CWE-434
Medium likelihoodUnrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
4,119 vulnerabilities with CWE-434
CVE-2025-2819
MEDIUM
GT-SoftControl < 6.0 - Authenticated Unrestricted File Upload and Overwrite via File Selection
CVSS 6.6
CVE-2025-2749
HIGH
KEV
Kentico Xperience < 13.0.178 - Authenticated Remote Code Execution via Staging Sync Server File Upload
CVSS 7.2
CVE-2025-2748
MEDIUM
Kentico Xperience CMS - Unauthenticated Stored XSS
CVSS 6.1
CVE-2025-2706
MEDIUM
Digiwin ERP 5.0.1 - Unrestricted Upload
CVSS 6.3
CVE-2025-2705
HIGH
Digiwin ERP 5.1 - Unrestricted Upload
CVSS 7.3
CVE-2025-2702
MEDIUM
Softwin WMX3 3.1 - Unrestricted Upload
CVSS 6.3
CVE-2025-2687
MEDIUM
PHPGurukul eLearning System 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2025-2671
MEDIUM
Yue Lao Blind Box <4.0 - Unrestricted Upload
CVSS 6.3
CVE-2025-2607
MEDIUM
phplaozhang LzCMS-LaoZhangBoKeXiTong <= 1.1.4 - Unrestricted File Upload via /admin/upload/upimage.html File Parameter
CVSS 6.3
CVE-2025-2606
MEDIUM
Best Church Management Software 1.0 - Unrestricted File Upload via Soulwinning CRUD Photo Parameter
CVSS 6.3
CVE-2025-29411
CRITICAL
Mart Developers iBanking 2.0.0 - Authenticated Remote Code Execution via Arbitrary PHP File Upload
CVSS 9.8
CVE-2025-29405
MEDIUM
emlog 2.5.1-2.5.6 - Arbitrary File Upload via Template Admin Endpoint
CVSS 6.3
CVE-2025-2512
CRITICAL
File Away < 3.9.9.0.1 - Unauthenticated Arbitrary File Upload via upload() Function
CVSS 9.8
CVE-2025-24801
HIGH
GLPI 0.85-10.0.17 - Authenticated Arbitrary PHP File Upload and Execution
CVSS 8.5
CVE-2025-2494
CRITICAL
Sytel Ltd. Softdial Contact Center - Unrestricted File Upload
CVSS 9.8
CVE-2025-2396
HIGH
e-Excellence U-Office Force < 28.0 - Authenticated Arbitrary File Upload and Remote Code Execution
CVSS 8.8
CVE-2025-2350
MEDIUM
Iroadau Fx2 Firmware < 2025-03-08 - Improper Access Control
CVSS 6.3
CVE-2025-2219
HIGH
LoveCards 2.1.1-2.3.2 - Unauthenticated Unrestricted File Upload via /api/upload/image
CVSS 7.3
CVE-2025-2216
MEDIUM
zzskzy Warehouse Refinement Management System 1.3 - Unrestricted File Upload via SaveCrash.ashx
CVSS 6.3
CVE-2025-28915
CRITICAL
ThemeEgg ToolKit <= 1.2.9 - Arbitrary File Upload
CVSS 9.1
CVE-2025-22213
HIGH
Joomla! CMS 4.0.0-4.4.11 & 5.0.0-5.2.4 - Authenticated File Upload via Media Manager
CVE-2025-2115
MEDIUM
zzskzy Warehouse Refinement Management System 3.1 - Unrestricted File Upload via AcceptZip.ashx ProcessRequest
CVSS 6.3
CVE-2025-25361
CRITICAL
PublicCMS v4.0.202406 - Arbitrary File Upload via SVG/XML File
CVSS 9.8
CVE-2025-2035
MEDIUM
s-a-zhd Ecommerce-Website-using-PHP 1.0 - Unrestricted File Upload in Customer Registration
CVSS 6.3
CVE-2025-2031
MEDIUM
ChestnutCMS <= 1.5.2 - Unrestricted File Upload via /dev-api/cms/file/upload
CVSS 6.3
Details
Vulnerabilities
4,119
Exploit Likelihood
Medium