger Component
CVSS 8.8
CVE-2025-10085 MEDIUM
SourceCodester Pet Grooming Management Software 1.0 - Unrestricted File Upload in manage_website.php
CVSS 6.3
CVE-2025-10083 MEDIUM
Pet Grooming Management Software 1.0 - Unrestricted File Upload in /admin/profile.php
CVSS 6.3
CVE-2025-10081 MEDIUM
Pet Grooming Management Software - Unrestricted File Upload in Profile Image Handler
CVSS 4.7
CVE-2025-9515 HIGH
Multi Step Form plugin <1.7.25 - File Upload
CVSS 7.2
CVE-2025-58819 CRITICAL
CreedAlly Bulk Featured Image <1.2.2 - RCE
CVSS 9.1
CVE-2025-9942 MEDIUM
CodeAstro Real Estate Management System 1.0 - Unrestricted File Upload in /submitproperty.php
CVSS 6.3
CVE-2025-9941 MEDIUM
CodeAstro Real Estate Management System 1.0 - Unrestricted File Upload via register.php uimage Parameter
CVSS 6.3
CVE-2025-6085 HIGH
Make Connector <1.5.10 - File Upload
CVSS 7.2
CVE-2025-20287 MEDIUM
Cisco Evolved Programmable Network Manager < 8.0.0 - Authenticated Arbitrary File Upload via Web Management Interface
CVSS 4.3
CVE-2025-57148 CRITICAL
phpgurukul Online Shopping Portal 2.0 - Arbitrary File Upload via Insert Product Endpoint
CVSS 9.1
CVE-2025-9847 MEDIUM
ScriptAndTools Real Estate Management System 1.0 - Unrestricted File Upload via register.php uimage Parameter
CVSS 6.3
CVE-2025-9841 MEDIUM
Mobile Shop Management System 1.0 - Unrestricted File Upload via ProductImage Argument in AddNewProduct.php
CVSS 6.3
CVE-2025-52546 MEDIUM
Copeland E3 Supervisory Controller < 2.31f01 - Stored XSS via Floor Plan Upload
CVSS 6.1
Details
Vulnerabilities 4,119
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits