CWE-749— Exposed Dangerous Method or Function
154 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-749page 2 of 4
- CVE-2023-38097HIGHCVSS 8.8EG 7.22024-05-03
NETGEAR ProSAFE Network Management System BkreProcessThread Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE N…
- CVE-2023-38101HIGHCVSS 8.8EG 7.22024-05-03
NETGEAR ProSAFE Network Management System SettingConfigController Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR Pro…
- CVE-2023-38124HIGHCVSS 8.8EG 7.22024-05-03
Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive A…
- CVE-2023-39214HIGHCVSS 7.6EG 7.62023-08-08
Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.
- CVE-2023-39226CRITICALCVSS 9.8EG 9.82023-11-30
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute arbitrary code through a single UDP packet.
- CVE-2023-39468HIGHCVSS 7.2EG 7.22024-05-03
Triangle MicroWorks SCADA Data Gateway DbasSectorFileToExecuteOnReset Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangl…
- CVE-2023-39470HIGHCVSS 7.2EG 7.22024-11-22
PaperCut NG print.script.sandboxed Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to…
- CVE-2023-39493HIGHCVSS 7.8EG 7.82024-05-03
PDF-XChange Editor exportAsText Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is require…
- CVE-2023-39495MEDIUMCVSS 5.5EG 5.52024-05-03
PDF-XChange Editor readFileIntoStream Exposed Dangerous Function Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User inter…
- CVE-2023-39505MEDIUMCVSS 5.5EG 5.52024-05-03
PDF-XChange Editor Net.HTTP.requests Exposed Dangerous Function Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User intera…
- CVE-2023-40150CRITICALCVSS 9.8EG 9.82023-09-11
Softneta MedDream PACS does not perform an authentication check and performs some dangerous functionality, which could result in unauthenticated remote code execution.0
- CVE-2023-40151CRITICALCVSS 10.0EG 10.02023-11-21
When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication c…
- CVE-2023-40500CRITICALCVSS 9.8EG 9.82024-05-03
LG Simple Editor copyContent Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required…
- CVE-2023-40501CRITICALCVSS 9.8EG 9.82024-05-03
LG Simple Editor copyContent Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required…
- CVE-2023-42032HIGHCVSS 7.5EG 7.52024-05-03
Visualware MyConnection Server doRTAAccessUPass Exposed Dangerous Method Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Visualware MyConnectio…
- CVE-2023-42494HIGHCVSS 7.5EG 7.52023-10-25
EisBaer Scada - CWE-749: Exposed Dangerous Method or Function
- CVE-2023-44414CRITICALCVSS 9.8EG 9.82024-05-03
D-Link D-View coreservice_action_script Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Authentication is not …
- CVE-2023-49074HIGHCVSS 7.4EG 7.42024-04-09
A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of network requests can lead to reset to factory setti…
- CVE-2023-49583CRITICALCVSS 9.1EG 9.12023-12-12
SAP BTP Security Services Integration Library ([Node.js] @sap/xssec - versions < 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions …
- CVE-2023-50422CRITICALCVSS 9.1EG 9.12023-12-12
SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successfu…
- CVE-2023-50423CRITICALCVSS 9.1EG 9.12023-12-12
SAP BTP Security Services Integration Library ([Python] sap-xssec) - versions < 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions …
- CVE-2023-50424CRITICALCVSS 9.1EG 9.12023-12-12
SAP BTP Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go) - versions < 0.17.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can…
- CVE-2023-51573CRITICALCVSS 9.8EG 9.82024-04-01
Voltronic Power ViewPower Pro updateManagerPassword Exposed Dangerous Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Voltronic Power ViewPower …
- CVE-2023-51574CRITICALCVSS 9.8EG 9.82024-05-03
Voltronic Power ViewPower updateManagerPassword Exposed Dangerous Method Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Voltronic Power ViewPower. Authe…
- CVE-2023-51575CRITICALCVSS 9.8EG 9.82024-05-03
Voltronic Power ViewPower MonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authenticat…
- CVE-2023-51577HIGHCVSS 7.8EG 7.82024-05-03
Voltronic Power ViewPower setShutdown Exposed Dangerous Method Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower. An attacker m…
- CVE-2023-51578HIGHCVSS 7.5EG 7.52024-05-03
Voltronic Power ViewPower MonitorConsole Exposed Dangerous Method Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Voltronic Power ViewPower. A…
- CVE-2023-51581CRITICALCVSS 9.8EG 9.82024-05-03
Voltronic Power ViewPower MacMonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authenti…
- CVE-2023-51582CRITICALCVSS 9.8EG 9.82024-05-03
Voltronic Power ViewPower LinuxMonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authen…
- CVE-2023-51583CRITICALCVSS 9.8EG 9.82024-05-03
Voltronic Power ViewPower UpsScheduler Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authenticatio…
- CVE-2023-51584HIGHCVSS 8.8EG 8.82024-05-03
Voltronic Power ViewPower USBCommEx shutdown Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Use…
- CVE-2023-5389CRITICALCVSS 9.1EG 9.12024-01-30
An attacker could potentially exploit this vulnerability, leading to the ability to modify files on Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC . This exploit could be used to write a file that may result in unexpected b…
- CVE-2024-12651HIGHCVSS 8.5EG 8.52025-02-14
Exposed Dangerous Method or Function vulnerability in PTT Inc. HGS Mobile App allows Manipulating User-Controlled Variables. This issue affects HGS Mobile App: before 6.5.0.
- CVE-2024-13242CRITICALCVSS 9.1EG 9.12025-01-09
Exposed Dangerous Method or Function vulnerability in Drupal Swift Mailer allows Resource Location Spoofing.This issue affects Swift Mailer: *.*.
- CVE-2024-1873CRITICALCVSS 9.1EG 8.22024-06-06
parisneo/lollms-webui is vulnerable to path traversal and denial of service attacks due to an exposed `/select_database` endpoint in version a9d16b0. The endpoint improperly handles file paths, allowing attackers to specify absolute paths …
- CVE-2024-25675CRITICALCVSS 9.8EG 9.82024-02-09
An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp.
- CVE-2024-27261MEDIUMCVSS 6.4EG 6.42024-04-12
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.2 could allow a privileged user to install a potentially dangerous tar file, which could give them access to subsequent systems where the package was installed. IBM X-Force ID: …
- CVE-2024-27444CRITICALCVSS 9.8EG 9.82024-02-26
langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the __import__, __subclasses__, __builtins__, __globals__, __getattribute__, _…
- CVE-2024-29880MEDIUMCVSS 4.2EG 4.22024-03-21
In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process
- CVE-2024-32764CRITICALCVSS 9.9EG 9.92024-04-26
A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network. We have already fix…
- CVE-2024-35209MEDIUMCVSS 6.2EG 7.52024-06-11
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server is allowing HTTP methods like PUT and Delete. This could allow an attacker to modify unauthorized files.
- CVE-2024-43065HIGHCVSS 7.1EG 7.12025-04-07
Cryptographic issues while generating an asymmetric key pair for RKP use cases.
- CVE-2024-47005HIGHCVSS 8.1EG 8.12024-10-25
Sharp and Toshiba Tec MFPs provide configuration related APIs. They are expected to be called by administrative users only, but insufficiently restricted. A non-administrative user may execute some configuration APIs.
- CVE-2024-4739MEDIUMCVSS 5.3EG 5.32024-10-18
The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the…
- CVE-2024-51992MEDIUMCVSS 4.1EG 4.12024-11-11
Orchid is a @laravel package that allows for rapid application development of back-office applications, admin/user panels, and dashboards. This vulnerability is a method exposure issue (CWE-749: Exposed Dangerous Method or Function) in the…
- CVE-2024-5298HIGHCVSS 8.8EG 8.82024-05-23
D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentica…
- CVE-2024-5299HIGHCVSS 8.8EG 8.82024-05-23
D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is requi…
- CVE-2024-55893MEDIUMCVSS 4.3EG 4.32025-01-14
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forge…
- CVE-2024-55894MEDIUMCVSS 4.3EG 4.32025-01-14
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forge…
- CVE-2024-55920MEDIUMCVSS 4.3EG 4.32025-01-14
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forge…
Map vulnerabilities like CWE-749 to your infrastructure
EchelonGraph correlates every CVE — across CWE-749 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →