CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,012 vulnerabilities with CWE-434
CVE-2025-3444 MEDIUM
Zohocorp Manageengine Servicedesk Plus Msp - Unrestricted File Upload
CVSS 6.5
CVE-2025-5059 MEDIUM
Campcodes Online Shopping Portal 1.0 - Unrestricted Upload
CVSS 4.7
CVE-2025-47939 MEDIUM
Typo3 < 9.5.51 - Unrestricted File Upload
CVSS 5.4
CVE-2025-39402 CRITICAL
Mojoomla WPAMS <44.0 - RCE
CVSS 9.9
CVE-2025-39401 CRITICAL
Mojoomla WPAMS <44.0 - Code Injection
CVSS 10.0
CVE-2025-39380 CRITICAL
Mojoomla Hospital Management System <47.0 - RCE
CVSS 10.0
CVE-2025-47577 CRITICAL
TemplateInvaders TI WooCommerce Wishlist <2.10.0 - Code Injection
CVSS 10.0
CVE-2025-26892 CRITICAL
dkszone Celestial Aura <2.2 - RCE
CVSS 9.9
CVE-2025-26872 CRITICAL
dkszone Eximius <2.2 - RCE
CVSS 9.9
CVE-2025-4926 MEDIUM
Phpgurukul Car Rental Portal - Improper Access Control
CVSS 4.7
CVE-2025-4923 HIGH
Lerouxyxchire Client Database Managem... - Improper Access Control
CVSS 7.3
CVE-2025-4391 CRITICAL
Echo RSS Feed Post Generator <5.4.8.1 - File Upload
CVSS 9.8
CVE-2025-4389 CRITICAL
Crawlomatic Multipage Scraper Post Generator <2.6.8.1 - File Upload
CVSS 9.8
CVE-2025-4768 MEDIUM
feng_ha_ha/megagao ssm-erp & production_ssm 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2025-4735 MEDIUM
Campcodes Sales And Inventory System - Improper Access Control
CVSS 6.3
CVE-2025-47787 CRITICAL
Emlog < 2.5.10 - Unrestricted File Upload
CVSS 9.8
CVE-2025-3917 CRITICAL
百度站长SEO合集 WordPress Plugin <=2.0.6 - RCE
CVSS 9.8
CVE-2025-4648 HIGH
Centreon web <24.10.5 - XSS
CVSS 8.4
CVE-2025-4317 HIGH
TheGem theme <5.10.3 - File Upload
CVSS 8.8
CVE-2025-4561 HIGH
KingFor KFOX - RCE
CVSS 8.8
CVE-2025-4556 CRITICAL
Okcat Parking Mgmt Plat - RCE
CVSS 9.8
CVE-2025-4538 MEDIUM
Keking Kkfileview - Improper Access Control
CVSS 6.3
CVE-2025-46193 CRITICAL
Lerouxyxchire Client Database Managem... - Unrestricted File Upload
CVSS 9.8
CVE-2025-4403 CRITICAL
WooCommerce 1.1.6 - RCE
CVSS 9.8
CVE-2025-4468 HIGH
Senior-walter Online Student Clearanc... - Improper Access Control
CVSS 7.3
Details
Vulnerabilities 4,012
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits