CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,119 vulnerabilities with CWE-434
CVE-2025-5012 HIGH
Workreap <= 3.3.2 - Authenticated Arbitrary File Upload via workreap_temp_upload_to_media Function
CVSS 8.8
CVE-2025-6002 HIGH
VirtueMart - Unrestricted File Upload
CVSS 7.2
CVE-2025-5395 HIGH
WordPress Automatic Plugin <3.115.0 - File Upload
CVSS 8.8
CVE-2025-46612 HIGH
Airleader Master and Easy < 6.36 - Authenticated Remote Code Execution via Panel Designer JSP Upload
CVSS 7.2
CVE-2025-4954 HIGH
Axle Demo Importer < 1.0.3 - Authenticated Arbitrary File Upload
CVSS 8.8
CVE-2025-4387 HIGH
Abandoned Cart Pro for WooCommerce <9.16.0 - Authenticated File Upload
CVSS 8.8
CVE-2025-32291 CRITICAL
SUMO Affiliates Pro <10.7.0 - Unrestricted Upload of File with Dang...
CVSS 10.0
CVE-2025-5873 MEDIUM
eCharge Hardy Barth Salia PLCC <2.3.81 - Unrestricted Upload
CVSS 6.3
CVE-2025-3835 CRITICAL
ManageEngine Exchange Reporter Plus <= 5721 - Remote Code Execution in Content Search Module
CVSS 9.6
CVE-2025-5840 HIGH
SourceCodester Client DBMS 1.0 - Unrestricted Upload
CVSS 7.3
CVE-2025-49329 MEDIUM
Agile Logix Store Locator <1.5.2 - Code Injection
CVSS 6.6
CVE-2025-48782 CRITICAL
Soar Cloud HRD <=7.3.2025.0408 - Unrestricted File Upload Command Execution
CVSS 9.8
CVE-2025-5728 MEDIUM
Open Source Clinic Management System 1.0 - Unrestricted File Upload via website_image Parameter
CVSS 6.3
CVE-2025-3054 HIGH
WP User Frontend Pro <4.1.3 - Code Injection
CVSS 8.8
CVE-2025-20130 MEDIUM
Cisco Identity Services Engine < 3.1.0 - Authenticated Arbitrary File Upload via API
CVSS 4.9
CVE-2025-29093 HIGH
Motivian Content Management System 41.0.0 - Remote Code Execution via Gallery Images Upload
CVSS 8.2
CVE-2025-48953 MEDIUM
Umbraco <15.4.2,16.0.0 - File Upload
CVSS 5.5
CVE-2025-45855 MEDIUM
erupt < 1.12.19 - Arbitrary File Upload and Remote Code Execution via GoodsCategory Image Upload
CVSS 5.4
CVE-2025-1725 MEDIUM
Bit File Manager < 6.7 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2025-5406 MEDIUM
chaitak-gorai/blogbook < 2021-11-22 - Unrestricted File Upload via posts.php image Parameter
CVSS 6.3
CVE-2025-48889 MEDIUM
Gradio < 5.31.0 - Unauthenticated Arbitrary File Copy via Flagging Feature
CVSS 5.3
CVE-2025-48471 CRITICAL
freescout < 1.8.179 - Remote Code Execution via Unrestricted File Upload
CVSS 9.8
CVE-2025-46080 MEDIUM
HuoCMS V3.5.1 - Unrestricted Upload of File with Dangerous Type via Whitelist Bypass
CVSS 5.3
CVE-2025-46078 MEDIUM
HuoCMS V3.5.1 and before - Unrestricted Upload of File with Dangerous Type
CVSS 5.3
CVE-2025-45997 HIGH
Sourcecodester Web-based Pharmacy Product Management System 1.0 - Unrestricted File Upload via Content-Type Spoofing
CVSS 8.6
Details
Vulnerabilities 4,119
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits