CWE-434
Medium likelihoodUnrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
4,119 vulnerabilities with CWE-434
CVE-2025-54693
CRITICAL
Form Block <= 1.5.5 - Arbitrary File Upload via Web Shell
CVSS 9.0
CVE-2025-24775
CRITICAL
Made I.T. Forms <2.9.0 - Code Injection
CVSS 9.9
CVE-2025-8297
HIGH
Ivanti Avalanche < 6.4.8.8008 - Authenticated Remote Code Execution via Unrestricted File Upload
CVSS 7.2
CVE-2025-33023
MEDIUM
Siemens RUGGEDCOM ROX - Authenticated Arbitrary File Upload via Web Interface
CVSS 4.1
CVE-2025-8859
MEDIUM
eblog_site 1.0 - Unrestricted File Upload in File Upload Module
CVSS 6.3
CVE-2025-8841
MEDIUM
microservices-platform < 6.0.0 - Unrestricted File Upload via FileController Upload Function
CVSS 6.3
CVE-2025-8798
HIGH
oitcode samarium <= 0.9.6 - Unrestricted File Upload in Create Product Page
CVSS 7.3
CVE-2025-8775
MEDIUM
Qiyuesuo Electronic Signature Platform <= 4.34 - Unrestricted File Upload via Scheduled Task Handler
CVSS 6.3
CVE-2025-8764
MEDIUM
linlinjava litemall < 1.8.0 - Unrestricted File Upload via /wx/storage/upload
CVSS 6.3
CVE-2025-55135
MEDIUM
Agora Foundation Agora fall23-Alpha1 - XSS
CVSS 6.4
CVE-2025-51056
HIGH
Vedo Suite 2024.17 - Authenticated Unrestricted File Upload and Remote Code Execution via uploadPreviews()
CVSS 8.2
CVE-2025-50286
HIGH
Grav CMS 1.7.48 - Authenticated Remote Code Execution via Plugin Upload
CVSS 8.1
CVE-2025-22470
CRITICAL
SATO CL4/6NX Plus and CL4/6NX-J Plus - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2025-52078
MEDIUM
Writebot AI Content Generator <4.0.0 - Privilege Escalation
CVSS 6.5
CVE-2025-6207
HIGH
WP Import Export Lite <3.9.28 - RCE
CVSS 7.5
CVE-2025-5061
HIGH
WP Import Export Lite <3.9.29 - RCE
CVSS 7.5
CVE-2025-8526
MEDIUM
Exrick xboot < 3.3.4 - Unrestricted File Upload via UploadController
CVSS 6.3
CVE-2025-52239
CRITICAL
ZKEACMS 4.1 - Arbitrary File Upload and Remote Code Execution
CVSS 9.8
CVE-2025-54962
MEDIUM
OpenPLC Runtime <9cd8f1b - File Upload
CVSS 6.4
CVE-2025-8504
MEDIUM
Kitchen Treasure 1.0 - Unrestricted File Upload via User Registration Photo Parameter
CVSS 6.3
CVE-2025-44139
HIGH
Emlog Pro V2.5.7 - Unrestricted Upload of File with Dangerous Type via Plugin Upload
CVSS 7.2
CVE-2025-7443
HIGH
BerqWP < 2.2.42 - Unauthenticated Arbitrary File Upload via store_javascript_cache.php
CVSS 8.1
CVE-2025-8379
MEDIUM
Campcodes Online Hotel Reservation System 1.0 - Unrestricted File Upload via /admin/edit_room.php photo Parameter
CVSS 4.7
CVE-2025-54757
MEDIUM
PowerCMS 4.0-4.60 - Unrestricted Upload of File with Dangerous Type
CVSS 6.5
CVE-2025-7847
HIGH
AI Engine 2.9.3-2.9.4 - Authenticated Arbitrary File Upload via rest_simpleFileUpload
CVSS 8.8
Details
Vulnerabilities
4,119
Exploit Likelihood
Medium