Vulnerabilities (CVE)

Filtered by CWE-434
Total 4088 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-32682 2026-06-17 N/A 9.9 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows Upload a Web Shell to a Web Server.This issue affects MapSVG: from n/a through <= 8.6.4.
CVE-2025-32660 1 Joomsky 1 Js Job Manager 2026-06-17 N/A 10.0 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in JoomSky JS Job Manager js-jobs allows Upload a Web Shell to a Web Server.This issue affects JS Job Manager: from n/a through <= 2.0.2.
CVE-2025-32652 2026-06-17 N/A 9.9 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in solacewp Solace Extra solace-extra allows Using Malicious Files.This issue affects Solace Extra: from n/a through <= 1.3.1.
CVE-2025-32579 2026-06-17 N/A 9.9 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in SoftClever Limited Sync Posts sync-posts allows Upload a Web Shell to a Web Server.This issue affects Sync Posts: from n/a through <= 1.0.
CVE-2025-32510 2026-06-17 N/A 10.0 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in ovatheme Ovatheme Events Manager ova-events-manager allows Using Malicious Files.This issue affects Ovatheme Events Manager: from n/a through <= 1.8.4.
CVE-2025-32370 1 Kentico 1 Xperience 2026-06-17 N/A 7.2 HIGH
Kentico Xperience before 13.0.178 has a specific set of allowed ContentUploader file extensions for unauthenticated uploads; however, because .zip is processed through TryZipProviderSafe, there is additional functionality to create files with other extensions. NOTE: this is a separate issue not necessarily related to SVG or XSS.
CVE-2025-32291 2026-06-17 N/A 10.0 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Using Malicious Files.This issue affects SUMO Affiliates Pro: from n/a through < 11.1.0.
CVE-2025-32215 2026-06-17 N/A 6.5 MEDIUM
Unrestricted Upload of File with Dangerous Type vulnerability in Ability, Inc Accessibility Suite online-accessibility allows Stored XSS.This issue affects Accessibility Suite: from n/a through <= 4.18.
CVE-2025-32206 2026-06-17 N/A 9.1 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in LABCAT Processing Projects processing-projects allows Upload a Web Shell to a Web Server.This issue affects Processing Projects: from n/a through <= 1.0.2.
CVE-2025-32202 2026-06-17 N/A 9.1 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in Brian Batt - elearningfreak.com Insert or Embed Articulate Content into WordPress insert-or-embed-articulate-content-into-wordpress allows Upload a Web Shell to a Web Server.This issue affects Insert or Embed Articulate Content into WordPress: from n/a through <= 4.3000000025.
CVE-2025-32140 2026-06-17 N/A 9.9 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in Nirmal Kumar Ram WP Remote Thumbnail wp-remote-thumbnail allows Upload a Web Shell to a Web Server.This issue affects WP Remote Thumbnail: from n/a through <= 1.3.2.
CVE-2025-32118 2026-06-17 N/A 9.1 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in NiteoThemes CMP – Coming Soon & Maintenance cmp-coming-soon-maintenance allows Using Malicious Files.This issue affects CMP – Coming Soon & Maintenance: from n/a through <= 4.1.14.
CVE-2025-32028 1 Psu 1 Haxcms-php 2026-06-17 N/A 9.9 CRITICAL
HAX CMS PHP allows you to manage your microsite universe with PHP backend. Multiple file upload functions within the HAX CMS PHP application call a ’save’ function in ’HAXCMSFile.php’. This save function uses a denylist to block specific file types from being uploaded to the server. This list is non-exhaustive and only blocks ’.php’, ’.sh’, ’.js’, and ’.css’ files. The existing logic causes the system to "fail open" rather than "fail closed." This vulnerability is fixed in 10.0.3.
CVE-2025-31979 2026-06-17 N/A 5.4 MEDIUM
A File Upload Validation Bypass vulnerability has been identified in the HCL BigFix SM, where the application fails to properly enforce file type restrictions during the upload process. An attacker may exploit this flaw to upload malicious or unauthorized files, such as scripts, executables, or web shells, by bypassing client-side or server-side validation mechanisms.
CVE-2025-31916 2026-06-17 N/A 9.0 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in joy2012bd JP Students Result Management System Premium allows Upload a Web Shell to a Web Server. This issue affects JP Students Result Management System Premium: from 1.1.7 through n/a.
CVE-2025-31577 2026-06-17 N/A 6.6 MEDIUM
Unrestricted Upload of File with Dangerous Type vulnerability in appointify Appointify appointify allows Upload a Web Shell to a Web Server.This issue affects Appointify: from n/a through <= 1.0.8.
CVE-2025-31342 2026-06-17 N/A N/A
An unrestricted upload of file with dangerous type vulnerability in the upload file function of Galaxy Software Services Corporation Vitals ESP Forum Module through 1.3 version allows remote authenticated users to execute arbitrary system commands via a malicious file.
CVE-2025-31339 2026-06-17 N/A N/A
An unrestricted upload of file with dangerous type vulnerability in the course management function of Wisdom Master Pro versions 5.0 through 5.2 allows remote authenticated users to craft a malicious file.
CVE-2025-31324 1 Sap 1 Netweaver 2026-06-17 N/A 10.0 CRITICAL
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.
CVE-2025-31100 2026-06-17 N/A 9.9 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in Mojoomla School Management allows Upload a Web Shell to a Web Server.This issue affects School Management: from n/a through 1.93.1 (02-07-2025).