Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2016

2016 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-59118 Apache OFBiz: Critical Remote Command Execution via Unrestricted File Upload — Apache OFBiz 9.8 -2025-11-12
CVE-2025-12846 Blocksy Companion <= 2.1.19 - Authenticated (Author+) Arbitrary File Upload via SVG Upload Bypass — Blocksy Companion 8.8 High2025-11-11
CVE-2025-11170 WP移行専用プラグイン for CPI <= 1.0.2 - Unauthenticated Arbitrary File Upload — WP移行専用プラグイン for CPI 9.8 Critical2025-11-11
CVE-2025-42883 Insecure File Operations vulnerability in SAP NetWeaver Application Server for ABAP (Migration Workbench) — SAP NetWeaver Application Server for ABAP (Migration Workbench) 2.7 Low2025-11-11
CVE-2021-4462 Employee Records System v1.0 Arbitrary File Upload RCE — Employee Records System 9.8 -2025-11-10
CVE-2025-12867 Hundred Plus|EIP Plus - Arbitrary File Uplaod — EIP Plus 7.2 High2025-11-10
CVE-2025-11967 Mail Mint <= 1.18.10 - Authenticated (Admin+) Arbitrary File Upload — Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails 7.2 High2025-11-08
CVE-2025-12399 Alex Reservations: Smart Restaurant Booking <= 2.2.3 - Authenticated (Admin+) Arbitrary File Upload — Alex Reservations: Smart Restaurant Booking 7.2 High2025-11-08
CVE-2025-12161 Smart Auto Upload Images <= 1.2.0 - Authenticated (Contributor+) Arbitrary File Upload — Smart Auto Upload Images – Import External Images 8.8 High2025-11-08
CVE-2025-12862 projectworlds Online Notes Sharing Platform userprofile.php unrestricted upload — Online Notes Sharing Platform 6.3 Medium2025-11-07
CVE-2025-34299 Monsta FTP <= 2.11 Unauthenticated Arbitrary File Upload — Monsta FTP 9.8 -2025-11-07
CVE-2025-12352 Gravity Forms <= 2.9.20 - Unauthenticated Arbitrary File Upload via 'copy_post_image' — Gravity Forms 9.8 Critical2025-11-07
CVE-2025-6327 WordPress King Addons for Elementor plugin <= 51.1.36 - Arbitrary File Upload vulnerability — King Addons for Elementor 8.8 -2025-11-06
CVE-2025-62065 WordPress RTMKit plugin <= 1.6.5 - Arbitrary File Upload vulnerability — RTMKit 8.8 -2025-11-06
CVE-2025-62047 WordPress Case Addons plugin < 1.3.0 - Arbitrary File Upload vulnerability — Case Addons 8.8 -2025-11-06
CVE-2025-62016 WordPress Kallyas theme <= 4.22.0 - Arbitrary File Upload vulnerability — KALLYAS 8.8 -2025-11-06
CVE-2025-60235 WordPress Support Ticket System for WooCommerce plugin <= 2.0.7 - Arbitrary File Upload vulnerability — Support Ticket System for WooCommerce (Premium) 8.8 -2025-11-06
CVE-2025-60207 WordPress Custom User Registration Fields for WooCommerce plugin <= 2.1.2 - Arbitrary File Upload Vulnerability — Custom User Registration Fields for WooCommerce 9.8 -2025-11-06
CVE-2025-60187 WordPress Atarim plugin <= 4.2.1 - Arbitrary File Upload vulnerability — Atarim 8.8 -2025-11-06
CVE-2025-58996 WordPress Advanced Settings Plugin <= 3.1.1 - Arbitrary File Upload Vulnerability — Advanced Settings 8.8 -2025-11-06
CVE-2025-53283 WordPress Drop Uploader for CF7 - Drag&Drop File Uploader Addon Plugin <= 2.4.1 - Arbitrary File Upload Vulnerability — Drop Uploader for CF7 - Drag&Drop File Uploader Addon 9.8 -2025-11-06
CVE-2025-10907 Authenticated Arbitrary File Upload in Multiple WSO2 Products via SOAP Admin Services Leading to Remote Code Execution — WSO2 API Manager 8.4 High2025-11-05
CVE-2025-20375 Cisco Unified Contact Center Express Arbitrary File Upload Vulnerability — Cisco Unified Contact Center Express 6.5 Medium2025-11-05
CVE-2025-20376 Cisco Unified Contact Center Express Remote Code Execution Vulnerability — Cisco Unified Contact Center Express 6.5 Medium2025-11-05
CVE-2025-20354 Cisco Unified Contact Center Express Remote Code Execution Vulnerability — Cisco Unified Contact Center Express 9.8 Critical2025-11-05
CVE-2025-3125 Authenticated Arbitrary File Upload in Multiple WSO2 Products via CarbonAppUploader Admin Service Leading to Remote Code Execution — WSO2 Identity Server 6.7 Medium2025-11-05
CVE-2025-12674 KiotViet Sync <= 1.8.5 - Unauthenticated Arbitrary File Upload — KiotViet Sync 9.8 Critical2025-11-05
CVE-2025-12682 Easy Upload Files During Checkout <= 2.9.8 - Unauthenticated Arbitrary JavaScript File Upload — Easy Upload Files During Checkout 9.8 Critical2025-11-04
CVE-2025-11724 EM Beer Manager <= 3.2.3 - Authenticated (Subscriber+) Arbitrary File Upload — EM Beer Manager 8.8 High2025-11-04
CVE-2025-48396 Eaton Brightlayer Software Suite 安全漏洞 — Eaton Brightlayer Software Suite (BLSS) 8.3 High2025-11-03

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2016 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.