CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,012 vulnerabilities with CWE-434

CVE-2025-3455 HIGH

1 Click WordPress Migration Plugin <2.2 - Info Disclosure

CVSS 8.8

CVE-2025-47550 MEDIUM

Themefic Instantio < 3.3.16 - Unrestricted File Upload

CVSS 6.6

CVE-2025-47549 CRITICAL

Themefic Ultimate Before After Image ... - Unrestricted File Upload

CVSS 9.1

CVE-2025-0984 HIGH

Netoloji Software E-Flow <3.23.00 - XSS

CVSS 8.2

CVE-2025-40625 CRITICAL

Tcman Gim - Unrestricted File Upload

CVSS 9.8

CVE-2025-4333 MEDIUM

feng_ha_ha/megagao ssm-erp & production_ssm <0.0.1 - Unrestricted U...

CVSS 6.3

CVE-2025-4310 MEDIUM

Emiloi Content Management System - Improper Access Control

CVSS 4.7

CVE-2025-4305 MEDIUM

Kefaming mayi <1.3.9 - Unrestricted Upload

CVSS 6.3

CVE-2025-4291 MEDIUM

IdeaCMS <1.6 - Unrestricted Upload

CVSS 6.3

CVE-2025-4279 HIGH

WordPress External Image Replace <1.0.8 - RCE

CVSS 8.8

CVE-2025-28168 MEDIUM

Multiple File Upload - Unrestricted File Upload

CVSS 6.4

CVE-2025-4259 MEDIUM

newbee-mall 1.0 - Unrestricted Upload

CVSS 6.3

CVE-2025-4258 MEDIUM

zhangyanbo2007 youkefu <4.2.0 - Unrestricted Upload

CVSS 6.3

CVE-2025-25016 MEDIUM

Kibana - Code Injection

CVSS 4.3

CVE-2025-0520 CRITICAL

ShowDoc <2.8.7 - RCE

CVE-2025-4006 MEDIUM

youyiio BeyongCms 1.6.0 - Unrestricted Upload

CVSS 4.7

CVE-2025-3969 MEDIUM

Codeprojects News Publishing Site Dashboard 1.0 - Unrestricted Upload

CVSS 6.3

CVE-2025-3914 HIGH

Aeropage Sync for Airtable <3.2.0 - Code Injection

CVSS 8.8

CVE-2025-46616 CRITICAL

Quantum StorNext Web GUI API <7.2.4 - RCE

CVSS 9.9

CVE-2025-31324 CRITICAL KEV

SAP NetWeaver Visual Composer Metadata Uploader - Deserialization

CVSS 10.0

CVE-2025-46264 CRITICAL

PowerPress Podcasting <11.12.5 - RCE

CVSS 9.9

CVE-2025-43946 CRITICAL

Tcpwave Ddi < 11.34p1c2 - Unrestricted File Upload

CVSS 9.8

CVE-2025-3616 HIGH

Greenshiftwp Greenshift - Animation A... - Unrestricted File Upload

CVSS 8.8

CVE-2025-29287 CRITICAL

Mingsoft Mcms < 5.4.4 - Unrestricted File Upload

CVSS 9.8

CVE-2025-3830 MEDIUM

Kuangstudy Kuangsimplebbs - Improper Access Control

CVSS 6.3

Details

Vulnerabilities 4,012

Exploit Likelihood Medium

Links