Vulnerabilities > Unrestricted Upload of File with Dangerous Type

DATE CVE VULNERABILITY TITLE RISK
2025-03-30 CVE-2025-2952 Unrestricted Upload of File with Dangerous Type vulnerability in Bluestar Micro Mall 1.0
A vulnerability classified as critical was found in Bluestar Micro Mall 1.0.
network
low complexity
bluestar CWE-434
critical
9.8
2025-03-29 CVE-2025-2249 The SoJ SoundSlides plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the soj_soundslides_options_subpanel() function in all versions up to, and including, 1.2.2.
network
low complexity
CWE-434
8.8
2025-03-24 CVE-2025-2706 A vulnerability classified as critical was found in Digiwin ERP 5.0.1.
network
low complexity
CWE-434
6.3
2025-03-24 CVE-2025-2705 A vulnerability classified as critical has been found in Digiwin ERP 5.1.
network
low complexity
CWE-434
7.3
2025-03-24 CVE-2025-2702 A vulnerability, which was classified as critical, has been found in Softwin WMX3 3.1.
network
low complexity
CWE-434
6.3
2025-03-24 CVE-2025-2687 Unrestricted Upload of File with Dangerous Type vulnerability in PHPgurukul Elearning System 1.0
A vulnerability classified as critical has been found in PHPGurukul eLearning System 1.0.
network
low complexity
phpgurukul CWE-434
critical
9.8
2025-03-23 CVE-2025-2671 A vulnerability was found in Yue Lao Blind Box ???? up to 4.0.
network
low complexity
CWE-434
6.3
2025-03-20 CVE-2024-9920 Unrestricted Upload of File with Dangerous Type vulnerability in Lollms web UI 12
In version v12 of parisneo/lollms-webui, the 'Send file to AL' function allows uploading files with various extensions, including potentially dangerous ones like .py, .sh, .bat, and more.
network
low complexity
lollms CWE-434
8.8
2025-03-19 CVE-2024-45644 IBM Security ReaQta 3.12 allows a privileged user to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
network
low complexity
CWE-434
4.7
2025-03-19 CVE-2025-2512 The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload() function in all versions up to, and including, 3.9.9.0.1.
network
low complexity
CWE-434
critical
9.8