Vulnerabilities > Unrestricted Upload of File with Dangerous Type

DATE CVE VULNERABILITY TITLE RISK
2025-02-24 CVE-2024-56897 Unrestricted Upload of File with Dangerous Type vulnerability in Yitechnology YI CAR Dashcam Firmware 3.88
Improper access control in the HTTP server in YI Car Dashcam v3.88 allows unrestricted file downloads, uploads, and API commands.
network
low complexity
yitechnology CWE-434
critical
9.8
2025-02-24 CVE-2025-1598 Unrestricted Upload of File with Dangerous Type vulnerability in Mayurik Best Church Management Software 1.0
A vulnerability was found in SourceCodester Best Church Management Software 1.0.
network
low complexity
mayurik CWE-434
critical
9.8
2025-02-23 CVE-2025-1593 Unrestricted Upload of File with Dangerous Type vulnerability in Mayurik Best Employee Management System 1.0
A vulnerability classified as critical has been found in SourceCodester Best Employee Management System 1.0.
network
low complexity
mayurik CWE-434
critical
9.8
2025-02-23 CVE-2025-1590 Unrestricted Upload of File with Dangerous Type vulnerability in Janobe E-Learning System 1.0
A vulnerability was found in SourceCodester E-Learning System 1.0.
network
low complexity
janobe CWE-434
7.2
2025-02-17 CVE-2025-1388 Orca HCM from LEARNING DIGITAL has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and run web shells
network
low complexity
CWE-434
8.8
2025-02-16 CVE-2025-1355 Unrestricted Upload of File with Dangerous Type vulnerability in Needyamin Library Card System 1.0
A vulnerability was found in needyamin Library Card System 1.0.
network
low complexity
needyamin CWE-434
critical
9.8
2025-02-12 CVE-2024-10960 Unrestricted Upload of File with Dangerous Type vulnerability in Brizy
The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'storeUploads' function in all versions up to, and including, 2.6.4.
network
low complexity
brizy CWE-434
8.8
2025-02-12 CVE-2024-13714 The All-Images.ai – IA Image Bank and Custom Image creation plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the '_get_image_by_url' function in all versions up to, and including, 1.0.4.
network
low complexity
CWE-434
8.8
2025-02-11 CVE-2024-13544 Unrestricted Upload of File with Dangerous Type vulnerability in Amini7 Zarinpal Paid Download
The Zarinpal Paid Download WordPress plugin through 2.3 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)
network
low complexity
amini7 CWE-434
4.8
2025-02-10 CVE-2024-13011 The WP Foodbakery plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'upload_publisher_profile_image' function in versions up to, and including, 4.7.
network
low complexity
CWE-434
critical
9.8