CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,119 vulnerabilities with CWE-434
CVE-2025-3764 MEDIUM
Senior-walter Web-based Pharmacy Product Management System - Improper Access Control
CVSS 6.3
CVE-2025-39436 CRITICAL
I Draw <= 1.0 - Arbitrary File Upload
CVSS 9.1
CVE-2025-32682 CRITICAL
RomanCode MapSVG Lite <8.5.34 - RCE
CVSS 9.9
CVE-2025-32660 CRITICAL
JoomSky JS Job Manager <= 2.0.2 - Unrestricted Upload of File with Dangerous Type
CVSS 10.0
CVE-2025-32652 CRITICAL
solacewp Solace Extra - Unrestricted Upload
CVSS 9.9
CVE-2025-27282 CRITICAL
rockgod100 Theme File Duplicator <1.3 - UAFDT
CVSS 9.9
CVE-2025-31339 MEDIUM
Wisdom Master Pro <5.3 - File Upload
CVE-2025-39557 CRITICAL
Kadence WP Kadence WooCommerce Email Designer <1.5.14 - RCE
CVSS 9.1
CVE-2025-39538 MEDIUM
WP-Advanced-Search <3.3.9.3 - Code Injection
CVSS 6.6
CVE-2025-1980 CRITICAL
Symfonia Ready 7.0.0.0-7.19.39.23 & 8.0.0.0-8.0.2.2 - RCE via Profile File Upload
CVE-2025-26927 CRITICAL
WordPress AI Hub <= 1.3.7 - Web Shell Upload Code Execution
CVSS 10.0
CVE-2025-3593 MEDIUM
My-Blog-layui 1.0 - Unrestricted File Upload via Admin Upload Endpoint
CVSS 6.3
CVE-2025-3585 MEDIUM
westboy CicadasCMS 1.0 - Unrestricted File Upload via JSP Parser
CVSS 6.3
CVE-2025-3566 HIGH
veal98 XiaoNiuRou Echo 4.2 - Unrestricted Upload
CVSS 7.3
CVE-2025-3565 MEDIUM
huanfenz StudentManager 1.0 - Unrestricted File Upload via Announcement Management Section
CVSS 4.7
CVE-2025-3558 MEDIUM
ghostxbh uzy-ssm-mall 1.0.0 - Unrestricted File Upload via /mall/user/uploadUserHeadImage
CVSS 6.3
CVE-2025-32579 CRITICAL
SoftClever Limited Sync Posts <1.0 - RCE
CVSS 9.9
CVE-2025-29017 HIGH
Code Astro Internet Banking System 2.0.0 - Remote Code Execution via Profile Picture Upload
CVSS 8.8
CVE-2025-32215 MEDIUM
Ability, Inc Accessibility Suite <4.18 - XSS
CVSS 6.5
CVE-2025-32206 CRITICAL
LABCAT Processing Projects <1.0.2 - RCE
CVSS 9.1
CVE-2025-32202 CRITICAL
Brian Batt - elearningfreak.com - Unrestricted File Upload
CVSS 9.1
CVE-2025-32140 CRITICAL
Nirmal Kumar Ram WP Remote Thumbnail <1.3.1 - RCE
CVSS 9.9
CVE-2025-31002 CRITICAL
Bogdan Bendziukov Squeeze - Unrestricted Upload
CVSS 9.1
CVE-2025-29394 HIGH
verydows 2.0 - Unauthenticated Arbitrary File Upload
CVSS 8.1
CVE-2025-27082 HIGH
AOS-10 GW/AOS-8 - Arbitrary File Write
CVSS 7.2
Details
Vulnerabilities 4,119
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits