CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,119 vulnerabilities with CWE-434
CVE-2025-26411 HIGH
Wattsense Bridge < 6.1.0 - Authenticated Remote Code Execution via Plugin Manager Python File Upload
CVSS 8.8
CVE-2025-1166 MEDIUM
SourceCodester Food Menu Manager 1.0 - Unrestricted File Upload in endpoint/update.php
CVSS 6.3
CVE-2025-1165 HIGH
Lumsoft ERP 8 - Unrestricted Upload
CVSS 7.3
CVE-2025-1025 HIGH
cockpit-hq/cockpit < 2.4.1 - Arbitrary File Upload via Extension Filter Bypass
CVSS 7.5
CVE-2025-1028 HIGH
WordPress Contact Manager <8.6.4 - File Upload
CVSS 8.1
CVE-2025-24505 HIGH
Symantec Privileged Access Management 3.4.6-4.1.7 - Authenticated Remote Command Execution via Crafted Upgrade File
CVE-2025-23213 HIGH
Tandoor Recipes < 1.5.28 - Unrestricted Upload of Dangerous File Types
CVSS 8.7
CVE-2025-0722 MEDIUM
needyamin image_gallery 1.0 - Unrestricted Upload
CVSS 4.7
CVE-2025-0357 CRITICAL
WPBookit <= 1.6.9 - Unauthenticated Arbitrary File Upload via WPB_Profile_controller::handle_image_upload
CVSS 9.8
CVE-2025-24650 CRITICAL
Themefic Tourfic <= 2.15.3 - Arbitrary File Upload
CVSS 9.1
CVE-2025-0702 MEDIUM
JoeyBling bootplus < 2020-08-24 - Unrestricted File Upload via PortraitFile Argument
CVSS 6.3
CVE-2025-23953 CRITICAL
Innovative Solutions <2.4.2 - Code Injection
CVSS 10.0
CVE-2025-23942 CRITICAL
NgocCode WP Load Gallery <2.1.6 - RCE
CVSS 9.1
CVE-2025-23921 CRITICAL
Multi Uploader for Gravity Forms <1.1.3 - RCE
CVSS 9.0
CVE-2025-23918 CRITICAL
Smallerik File Browser <= 1.1 - Unauthenticated Arbitrary File Upload
CVSS 9.9
CVE-2025-22723 CRITICAL
UkrSolution Barcode Scanner <1.6.7 - Code Injection
CVSS 9.1
CVE-2025-0582 MEDIUM
itsourcecode Farm Management System <1.0 - Unrestricted Upload
CVSS 4.7
CVE-2025-0472 HIGH
PMB < 4.2.13 - Unrestricted File Upload and Information Exposure
CVSS 7.5
CVE-2025-0471 CRITICAL
PMB Platform >= 4.0.10 - Unrestricted File Upload Code Execution
CVSS 9.9
CVE-2025-22782 CRITICAL
Web Ready Now WR Price List Manager For Woocommerce <1.0.9 - Code I...
CVSS 9.9
CVE-2025-0463 MEDIUM
Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0 - Unrestricted File Upload via UsersAjax Module
CVSS 6.3
CVE-2025-0460 HIGH
Blog Botz for Journal Theme 1.0 - Unrestricted Upload
CVSS 7.3
CVE-2025-0394 HIGH
WordPress Groundhogg <= 3.7.3.5 - Author File Upload Code Execution
CVSS 8.8
CVE-2025-0057 MEDIUM
SAP NetWeaver AS JAVA (User Admin Application) - Stored Cross-Site Scripting via Malicious Photo Upload
CVSS 4.8
CVE-2025-0402 MEDIUM
reggie 1.0 - Unrestricted File Upload in CommonController
CVSS 6.3
Details
Vulnerabilities 4,119
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits