CWE-749— Exposed Dangerous Method or Function
154 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-749page 1 of 4
- CVE-2010-0738MEDIUMCVSS 5.3EG 9.0⚠ KEV2010-04-28
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows re…
- CVE-2010-1428HIGHCVSS 7.5EG 9.0⚠ KEV2010-04-28
The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows …
- CVE-2014-0758NONECVSS 0.0EG 0.02014-02-24
An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document.
- CVE-2018-10931CRITICALCVSS 9.8EG 9.82018-08-09
It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in t…
- CVE-2018-19322HIGHCVSS 7.8EG 9.0⚠ KEV2018-12-21
The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read/write data from/to IO ports. This co…
- CVE-2018-8868MEDIUMCVSS 6.2EG 6.42018-07-03
Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the monitor and implantable cardiac device. An a…
- CVE-2018-8949MEDIUMCVSS 4.3EG 4.32018-03-23
An issue was discovered in app/Model/Attribute.php in MISP before 2.4.89. There is a critical API integrity bug, potentially allowing users to delete attributes of other events. A crafted edit for an event (without attribute UUIDs but attr…
- CVE-2019-10918HIGHCVSS 8.8EG 8.82019-05-14
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9…
- CVE-2019-12948HIGHCVSS 8.3EG 8.32019-07-29
A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause…
- CVE-2019-13945MEDIUMCVSS 6.8EG 6.82019-12-12
A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family < V4.x (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants) (Al…
- CVE-2019-18342CRITICALCVSS 9.9EG 9.92019-12-12
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server (CCS) does not properly limit its capabilities to the specified purpose. In co…
- CVE-2019-20923MEDIUMCVSS 6.5EG 6.52020-11-23
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine's internals. This…
- CVE-2019-4386MEDIUMCVSS 6.5EG 6.52019-07-01
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow an authenticated user to execute a function that would cause the server to crash. IBM X-Force ID: 162714.
- CVE-2019-5015HIGHCVSS 7.8EG 7.82019-03-08
A local privilege escalation vulnerability exists in the Mac OS X version of Pixar Renderman 22.3.0's Install Helper helper tool. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would n…
- CVE-2020-10268MEDIUMCVSS 6.1EG 6.12020-06-16
Critical services for operation can be terminated from windows task manager, bringing the manipulator to a halt. After this a Re-Calibration of the brakes needs to be performed. Be noted that this only can be accomplished either by a Kuka …
- CVE-2020-12912MEDIUMCVSS 5.5EG 5.52020-11-12
A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has…
- CVE-2020-12927HIGHCVSS 7.8EG 7.82020-11-12
A potential vulnerability in a dynamically loaded AMD driver in AMD VBIOS Flash Tool SDK may allow any authenticated user to escalate privileges to NT authority system.
- CVE-2020-12928HIGHCVSS 7.8EG 7.82020-10-13
A vulnerability in a dynamically loaded AMD driver in AMD Ryzen Master V15 may allow any authenticated user to escalate privileges to NT authority system.
- CVE-2020-15623CRITICALCVSS 9.8EG 9.82020-07-28
This vulnerability allows remote attackers to write arbitrary files on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_sec…
- CVE-2020-17388HIGHCVSS 8.8EG 8.82020-08-25
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism c…
- CVE-2020-17391MEDIUMCVSS 6.5EG 6.52020-08-25
This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi…
- CVE-2020-2503CRITICALCVSS 9.0EG 9.02020-12-24
If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.
- CVE-2020-27123MEDIUMCVSS 5.5EG 5.52020-11-06
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to read arbitrary files on the underlying operating system of an affected d…
- CVE-2020-3416MEDIUMCVSS 6.7EG 6.72020-09-24
Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenti…
- CVE-2020-3513MEDIUMCVSS 6.7EG 6.72020-09-24
Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenti…
- CVE-2020-8212CRITICALCVSS 9.8EG 9.82020-08-17
Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows access to privileged functionality.
- CVE-2021-26614HIGHCVSS 7.5EG 7.52021-11-22
ius_get.cgi in IpTime C200 camera allows remote code execution. A remote attacker may send a crafted parameters to the exposed vulnerable web service interface which invokes the arbitrary shell command.
- CVE-2021-28809CRITICALCVSS 9.8EG 9.82021-07-08
An improper access control vulnerability has been reported to affect certain legacy versions of HBS 3. If exploited, this vulnerability allows attackers to compromise the security of the operating system.QNAP have already fixed this vulner…
- CVE-2021-33639HIGHCVSS 7.5EG 7.52023-03-08
REMAP cmd of SVM driver can be used to remap read only memory as read-write, then cause read only memory/file modified.
- CVE-2021-34996HIGHCVSS 8.8EG 8.82022-01-13
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be …
- CVE-2021-35243MEDIUMCVSS 5.3EG 5.32021-12-23
The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a us…
- CVE-2021-42128CRITICALCVSS 9.8EG 9.82021-12-07
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service.
- CVE-2022-31491CRITICALCVSS 10.0EG 10.02025-08-22
Voltronic Power ViewPower through 1.04-24215, ViewPower Pro through 2.0-22165, and PowerShield Netguard before 1.04-23292 allows a remote attacker to run arbitrary code via an unspecified web interface related to detection of a managed UPS…
- CVE-2022-36983CRITICALCVSS 9.8EG 9.82023-03-29
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetSettings class. The iss…
- CVE-2022-37365HIGHCVSS 7.8EG 7.82023-03-29
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic…
- CVE-2022-4136CRITICALCVSS 9.8EG 9.82022-11-24
Dangerous method exposed which can lead to RCE in qmpass/leadshop v1.4.15 allows an attacker to control the target host by calling any function in leadshop.php via the GET method.
- CVE-2022-46156HIGHCVSS 7.2EG 7.22022-11-30
The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in t…
- CVE-2023-23840MEDIUMCVSS 6.8EG 6.82023-09-13
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.
- CVE-2023-23845MEDIUMCVSS 6.8EG 6.82023-09-13
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.
- CVE-2023-26478MEDIUMCVSS 6.6EG 6.62023-03-02
XWiki Platform is a generic wiki platform. Starting in version 14.3-rc-1, `org.xwiki.store.script.TemporaryAttachmentsScriptService#uploadTemporaryAttachment` returns an instance of `com.xpn.xwiki.doc.XWikiAttachment`. This class is not su…
- CVE-2023-27363HIGHCVSS 7.8EG 7.82024-05-03
Foxit PDF Reader exportXFAData Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required t…
- CVE-2023-27364HIGHCVSS 7.8EG 7.82024-05-03
Foxit PDF Editor XLS File Parsing Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is require…
- CVE-2023-27365HIGHCVSS 7.8EG 7.82024-05-03
Foxit PDF Editor DOC File Parsing Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is require…
- CVE-2023-33921MEDIUMCVSS 6.8EG 6.82023-06-13
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The affected devices contain an exposed UART console login interface. An attacker with direct phys…
- CVE-2023-34227MEDIUMCVSS 5.3EG 5.32023-05-31
In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks
- CVE-2023-3612HIGHCVSS 8.2EG 8.22023-09-11
Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user dat…
- CVE-2023-3655HIGHCVSS 7.5EG 7.52023-10-03
cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a dangerous methods, that allows to leak the database (system settings, user accounts,...). This vulnerab…
- CVE-2023-3656CRITICALCVSS 9.8EG 9.82023-10-03
cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by an unauthenticated remote code execution vulnerability. This vulnerability can be triggered by an HTTP end…
- CVE-2023-36853HIGHCVSS 7.8EG 7.82023-07-19
In Keysight Geolocation Server v2.4.2 and prior, a low privileged attacker could create a local ZIP file containing a malicious script in any location. The attacker could abuse this to load a DLL with SYSTEM privileges.
- CVE-2023-37330HIGHCVSS 7.8EG 7.82024-05-03
Kofax Power PDF exportAsText Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to e…
Map vulnerabilities like CWE-749 to your infrastructure
EchelonGraph correlates every CVE — across CWE-749 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →