CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,119 vulnerabilities with CWE-434
CVE-2025-6667 MEDIUM
Car Rental System 1.0 - Unrestricted File Upload via Image Parameter in add_cars.php
CVSS 6.3
CVE-2025-6435 HIGH
Firefox/Thunderbird <140.0 - Dangerous File Upload via Devtools Network Tab
CVSS 8.1
CVE-2025-6206 HIGH
Aiomatic - GPT-3 & GPT-4 - Code Injection
CVSS 7.5
CVE-2025-36519 MEDIUM
WRC-2533GST2, WRC-1167GST2 - Code Injection
CVSS 4.3
CVE-2025-34040 CRITICAL
Zhiyuan OA Web Application System - Unauthenticated Arbitrary File Upload and Remote Code Execution via wpsAssistServlet
CVE-2025-6466 MEDIUM
ageerle ruoyi-ai < 2.0.1 - Unrestricted File Upload via SseServiceImpl Speech-to-Text Upload
CVSS 6.3
CVE-2025-6422 MEDIUM
Campcodes Online Recruitment Management System 1.0 - Unrestricted File Upload via About Content Page img Argument
CVSS 6.3
CVE-2025-4102 HIGH
Beaver Builder Plugin (Starter Version) <= 2.9.1 - Authenticated Arbitrary File Upload via save_enabled_icons Function
CVSS 7.2
CVE-2025-6266 MEDIUM
Teledyne FLIR AX8 <1.46 - Unrestricted Upload
CVSS 6.3
CVE-2025-23171 HIGH
Versa Director 21.2.2-21.2.3, 22.1.1-22.1.4 - Authenticated Arbitrary File Upload via UCPE Image
CVSS 7.2
CVE-2025-46157 CRITICAL
EfroTech Time Trax 1.0 - Remote Code Execution via Leave Request File Attachment
CVSS 9.9
CVE-2025-6220 HIGH
Ultra Addons for Contact Form 7 <3.5.12 - File Upload
CVSS 7.2
CVE-2025-6086 HIGH
CSV Me <= 2.0 - Authenticated Arbitrary File Upload via Insufficient File Type Validation
CVSS 7.2
CVE-2025-4413 HIGH
Pixabay Images <= 3.4 - Authenticated Arbitrary File Upload via pixabay_upload Function
CVSS 8.8
CVE-2025-34511 HIGH
Sitecore XP CVE-2025-34511 Post-Authentication File Upload
CVSS 8.8
CVE-2025-47866 MEDIUM
Trend Micro Apex Central - Unrestricted File Upload
CVSS 4.3
CVE-2025-49447 CRITICAL
Fastw3b LLC FW Food Menu <6.0.0 - Unrestricted Upload of File with ...
CVSS 10.0
CVE-2025-49444 CRITICAL
Merkulove Reformer for Elementor <1.0.5 - Code Injection
CVSS 10.0
CVE-2025-49071 CRITICAL
Flozen < 1.5.1 - Unauthenticated Arbitrary File Upload
CVSS 10.0
CVE-2025-47559 CRITICAL
RomanCode MapSVG < 8.7.4 - Arbitrary File Upload
CVSS 9.9
CVE-2025-47452 CRITICAL
RexTheme WP VR <= 8.5.26 - Arbitrary File Upload
CVSS 9.9
CVE-2025-32510 CRITICAL
Ovatheme Events Manager <1.8.4 - Code Injection
CVSS 10.0
CVE-2025-3515 HIGH
Contact Form 7 <= 1.3.8.9 - Unauthenticated Arbitrary File Upload
CVSS 8.1
CVE-2025-6161 HIGH
Simple Food Ordering System 1.0 - Unrestricted File Upload via editproduct.php Photo Parameter
CVSS 7.3
CVE-2025-3234 HIGH
WordPress Filester <= 1.8.8 - Admin File Upload Code Execution
CVSS 7.2
Details
Vulnerabilities 4,119
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits