CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,119 vulnerabilities with CWE-434
CVE-2025-6802 CRITICAL
Marvell QConvergeConsole < 5.5.0.85 - Unauthenticated Remote Code Execution via getFileFromURL
CVSS 9.8
CVE-2025-7124 MEDIUM
Online Note Sharing 1.0 - Unrestricted File Upload via Profile Image Handler
CVSS 6.3
CVE-2025-7114 HIGH
SimStudioAI sim < 0.2.1 - Missing Authentication in Session Handler
CVSS 7.3
CVE-2025-7100 MEDIUM
BoyunCMS < 1.4.20 - Unrestricted File Upload via Image Parameter
CVSS 6.3
CVE-2025-7075 MEDIUM
BlackVue Dashcam 590X < 2025-06-24 - Unauthenticated Unrestricted File Upload via /upload.cgi
CVSS 6.3
CVE-2025-49414 CRITICAL
FW Gallery <= 8.0.0 - Unrestricted Upload of File with Dangerous Type
CVSS 10.0
CVE-2025-30933 CRITICAL
LiquidThemes LogisticsHub <1.1.6 - RCE
CVSS 10.0
CVE-2025-28951 CRITICAL
CreedAlly Bulk Featured Image <1.2.1 - RCE
CVSS 9.1
CVE-2025-6586 HIGH
WordPress Download Plugin <2.2.8 - RCE
CVSS 7.2
CVE-2025-5322 HIGH
VikRentCar Car Rental Management System <= 1.4.3 - Arbitrary File Upload via do_updatecar/createcar
CVSS 7.2
CVE-2025-34086 HIGH
Bolt CMS <3.7.0 - Authenticated RCE
CVSS 8.8
CVE-2025-23968 CRITICAL
WPCenter AiBud WP <1.8.5 - Code Injection
CVSS 9.1
CVE-2025-5961 HIGH
WPvivid Backup & Migration < 0.9.116 - Authenticated Arbitrary File Upload via wpvivid_upload_import_files
CVSS 7.2
CVE-2025-5746 CRITICAL
WooCommerce plugin <5.0.5 - Unauthenticated RCE
CVSS 9.8
CVE-2025-6900 MEDIUM
code-projects Library System 1.0 - Unrestricted File Upload via Image Parameter in /add-book.php
CVSS 6.3
CVE-2025-6873 MEDIUM
SourceCodester Simple Company Website 1.0 - Unrestricted File Upload in Users.php
CVSS 4.7
CVE-2025-6872 MEDIUM
SourceCodester Simple Company Website 1.0 - Unrestricted File Upload via SystemSettings.php img Argument
CVSS 4.7
CVE-2025-6870 MEDIUM
Simple Company Website 1.0 - Unrestricted File Upload via Content.php img Argument
CVSS 4.7
CVE-2025-6848 MEDIUM
Simple Forum 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2025-6843 HIGH
Simple Photo Gallery 1.0 - Unrestricted Upload
CVSS 7.3
CVE-2025-6837 MEDIUM
code-projects Library System 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2025-53260 CRITICAL
File Manager Plugin For Wordpress <7.5 - RCE
CVSS 9.1
CVE-2025-49885 CRITICAL
HaruTheme Drag and Drop Multiple File Upload (Pro) - WooCommerce <5...
CVSS 10.0
CVE-2025-30131 CRITICAL
IROAD FX2 Dashcam - Unauthenticated Web Shell Upload
CVSS 9.8
CVE-2025-34046 CRITICAL
Fanwei E-Office <= v9.4 - Unauthenticated RCE
Details
Vulnerabilities 4,119
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits