Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2016

2016 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-13595 CIBELES AI <= 1.10.8 - Unauthenticated Arbitrary File Upload — CIBELES AI 9.8 Critical2025-11-25
CVE-2025-13376 ProjectList <= 0.3.0 - Authenticated (Editor+) Arbitrary File Upload — ProjectList 7.2 High2025-11-25
CVE-2023-7330 Ruijie Networks NBR Routers Unauthenticated Arbitrary File Upload via fileupload.php — NBR Series Routers 9.8AICriticalAI2025-11-24
CVE-2025-13574 code-projects Online Bidding System addcategory.php categoryadd unrestricted upload — Online Bidding System 4.7 Medium2025-11-24
CVE-2025-13573 projectworlds can pass malicious payloads add_book.php unrestricted upload — can pass malicious payloads 6.3 Medium2025-11-23
CVE-2025-13544 ashraf-kabir travel-agency customer_register.php unrestricted upload — travel-agency 6.3 Medium2025-11-23
CVE-2025-12973 S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image Generator <= 1.7.8 - Authenticated (Editor+) Arbitrary File Upload — S2B AI Assistant – ChatBot, AI Agents, ChatGPT API, Image Generator 7.2 High2025-11-21
CVE-2025-13156 Vitepos – Point of Sale (POS) for WooCommerce <= 3.3.0 - Authenticated (Subscriber+) Arbitrary File Upload to Remote Code Execution — Vitepos – Point of Sale (POS) for WooCommerce 8.8 High2025-11-21
CVE-2025-11456 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Unauthenticated Arbitrary File Upload — ELEX WordPress HelpDesk & Customer Ticketing System 9.8 Critical2025-11-21
CVE-2025-12138 URL Image Importer <= 1.0.6 - Authenticated (Author+) Arbitrary File Upload — URL Image Importer 8.8 High2025-11-21
CVE-2025-0645 Arbitrary File Upload in Narkom Communication Technologies' Pyxis Signage — Pyxis Signage 7.2 High2025-11-20
CVE-2025-13423 Campcodes Retro Basketball Shoes Online Store admin_product.php unrestricted upload — Retro Basketball Shoes Online Store 4.7 Medium2025-11-19
CVE-2025-13411 Campcodes Retro Basketball Shoes Online Store admin_football.php unrestricted upload — Retro Basketball Shoes Online Store 4.7 Medium2025-11-19
CVE-2025-34329 AudioCodes Fax/IVR Appliance <= 2.6.23 Unauthenticated Backup Upload RCE via ajaxBackupUploadFile.php — AudioCodes Fax/IVR Appliance 9.8AICriticalAI2025-11-19
CVE-2025-34328 AudioCodes Fax/IVR Appliance <= 2.6.23 Unauthenticated File Upload RCE via ajaxScript.php — AudioCodes Fax/IVR Appliance 9.8AICriticalAI2025-11-19
CVE-2025-34330 AudioCodes Fax/IVR Appliance <= 2.6.23 Unauthenticated Prompt File Upload via ajaxPromptUploadFile.php — AudioCodes Fax/IVR Appliance 9.8AICriticalAI2025-11-19
CVE-2025-34336 eGovFramework <= 4.3.1 Unauthenticated File Upload via Web Editor Image Upload Endpoints — eGovFramework/egovframe-common-components 9.1AICriticalAI2025-11-19
CVE-2025-41347 Stored Cross-Site Scripting (XSS) in WinPlus by Informática del Este — WinPlus 8.8AIHighAI2025-11-18
CVE-2025-41735 Possible arbitrary file upload — Energy-Controlling EWIO2-M 8.8 High2025-11-18
CVE-2025-13069 Enable SVG, WebP, and ICO Upload <= 1.1.3 - Authenticated (Author+) Arbitrary File Upload via ICO Upload Bypass — Enable SVG, WebP, and ICO Upload 8.8 High2025-11-18
CVE-2025-12775 WP Dropzone <= 1.1.0 - Authenticated (Subscriber+) Arbitrary File Upload — WP Dropzone 8.8 High2025-11-18
CVE-2025-12528 Pie Forms for WP <= 1.6 - Unauthenticated Arbitrary File Upload — Pie Forms — Drag & Drop Form Builder 8.1 High2025-11-18
CVE-2025-12974 Gravity Forms <= 2.9.21.1 - Unauthenticated Arbitrary File Upload via Legacy Chunked Upload — Gravity Forms 8.1 High2025-11-18
CVE-2025-13275 Iqbolshoh php-business-website about.php unrestricted upload — php-business-website 4.7 Medium2025-11-17
CVE-2025-13249 Jiusi OA OfficeServer unrestricted upload — OA 6.3 Medium2025-11-16
CVE-2025-13238 Bdtask Flight Booking Software Edit Profile edit unrestricted upload — Flight Booking Software 6.3 Medium2025-11-16
CVE-2025-13198 DouPHP file.class.php unrestricted upload — DouPHP 4.7 Medium2025-11-15
CVE-2025-13185 Bdtask/CodeCanyon News365 profile unrestricted upload — News365 4.7 Medium2025-11-14
CVE-2025-13061 itsourcecode Online Voting System index.php unrestricted upload — Online Voting System 6.3 Medium2025-11-12
CVE-2025-12048 Lenovo Scanner Pro 安全漏洞 — Scanner Pro 7.5 High2025-11-12

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2016 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.