CWE-434
Medium likelihoodUnrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
4,119 vulnerabilities with CWE-434
CVE-2025-4333
MEDIUM
feng_ha_ha/megagao ssm-erp & production_ssm <0.0.1 - Unrestricted U...
CVSS 6.3
CVE-2025-4310
MEDIUM
itsourcecode Content Management System 1.0 - Unrestricted File Upload via Cover Image Argument
CVSS 4.7
CVE-2025-4305
MEDIUM
Kefaming mayi <1.3.9 - Unrestricted Upload
CVSS 6.3
CVE-2025-4291
MEDIUM
ideacms < 1.6 - Unrestricted File Upload via saveUpload Function
CVSS 6.3
CVE-2025-4279
HIGH
WordPress External Image Replace <1.0.8 - RCE
CVSS 8.8
CVE-2025-28168
MEDIUM
Multiple File Upload 3.1.0 - Unrestricted Upload of File with Dangerous Type via Parameter Tampering
CVSS 6.4
CVE-2025-4259
MEDIUM
newbee-mall 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2025-4258
MEDIUM
zhangyanbo2007 youkefu <4.2.0 - Unrestricted Upload
CVSS 6.3
CVE-2025-25016
MEDIUM
Kibana 7.17.0-7.17.18 - Authenticated Unrestricted File Upload
CVSS 4.3
CVE-2025-0520
CRITICAL
ShowDoc < 2.8.7 - Unauthenticated Remote Code Execution via File Upload
CVE-2025-4006
MEDIUM
youyiio BeyongCms 1.6.0 - Unrestricted Upload
CVSS 4.7
CVE-2025-3969
MEDIUM
Codeprojects News Publishing Site Dashboard 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2025-3914
HIGH
Aeropage Sync for Airtable <3.2.0 - Code Injection
CVSS 8.8
CVE-2025-46616
CRITICAL
Quantum StorNext Web GUI API <7.2.4 - RCE
CVSS 9.9
CVE-2025-31324
CRITICAL
KEV
SAP NetWeaver Visual Composer Metadata Uploader - Deserialization
CVSS 10.0
CVE-2025-46264
CRITICAL
PowerPress Podcasting <11.12.5 - RCE
CVSS 9.9
CVE-2025-43946
CRITICAL
TCPWave DDI < 11.34p1c2 - Remote Code Execution via Unrestricted File Upload
CVSS 9.8
CVE-2025-3616
HIGH
Greenshift Animation and Page Builder Blocks 11.4-11.4.5 - Authenticated Arbitrary File Upload
CVSS 8.8
CVE-2025-29287
CRITICAL
MCMS < 5.4.4 - Arbitrary File Upload via UEditor Component
CVSS 9.8
CVE-2025-3830
MEDIUM
kuangstudy KuangSimpleBBS 1.0 - Unrestricted File Upload via QuestionController fileUpload
CVSS 6.3
CVE-2025-3807
MEDIUM
zhenfeng13 My-BBS 1.0 - Unrestricted File Upload via Upload Endpoint
CVSS 6.3
CVE-2025-3798
MEDIUM
WCMS 11 - Unrestricted File Upload in Advertisement Image Handler
CVSS 4.7
CVE-2025-1093
CRITICAL
AI Hub WordPress Theme <= 1.3.7 - Unauthenticated Arbitrary File Upload
CVSS 9.8
CVE-2025-3783
MEDIUM
SourceCodester Web-based Pharmacy Product Management System 1.0 - U...
CVSS 6.3
CVE-2025-3765
MEDIUM
Senior-walter Web-based Pharmacy Product Management System - Improper Access Control
CVSS 6.3
Details
Vulnerabilities
4,119
Exploit Likelihood
Medium