Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2016

2016 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-10425 1000projects Online Student Project Report Submission and Evaluation System student_controller.php unrestricted upload — Online Student Project Report Submission and Evaluation System 7.3 High2025-09-15
CVE-2025-10424 1000projects Online Student Project Report Submission and Evaluation System faculty_controller.php unrestricted upload — Online Student Project Report Submission and Evaluation System 7.3 High2025-09-15
CVE-2025-57176 Ceragon EtherHaul series 安全漏洞 — EtherHaul and MultiHaul Series microwave antennas 6.5 Medium2025-09-15
CVE-2025-10398 fcba_zzm ics-park Smart Park Management System FileUploadUtils.java unrestricted upload — ics-park Smart Park Management System 6.3 Medium2025-09-14
CVE-2025-10371 eCharge Hardy Barth Salia PLCC api.php unrestricted upload — Salia PLCC 7.3 High2025-09-13
CVE-2025-10001 Import any XML, CSV or Excel File to WordPress <= 3.9.3 - Authenticated (Admin+) Limited Unsafe File Upload — WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets 7.2 High2025-09-10
CVE-2025-10049 Responsive Filterable Portfolio <= 1.0.24 - Authenticated (Admin+) Arbitrary File Upload — Responsive Filterable Portfolio 7.2 High2025-09-10
CVE-2025-9872 Ivanti Endpoint Manager 安全漏洞 — Endpoint Manager 8.8 High2025-09-09
CVE-2025-9712 Ivanti Endpoint Manager 安全漏洞 — Endpoint Manager 8.8 High2025-09-09
CVE-2025-10116 SiempreCMS file_upload.php unrestricted upload — SiempreCMS 7.3 High2025-09-09
CVE-2025-9113 Doccure Core <= 1.5.3 - Unauthenticated Arbitrary File Upload — Doccure Core 9.8 Critical2025-09-08
CVE-2025-9112 Doccure <= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Upload — Doccure 8.8 High2025-09-08
CVE-2025-10085 SourceCodester Pet Grooming Management Software manage_website.php unrestricted upload — Pet Grooming Management Software 6.3 Medium2025-09-08
CVE-2025-10083 SourceCodester Pet Grooming Management Software profile.php unrestricted upload — Pet Grooming Management Software 6.3 Medium2025-09-08
CVE-2025-10081 SourceCodester Pet Management System profile.php unrestricted upload — Pet Management System 4.7 Medium2025-09-08
CVE-2025-9515 Multi Step Form <= 1.7.25 - Authenticated (Admin+) Arbitrary File Upload — Multi Step Form 7.2 High2025-09-06
CVE-2025-58819 WordPress Bulk Featured Image plugin <= 1.2.4 - Arbitrary File Upload vulnerability — Bulk Featured Image 9.1 Critical2025-09-05
CVE-2025-6085 Make Connector <= 1.5.10 - Authenticated (Administrator+) Arbitrary File Upload — Make Connector 7.2 High2025-09-04
CVE-2025-9942 CodeAstro Real Estate Management System submitproperty.php unrestricted upload — Real Estate Management System 6.3 Medium2025-09-04
CVE-2025-9941 CodeAstro Real Estate Management System register.php unrestricted upload — Real Estate Management System 6.3 Medium2025-09-04
CVE-2025-20287 Cisco Evolved Programmable Network Manager Arbitrary File Upload Vulnerability — Cisco Evolved Programmable Network Manager (EPNM) 4.3 Medium2025-09-03
CVE-2025-9847 ScriptAndTools Real Estate Management System register.php unrestricted upload — Real Estate Management System 6.3 Medium2025-09-03
CVE-2025-9841 code-projects Mobile Shop Management System AddNewProduct.php unrestricted upload — Mobile Shop Management System 6.3 Medium2025-09-02
CVE-2025-52546 Stored XSS by uploading a specially crafted floor plan file — E3 Supervisory Control 6.1AIMediumAI2025-09-02
CVE-2025-9800 SimStudioAI sim HTML File route.ts import unrestricted upload — sim 6.3 Medium2025-09-01
CVE-2025-9795 xujeff tianti 天梯 UploadController.java ajaxUploadFile unrestricted upload — tianti 天梯 6.3 Medium2025-09-01
CVE-2025-9775 RemoteClinic edit-my-profile.php unrestricted upload — RemoteClinic 7.3 High2025-09-01
CVE-2025-9772 RemoteClinic edit.php unrestricted upload — RemoteClinic 7.3 High2025-09-01
CVE-2025-31100 WordPress School Management Plugin <= 1.93.1 (02-07-2025) - Arbitrary File Upload Vulnerability — School Management 9.9 Critical2025-08-31
CVE-2012-10062 XAMPP WebDAV PHP Upload Authentication Bypass RCE — XAMPP 8.8 -2025-08-30

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2016 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.