CWE-434
Medium likelihoodUnrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
4,119 vulnerabilities with CWE-434
CVE-2025-39380
CRITICAL
Mojoomla Hospital Management System <47.0 - RCE
CVSS 10.0
CVE-2025-47577
CRITICAL
TemplateInvaders TI WooCommerce Wishlist <2.10.0 - Code Injection
CVSS 10.0
CVE-2025-26892
CRITICAL
Celestial Aura < 2.2 - Unrestricted Upload of File with Dangerous Type
CVSS 9.9
CVE-2025-26872
CRITICAL
dkszone Eximius <= 2.2 - Arbitrary File Upload
CVSS 9.9
CVE-2025-4926
MEDIUM
PHPGurukul Car Rental Project 1.0 - Unrestricted File Upload via img1/img2/img3/img4/img5 Parameters
CVSS 4.7
CVE-2025-4923
HIGH
SourceCodester Client Database Management System 1.0 - Unrestricted File Upload via uploaded_file_cancelled Argument
CVSS 7.3
CVE-2025-4391
CRITICAL
Echo RSS Feed Post Generator <5.4.8.1 - File Upload
CVSS 9.8
CVE-2025-4389
CRITICAL
Crawlomatic Multipage Scraper Post Generator <2.6.8.1 - File Upload
CVSS 9.8
CVE-2025-4768
MEDIUM
feng_ha_ha/megagao ssm-erp & production_ssm 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2025-4735
MEDIUM
Campcodes Sales and Inventory System 1.0 - Unrestricted File Upload via Picture Parameter in product.php
CVSS 6.3
CVE-2025-47787
CRITICAL
emlog < 2.5.10 - Remote Code Execution via Insufficient ZIP Plugin Validation
CVSS 9.8
CVE-2025-3917
CRITICAL
SEO < 2.0.6 - Unauthenticated Arbitrary File Upload via download_remote_image_to_media_library
CVSS 9.8
CVE-2025-4648
HIGH
Centreon Web <=24.10.5 - Authenticated XSS via SVG File Upload
CVSS 8.4
CVE-2025-4317
HIGH
TheGem <= 5.10.3 - Authenticated Arbitrary File Upload via thegem_get_logo_url()
CVSS 8.8
CVE-2025-4561
HIGH
Kinfor KFOX < 2.6 - Authenticated Arbitrary File Upload and Remote Code Execution
CVSS 8.8
CVE-2025-4556
CRITICAL
Okcat Parking Management Platform - Unauthenticated Arbitrary File Upload and Remote Code Execution
CVSS 9.8
CVE-2025-4538
MEDIUM
kkFileView 4.4.0 - Unauthenticated Arbitrary File Upload via /fileUpload Endpoint
CVSS 6.3
CVE-2025-46193
CRITICAL
Client Database Management System 1.0 - RCE via Arbitrary File Upload in user_proposal_update_order.php
CVSS 9.8
CVE-2025-4403
CRITICAL
WordPress Drag and Drop Multiple File Upload for WooCommerce <= 1.1.6 - File Upload Code Execution
CVSS 9.8
CVE-2025-4468
HIGH
Online Student Clearance System 1.0 - Unrestricted File Upload via userImage Parameter
CVSS 7.3
CVE-2025-3455
HIGH
1 Click WordPress Migration Plugin <2.2 - Info Disclosure
CVSS 8.8
CVE-2025-47550
MEDIUM
Themefic Instantio <= 3.3.16 - Unauthenticated Arbitrary File Upload
CVSS 6.6
CVE-2025-47549
CRITICAL
Themefic Ultimate Before After Image ... - Unrestricted File Upload
CVSS 9.1
CVE-2025-0984
HIGH
Netoloji Software E-Flow <3.23.00 - XSS
CVSS 8.2
CVE-2025-40625
CRITICAL
TCMAN GIM v11 - Unauthenticated Unrestricted File Upload
CVSS 9.8
Details
Vulnerabilities
4,119
Exploit Likelihood
Medium