CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,119 vulnerabilities with CWE-434
CVE-2025-32028 CRITICAL
haxcms-php 9.0.0-10.0.2 - Unrestricted Upload of File with Dangerous Type via Incomplete Denylist
CVSS 9.9
CVE-2025-3410 MEDIUM
aias 20250308 - Unrestricted File Upload in LocalStorageController
CVSS 6.3
CVE-2025-2525 HIGH
Streamit <= 4.0.1 - Authenticated Arbitrary File Upload via edit_profile Function
CVSS 8.8
CVE-2025-3325 MEDIUM
iteaj iboot 1.1.3 - Improper Access Control in Admin Password Handler
CVSS 4.3
CVE-2025-3324 MEDIUM
godcheese Nimrod 0.8 - Unrestricted File Upload in FileRestController
CVSS 6.3
CVE-2025-32370 HIGH
Kentico Xperience < 13.0.178 - Unauthenticated Arbitrary File Write via ZIP Upload Handler
CVSS 7.2
CVE-2025-1500 MEDIUM
IBM Maximo Application Suite 9.0-<9.0.7 - Authenticated Unrestricted Upload of File with Dangerous Type
CVSS 5.5
CVE-2025-32118 CRITICAL
NiteoThemes CMP - Unrestricted Upload
CVSS 9.1
CVE-2025-3244 MEDIUM
Senior-walter Web-based Pharmacy Product Management System - Improper Access Control
CVSS 6.3
CVE-2025-2780 HIGH
Woffice Core < 5.4.21 - Authenticated Arbitrary File Upload via saveFeaturedImage Function
CVSS 8.8
CVE-2025-3169 MEDIUM
Projeqtor <12.0.2 - Unrestricted Upload
CVSS 5.0
CVE-2025-3123 MEDIUM
WonderCMS 3.5.0 - Unrestricted File Upload in Theme Installation/Plugin Installation
CVSS 4.7
CVE-2025-2005 CRITICAL
Front End Users <= 3.2.32 - Unauthenticated Arbitrary File Upload via Registration Form
CVSS 9.8
CVE-2025-27692 MEDIUM
Dell Wyse Management Suite < 5.1 - Authenticated Unrestricted Upload of File with Dangerous Type
CVSS 4.7
CVE-2025-2891 HIGH
The Real Estate 7 WordPress theme - File Upload
CVSS 8.8
CVE-2025-2008 HIGH
Import Export Suite for CSV and XML Datafeed < 7.19 - Arbitrary File Upload
CVSS 8.8
CVE-2025-3042 MEDIUM
Project Worlds Online Time Table Generator 1.0 - Unrestricted File Upload via pic Parameter
CVSS 6.3
CVE-2025-3041 MEDIUM
Project Worlds Online Time Table Generator 1.0 - Unrestricted File Upload via pic Parameter
CVSS 6.3
CVE-2025-3040 MEDIUM
Project Worlds Online Time Table Generator 1.0 - Unrestricted File Upload via pic Parameter in add_student.php
CVSS 6.3
CVE-2025-31577 MEDIUM
Appointify <= 1.0.8 - Unrestricted Upload of File with Dangerous Type
CVSS 6.6
CVE-2025-2978 MEDIUM
WCMS 11 - Unrestricted File Upload via Article Publishing Page
CVSS 6.3
CVE-2025-2973 MEDIUM
College Management System 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2025-2952 MEDIUM
Bluestar Micro Mall 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2025-2249 HIGH
SoJ SoundSlides <= 1.2.2 - Authenticated Arbitrary File Upload via soj_soundslides_options_subpanel()
CVSS 8.8
CVE-2025-2006 HIGH
Inline Image Upload for BBPress <= 1.1.19 - Arbitrary File Upload via Missing File Extension Validation
CVSS 8.8
Details
Vulnerabilities 4,119
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits